Sr Cybersecurity Engineer - Penetration Testing (Web, Mobile, Cloud)
Dexcom · Bengaluru, Karnataka, India
- On site
- Full-time
- $140,000 / year
- Bengaluru, Karnataka, India
Job highlights
- Conduct penetration tests on diverse platforms.
- Identify and exploit vulnerabilities across systems.
- Collaborate with development for security best practices.
- Develop custom tools and exploits.
- Stay current with security threats and tools.
About the role
About Dexcom
Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.
We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.
Meet the Team
Join Dexcom's Product Security R&D department as a Senior Security Engineer specializing in penetration testing. Our team is dedicated to ensuring the security of our mobile and web applications, cloud infrastructure, APIs, and physical medical devices. You'll work closely with the Director of Cybersecurity Engineering to identify and exploit vulnerabilities across various platforms, including mobile and web applications, cloud environments, APIs, hardware, firmware, and wireless networks. If you're a skilled penetration tester eager to tackle security challenges and make a significant impact using cutting-edge technologies, we want to hear from you.
Where You Come In
- Conduct penetration testing on mobile and web applications, cloud infrastructure, APIs, hardware, firmware, and wireless networks to identify and exploit vulnerabilities.
- Work closely with development teams to provide recommendations on security best practices.
- Develop and execute penetration test plans and reports.
- Research and stay current on the latest security threats and tools.
- Create custom tools and exploits with coding and automation.
What Makes You Successful
- Solid experience in penetration testing.
- Certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS.
- Strong knowledge of OWASP Top 10 (web, mobile, API, etc.) vulnerabilities.
- Experienced with penetration testing tools such as OWASP ZAP, Burp Suite, Nmap, and Kali Linux.
- Proficient with API testing tools like Postman or Swagger.
- Strong understanding of web technologies such as RESTful APIs, framework-based deployments, and backend management.
- Experience with cloud platforms such as GCP and Kubernetes.
- Knowledgeable about cloud security best practices and common misconfigurations.
- Experience with mobile, hardware, firmware, and wireless technologies such as Bluetooth Low Energy (BLE).
- Ability to write and review code in at least one of the following languages: Java, Scala, C#, or similar.
Preferred Qualifications
- Certified Information Systems Security Professional (CISSP) or Certified Ethical Hacker (CEH) certification.
- Experience with security research, bug bounties, zero-day exploits, or creating custom exploits.
- Experience with red teaming exercises.
- Familiarity with threat modeling and risk assessment methodologies.
- Experience with DevOps practices and the secure software development lifecycle.
- Experience or interest in Artificial Intelligence.
Education And Experience Requirements
Typically requires a bachelor’s degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience.
Key Skills/Competency
- Penetration Testing
- Cybersecurity Engineering
- Web Application Security
- Mobile Application Security
- Cloud Security
- API Security
- Vulnerability Assessment
- Exploit Development
- OWASP Top 10
- Kali Linux
Skills & topics
- Cybersecurity Engineer
- Penetration Testing
- Web Security
- Mobile Security
- Cloud Security
- API Security
- Vulnerability Assessment
- Exploit Development
- OWASP Top 10
- Kali Linux
How to get hired
- Tailor your resume: Highlight your penetration testing experience, certifications (OSCP, OSWE, etc.), and knowledge of OWASP Top 10 and tools like Burp Suite.
- Showcase technical skills: Emphasize proficiency in cloud platforms (GCP, Kubernetes), mobile/web security, and coding in Java, Scala, or C#.
- Prepare for technical interviews: Be ready to discuss exploit development, custom tool creation, and cloud security best practices.
- Demonstrate security research: If applicable, mention experience with bug bounties, zero-day exploits, or red teaming exercises.
- Understand Dexcom's mission: Align your application with Dexcom's goal of improving health technology and patient outcomes.
Technical preparation
Behavioral questions
Frequently asked questions
- What are the key technical skills required for the Senior Cybersecurity Engineer role at Dexcom?
- The Senior Cybersecurity Engineer role at Dexcom requires solid experience in penetration testing, a strong understanding of OWASP Top 10 vulnerabilities (web, mobile, API), proficiency with tools like Burp Suite, Nmap, and Kali Linux, and experience with cloud platforms like GCP and Kubernetes. Familiarity with API testing tools and coding in languages such as Java, Scala, or C# is also essential.
- What certifications are preferred for the Senior Cybersecurity Engineer position at Dexcom?
- While not strictly required, certifications such as OSCP, OSWE, OSEP, CPTS, PNPT, INE Certification, or SANS are highly valued for the Senior Cybersecurity Engineer role. Preferred certifications also include CISSP or CEH, along with experience in security research or red teaming.
- How does Dexcom approach security for its products, and what is the role of a Penetration Tester?
- Dexcom is committed to ensuring the security of its mobile and web applications, cloud infrastructure, APIs, and medical devices. As a Senior Cybersecurity Engineer specializing in penetration testing, you will be crucial in identifying and exploiting vulnerabilities across these platforms to strengthen overall product security and protect customer data.
- What is the educational background typically expected for a Senior Cybersecurity Engineer at Dexcom?
- Typically, a bachelor’s degree in a technical discipline is required, along with 5-8 years of related experience. Alternatively, a master’s degree with 2-5 years of experience, or a PhD with 0-2 years of experience, is also considered.
- Does Dexcom offer opportunities for professional development in cybersecurity?
- Dexcom's Product Security R&D department encourages continuous learning. The role involves staying current on the latest security threats and tools, and the preferred qualifications suggest an interest in emerging areas like AI and experience with DevOps, indicating a forward-thinking approach to cybersecurity development.