Sr Cybersecurity Engineer

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the team:

Dexcom is seeking a Senior Security Engineer with experience in penetration testing and code automation to join our team to help ensure the security of our web applications, cloud infrastructure, and APIs. The ideal candidate will have expertise in identifying and exploiting vulnerabilities in web applications, cloud environments, and APIs, with a focus on assessing and securing against potential threats, in addition to DevSecOps or coding and automation experience such as creating custom tools and integrations. This position will report to the Director Cybersecurity Engineering under the Product Security R&D department.  If you are a talented and experienced penetration tester looking for a challenging opportunity to work with cutting-edge technologies and make a real impact on our organization's security posture, we would love to hear from you.

Where you come in:

• You will conduct penetration testing on web applications, cloud infrastructure, and APIs to identify and exploit vulnerabilities 

• Work closely with development teams to provide recommendations on security best practices 

• Develop and execute penetration test plans and reports 

• Research and stay current on the latest security threats and tools

• Create custom tools and integrations with coding and automation

• Assist the DevSecOps team with automation and coding integrations

What makes you successful:

• 5+ years of experience in penetration testing 

• Familiarity with OWASP Top 10 vulnerabilities 

• Experience with penetration testing tools such as OWASP ZAP, Burp Suite, and Nmap 

• Strong understanding of web technologies such as RESTful APIs, framework based deployments, and backend management 

• Experience with cloud platforms such as GCP and Kubernetes 

• Strong knowledge of web application security concepts and common vulnerabilities (e.g. OWASP Top 10) 

• Familiarity with cloud security best practices and common misconfigurations 

• Experience with API testing tools like Postman or Swagger 

• Knowledge of mobile, hardware, firmware, and wireless technologies such as BLE is a plus

• Experience writing and reviewing code in at least 1 of the following languages: Java, Scala, C# or similar

Preferred Qualifications: 

• Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification 

• Experience with mobile application security testing 

• Experience or interest with Artificial Intelligence 

• Knowledge of hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE) 

• Certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, SANS 

• Experience with red teaming exercises 

• Familiarity with threat modeling and risk assessment methodologies 

• Experience with DevOps practices and the secure software development lifecycle  

What you’ll get:

• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.

• A full and comprehensive benefits program.

• Growth opportunities on a global scale.

• Access to career development through in-house learning programs and/or qualified tuition reimbursement.

• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

Travel Required:

• 0-5%

Experience and Education Requirements:

• Typically requires a Bachelor’s degree in a technical discipline, and a minimum of 5-8 years related experience or Master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years experience.

Remote Workplace: Your location will be a home office; you are not required to live within commuting distance of your assigned Dexcom site (typically 75 miles/120km). If you reside within commuting distance of a Dexcom site (typically 75 miles/120km) a hybrid working environment may be available. Ask about our Flex workplace option.

Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. 

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom’s AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com. 

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com. 

View the OFCCP's Pay Transparency Non Discrimination Provision at this link. 

Meritain, an Aetna Company, creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided:  https://health1.meritain.com/app/public/#/one/insurerCode=MERITAIN_I&brandCode=MERITAINOVER/machine-readable-transparency-in-coverage?reportingEntityType=TPA_19874&lock=true

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.
 

Salary: