Vulnerability Management & DevSecOps Engineer II

Company Summary
EchoStar is reimagining the future of connectivity. Our business reach spans satellite television service, live-streaming and on-demand programming, smart home installation services, mobile plans and products.
Today, our brands include Boost Mobile, DISH TV, Gen Mobile, Hughes and Sling TV.
Department Summary
Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our team members play a vital role in connecting consumers with the products and platforms of tomorrow.
Job Duties and Responsibilities
Candidates must be willing to participate in at least one in-person interview, which may include a live whiteboarding or technical assessment session.
Key Responsibilities:

• Help architect, implement, and manage automated security tooling (e.g., SAST, DAST, IaC, container scanning, AI Security) across the SDLC, integrating with developer environments, CI/CD pipelines, and production systems
• Assist with maturing a comprehensive vulnerability management program, overseeing scanning, risk assessment, reporting, and remediation across applications, infrastructure, and third-party dependencies
• Partner with engineering and product teams to embed secure development practices from design through deployment, providing expert guidance and integration support
• Establish and refine vulnerability tracking and reporting processes, enabling rapid awareness, prioritization, and resolution of security issues through coordinated efforts across teams
• Assist with refining and enforcing security policies and guardrails as code for cloud environments (AWS, Azure, GCP), ensuring automated enforcement of secure configurations and practices
• Drive cross-functional collaboration with Dev, Ops, and InfoSec teams, incident support, automation solutions, and reporting to strengthen the organization's security posture and culture
• Execution of regular asset discovery and vulnerability assessment scanning, interpret results, create and distribute reporting, educate and guide stakeholders, and prioritize remediation efforts based on risk
• Provide expert guidance and integration support to empower asset owners to avoid risks and prevent risks from reaching production environments
• Participate in incident response activities related to vulnerabilities and misconfigurations, assisting with root cause analysis and mitigating control implementation

Skills, Experience and Requirements
Education and Experience:

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree or security certifications (CISSP, CSSLP, GCSA, CCSP) preferred
• 2+ years of experience in DevSecOps and Vulnerability Management, with a strong record of technical leadership and program maturity
• Deep hands-on experience with application security tools (e.g., SCA, SAST, DAST, IaC, Secrets, Container Scanning, AI Security) and integration into development workflows (e.g., Snyk, Veracode, SonarQube, Prisma)
• Proficient in asset discovery and vulnerability scanning tools (e.g., Tenable, Rapid7, Palo Alto Cortex/Prisma/XSIAM/XSOAR), including report creation and dashboarding; XQL experience a plus
• Familiar with Docker, Kubernetes, and their security implications, as well as development and project management tools like Jira, Confluence, and ServiceNow

Skills and Qualifications:

• Skilled in scripting and automation, with strong proficiency in Python (required) and familiarity with Bash, PowerShell, Go, and JavaScript; experienced with CI/CD pipelines and tools like Jenkins, GitLab, GitHub Actions, and Azure DevOps
• Strong experience in cloud and application security, including AWS, Azure, GCP, Terraform, OWASP Top 10/API Top 10, and vulnerability frameworks like SANS Top 25, KEV, and EPSS
• Proven ability to be a top performer in dynamic environments, managing projects, prioritizing tasks, and driving results with minimal direction
• Excellent communicator and collaborator, able to influence stakeholders and tailor messaging for both technical and non-technical audiences
• Continuously learning and highly adaptable, with a strong security mindset, curiosity, and a commitment to knowledge sharing, documentation, and organizational success

Salary Ranges
Compensation: $72,400.00/Year - $103,400.00/Year
Benefits
We offer versatile health perks, including flexible spending accounts, HSA, a 401(k) Plan with company match, ESPP, career opportunities, and a flexible time away plan; all benefits can be viewed here: DISH Benefits .
The base pay range shown is a guideline. Individual total compensation will vary based on factors such as qualifications, skill level, and competencies; compensation is based on the role's location and is subject to change based on work location.
Candidates need to successfully complete a pre-employment screen, which may include a drug test and DMV check. Our company is committed to fostering an inclusive and equitable workplace where every individual has the opportunity to succeed. We are dedicated to providing individuals with criminal or arrest records a fair chance of employment in accordance with local, state, and federal laws.
The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.