Staff Cybersecurity Engineer (Application Security and Pentesting)

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the team:

The Dexcom Enterprise Information Security team is seeking a Staff Cybersecurity Engineer - Application Security and Pen Testing to serve as a technical subject matter expert of pen testing and application security. The position will involve leading pen testing and application security capabilities and collaborating with relevant teams to ensure the security of IT applications. The engineer will contribute to the implementation and automation of security measures within the software development lifecycle (SDLC) and deploy security controls and tools to secure the IT application environment.

This position will report to the APAC IT team with a dotted line to the corporate InfoSec Product Security team and will act as a strategic advocate for InfoSec across global applications, infrastructure, and compliance teams. The role offers significant opportunities for career growth as Dexcom’s Information Security program continues to expand globally.

Where you come in:

• You will conduct security reviews of SaaS apps, web apps, and microservices for the APAC region.
• You will perform web application penetration testing on critical applications and services to identify vulnerabilities and validate security controls.
• You will represent InfoSec in local application/system design reviews and code reviews.
• You will manage AppSec technology and integrate and automate security testing tools into the SDLC.
• You will Integrate and automate SAST, SCA, and DAST technology into the SDLC.
• You will establish and promote awareness of application security and secure coding standards.
• You will integrate application security tools into the SIEM and develop correlations.
• You will develop and maintain penetration testing methodologies and reporting standards aligned with industry best practices.
• You will provide consulting and influence other teams to mature application security in APAC.
• You will serve as a local security expert and provide technical leadership to other staff members.

What makes you successful:

• You have a BS/MS in computer science/engineering, IT, or technical field, or equivalent experience.
• Your CISSP, GIAC, or other security certifications are highly desired but not necessary.
• You bring 5+ years of experience in the cybersecurity, IT, or engineering fields with 2+ years in a senior application security engineer role.
• Your strong understanding of AppSec technology such as OWASP, IAM, OAuth, API Gateways, secrets management, WAF, SAST, DAST, open-source security tools, code reviews, etc.
• Your hands-on experience with penetration testing tools and frameworks (e.g., Burp Suite, OWASP ZAP, Metasploit, Kali Linux).
• Your strong understanding of security controls and compliance of SaaS platforms.
• Your proficiency in development technology such as CI/CD, GitHub, microservices, APIs, REST, etc.
• Your deep understanding of web app technologies such as HTML, PHP, Java, and/or Drupal.
• Your ability to work within an Agile/Scrum framework and to manage work in Jira.
• Your proficiency in communicating technical concepts both verbally and in written documentation.
• Your demonstrated success influencing peers/partners without direct authority.

• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.
• A full and comprehensive benefits program.
• Growth opportunities on a global scale.
• Access to career development through in-house learning programs and/or qualified tuition reimbursement.
• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

• 0-5%

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.