Sr Product Cybersecurity Engineer - DevSecOps

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the Team

At Dexcom, our Product Security team is pivotal in protecting the integrity and security of our innovative continuous glucose monitoring (CGM) devices. As an Application Security Engineer, you'll collaborate with various cross-functional teams to ensure our software is developed securely, leveraging insights from scanning tools and manual reviews. Join us in our mission to safeguard the technology that empowers better health outcomes.

Where You Come In

• You integrate security tooling across all phases of the software development lifecycle, from CI/CD to production.
• You drive the automation of security processes, ensuring efficient and seamless integration with application teams.
• You collaborate with application teams to interpret, prioritize, and drive remediation of findings from security tools (SAST, DAST, IAST, SCA, SBOM, artifact scanning, container scanning, etc.).
• You design and implement security guardrails within development processes to proactively detect and prevent vulnerabilities.
• You have experience with a variety of DevSecOps tools of the types mentioned above.
• You develop and manage systems for the creation, delivery, and lifecycle management of Software Bill of Materials (SBOMs) across diverse platforms and products.

What Makes You Successful

• You have a strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies.
• You are proficient in securing cloud-based and mobile applications, with a focus on cloud security architectures.
• You can write and review code in at least one of the following languages: Java, Scala, C#, or similar.
• You have experience with DevOps practices and the secure software development lifecycle.
• You constantly seek out opportunities for improvement and stay updated on the latest security threats and tools.
• You are familiar with compliance frameworks and regulated environments (ISO 27001, NIST 800-171, NIST 800-53, etc.).
• You possess excellent oral and written communication skills, with the ability to communicate with all levels of management through diplomacy and tact.
• You provide deep technical expertise to design, implement, and accelerate the adoption of the best security operations practices.
• You ensure the pen testing and threat modeling teams maintain knowledge of security industry innovations, trends, and best practices.
• You are a role model and mentor, helping to coach and strengthen the team's skills.
• You have a passion for security and stay aware of new threats and advances in security, questioning existing methods if a better way exists.
• You assess the initial impact of security vulnerabilities on the organization’s product portfolio and offer guidance regarding vulnerability response and potential risk to the business.
• You assign and populate CVEs, CVSS scoring, etc., as needed, and work to ensure vulnerabilities are remediated within their SLAs.
• You evangelize Coordinated Vulnerability Disclosure (CVD), negotiate with suppliers and security researchers, and publish communication of a fix or mitigation via Security Advisories.
• You demonstrate teamwork, leading and following, and the ability to drive projects and initiatives in multiple departments.
• You identify risks associated with business processes, operations, information security programs, and technology projects.
• You are an enterprise security subject matter expert who can explain technical topics to those without a technical background.
• You have experience in vulnerability assessment and penetration testing methodologies.
• You understand various cloud solutions and cloud penetration testing methodologies.
• You have a strong understanding of various forms of network architecture.
• You have experience using a security-based risk scoring system (CVSS).

Education and Experience Requirements:

• Typically requires a bachelor’s degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.