Sr Cybersecurity Engineer - Penetration Testing

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the Team

Join Dexcom's Product Security R&D department as a Senior Security Engineer specializing in penetration testing. Our team is dedicated to ensuring the security of our mobile and web applications, cloud infrastructure, APIs, and physical medical devices. You'll work closely with the Director of Cybersecurity Engineering to identify and exploit vulnerabilities across various platforms, including mobile and web applications, cloud environments, APIs, hardware, firmware, and wireless networks. If you're a skilled penetration tester eager to tackle security challenges and make a significant impact using cutting-edge technologies, we want to hear from you.

Where You Come In

• You conduct penetration testing on mobile and web applications, cloud infrastructure, APIs, hardware, firmware, and wireless networks to identify and exploit vulnerabilities.
• You work closely with development teams to provide recommendations on security best practices.
• You develop and execute penetration test plans and reports.
• You research and stay current on the latest security threats and tools.
• You create custom tools and exploits with coding and automation.

What Makes You Successful

• You have solid experience in penetration testing.
• You hold certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS.
• You possess strong knowledge of OWASP Top 10 (web, mobile, API, etc.) vulnerabilities.
• You are experienced with penetration testing tools such as OWASP ZAP, Burp Suite, Nmap, and Kali Linux.
• You are proficient with API testing tools like Postman or Swagger.
• You have a strong understanding of web technologies such as RESTful APIs, framework-based deployments, and backend management.
• You have experience with cloud platforms such as GCP and Kubernetes.
• You are knowledgeable about cloud security best practices and common misconfigurations.
• You have experience with mobile, hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE).
• You can write and review code in at least one of the following languages: Java, Scala, C#, or similar.

Preferred Qualifications

• You hold a Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification.
• You have experience with security research, bug bounties, zero-day exploits, or creating custom exploits.
• You have experience with red teaming exercises.
• You are familiar with threat modeling and risk assessment methodologies.
• You have experience with DevOps practices and the secure software development lifecycle.
• You have experience or interest in Artificial Intelligence.

Education and Experience Requirements:

• Typically requires a bachelor’s degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.