Application Security Engineer - Sling TV
Sling TV L.L.C. provides an over-the-top (internet delivered) television experience on TVs, tablets, gaming consoles, computers, smartphones, smart TVs and other streaming devices. Distributed across a variety of strategic device partners, including Google, Amazon, Apple TV, Microsoft, Roku, Samsung, LG, Comcast, and many others, Sling TV offers two primary domestic streaming services that collectively include more than 100 channels of top content. Featured programmers include Disney/ESPN, Fox, NBC, AMC, A&E, EPIX, NFL Network, NBA TV, NHL Networks, Pac-12 Networks, Hallmark, Viacom, and more. For Spanish-speaking customers, Sling Latino offers a suite of standalone and extra Spanish-programming packages tailored to the U S. Hispanic market. And for those seeking International content, Sling International currently provides more than 300 channels in 20 languages (available across multiple devices) to U.S. households.
Sling TV is the #1 Live TV Streaming Service Sling TV is a next-generation service that meets the entertainment needs of today’s contemporary viewers. Visit www.Sling.com. We are driven by curiosity, pride, adventure, and a desire to win – it’s in our DNA. We’re looking for people with boundless energy, intelligence, and an overwhelming need to achieve to join our team as we embark on the next chapter of our story.
Opportunity is here. We are Sling.
Job Duties and Responsibilities
What would you say… you’ll do here?
Sling Software Engineering is currently seeking an experienced Application Security Engineer to support the organization’s efforts to identify and remediate application security risks, evangelize security best practices, and help educate the larger engineering team on security fundamentals. You will work with various teams (Software, Architecture, DevOps, Quality and more..) to support security at all stages of the software development life cycle.
Analyze user requirements to develop secure software design and architectural requirements.
Assist in supporting the software developed by the Sling IT engineering group.
Create and maintain documentation describing system architecture and security controls.
Provide hands on code-level help to the engineering team mitigate discovered vulnerabilities in a timely manner.
Review static analysis results and provide remediation guidance when needed.
Define Sling-specific security best practices and integrate them with our coding standards library and application playbooks.
Work with the larger IT Security group to help support their initiatives within the Sling IT organization.
Build security scanning and validation into our automated pipelines to help drive a DevOps to DevSecOps transformation across the engineering team.
Skills - Experience and Requirements
A successful Security Engineer will have the following:
- 5+ years of professional software development experience. Experience with Node.js, Java and/or Spring is preferred.
- 5+ years of application security and secure coding experience in large scale environments.
- Thorough understanding of the OWASP Top 10 and SANS / CWE Top 25 coding standards.
- Significant experience with securing and integrating with cloud-based managed services.
- Proven ability to improve security posture in existing legacy applications as well as define greenfield application security strategies.
- Experience developing or supporting internet-facing web applications or services.
- Solid understanding of security concepts and secure coding techniques.
- Experience using static analysis tools such as WhiteHat, Fortify or CheckMarx.
- Ability to align and/or prioritize security goals with business goals.
- BS/MS in Computer Science (or equivalent experience)
- Technical aptitude and critical thinking skills, the ability to come up with creative outside-of-the-box solutions.
- Strong written and verbal communication skills – including the ability to translate the impact of complex security risks/concerns to the senior IT executive leadership team.
- Understanding of US regulations and data-protection guidelines and standards.
- Some leadership experience (getting projects/tasks done leading a small team)
- CSSLP, CISSP, CISM or other relevant information security industry certification preferred.