Senior Security Engineer - Penetration Testing

Company Summary
DISH Network Technologies India Pvt. Ltd is a technology subsidiary of EchoStar Corporation. Our organization is at the forefront of technology, serving as a disruptive force and driving innovation and value on behalf of our customers.
Our product portfolio includes Boost Mobile (consumer wireless), Boost Mobile Network (5G connectivity), DISH TV (Direct Broadcast Satellite), Sling TV (Over The Top service provider), OnTech (smart home services), Hughes (global satellite connectivity solutions) and Hughesnet (satellite internet).
Our facilities in India are some of EchoStar's largest development centers outside the U.S. As a hub for technological convergence, our engineering talent is a catalyst for innovation in multimedia network and communications development.
Department Summary
Our Technology teams challenge the status quo and reimagine capabilities across industries. Whether through research and development, technology innovation or solution engineering, our people play vital roles in connecting consumers with the products and platforms of tomorrow.
Job Duties and Responsibilities

• Conduct assessments of web applications, mobile applications, databases, client-side applications and tools, and APIs.
• Execute manual and automated code analysis to assess the quality and security of source code.
• Perform pre-assessment research and preparation including reconnaissance, documentation and configuration review, and customer interviews.
• Develop custom tools and exploits.
• Analyze security findings, including risk analysis and root cause analysis.
• Generate comprehensive reports, including detailed findings, exploitation procedures, and mitigations.
• Develop and deliver walkthrough(s), proof(s) of concept (PoCs), articles, and formal presentations.
• Execute verification and validation testing for customer mitigations and fixes.

Skills, Experience and Requirements

• 4+ years of hands-on experience manual pen testing in Web, mobile and API
• Expertise in performing advanced exploitation and post-exploitation attacks
• Prior experience or expertise performing Red team exercises will be a plus
• Experience in writing proof-of-concept exploits and creating custom payloads and modules for common ethical hacking frameworks and tools
• Familiarity with common web vulnerabilities including: XSS, XXE, SQL Injection, Deserialization Attacks, File Inclusion/Path Traversal Attacks, Server-side Request Forgery, Remote Execution Flaws, Server Configuration Flaws and Authentication Flaws
• Experience in testing web-based APIs (i.e. REST, SOAP, XML, JSON).
• Experience in designing and documenting pragmatic remediation guidance for discovered vulnerabilities.
• Experience developing actionable intelligence based on open source intelligence (OSINT) gathering.
• Proficiency in one or more scripting languages. E.g. Perl, Python, Shell Scripting etc.
• Prior experience with reverse engineering, malware analysis and forensic tools will be an added advantage
• Solid understanding of OWASP testing methodology.
• Should have an Engineering degree, CEH, OSC, CEPT certification are good to have.

Benefits

• Insurance and Wellbeing
• Financial & Retiral Benefit Program
• Mental Wellbeing
• Employee Stock Purchase Program (ESPP)
• Professional Development Reimbursement
• Time Off
• Team Outings