Sr Cybersecurity Engineer - Penetration Testing (Hardware & Firmware)

Meet the Team

Join Dexcom's Product Security R&D department as a Senior Security Engineer specializing in penetration testing. Our team is dedicated to ensuring the security of our mobile and web applications, cloud infrastructure, APIs, and physical medical devices. You'll work closely with the Director of Cybersecurity Engineering to identify and exploit vulnerabilities across various platforms, including mobile and web applications, cloud environments, APIs, hardware, firmware, and wireless networks. If you're a skilled penetration tester eager to tackle security challenges and make a significant impact using cutting-edge technologies, we want to hear from you.

Where You Come In

• You conduct penetration testing on mobile and web applications, cloud infrastructure, APIs, hardware, firmware, and wireless networks to identify and exploit vulnerabilities.
• You work closely with development teams to provide recommendations on security best practices.
• You develop and execute penetration test plans and reports.
• You research and stay current on the latest security threats and tools.
• You create custom tools and exploits with coding and automation.

What Makes You Successful

• You have solid experience in penetration testing.
• You hold certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS.
• You possess strong knowledge of OWASP Top 10 (web, mobile, API, etc.) vulnerabilities.
• You are experienced with penetration testing tools such as OWASP ZAP, Burp Suite, Nmap, and Kali Linux.
• You are proficient with API testing tools like Postman or Swagger.
• You have a strong understanding of web technologies such as RESTful APIs, framework-based deployments, and backend management.
• You have experience with cloud platforms such as GCP and Kubernetes.
• You are knowledgeable about cloud security best practices and common misconfigurations.
• You have experience with mobile, hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE).
• You can write and review code in at least one of the following languages: Java, Scala, C#, or similar.

Preferred Qualifications

• You hold a Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification.
• You have experience with security research, bug bounties, zero-day exploits, or creating custom exploits.
• You have experience with red teaming exercises.
• You are familiar with threat modeling and risk assessment methodologies.
• You have experience with DevOps practices and the secure software development lifecycle.
• You have experience or interest in Artificial Intelligence.

Education and Experience Requirements:

• Typically requires a bachelors degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience