Director Cybersecurity Engineering
Dexcom, Inc

Job Info

---

About Dexcom

Founded in 1999, Dexcom, Inc. (NASDAQ: DXCM), develops and markets Continuous Glucose Monitoring (CGM) systems for ambulatory use by people with diabetes and by healthcare providers for the treatment of people with diabetes. The company is the leader in transforming diabetes care and management by providing CGM technology to help patients and healthcare professionals better manage diabetes. Since the company's inception, Dexcom has focused on better outcomes for patients, caregivers, and clinicians by delivering solutions that are best in class - while empowering the community to take control of diabetes. Dexcom reported full-year 2022 revenues of $2.9B, a growth of 18% over 2021. Headquartered in San Diego, California, with additional offices in the Americas, Europe, and Asia Pacific, the company employs over 8,000 people worldwide.

Meet the team:

Dexcom is seeking a Director of Product Security Engineering, reporting to the Chief Product Security Officer. The role will serve as a key member of the product security leadership team, and as an expert advisor to the VP of Product Security Engineering.

This is a technical leadership role that covers the security spectrum from building to breaking in order to ensure that our products and operating environments are secure from the start and remain resilient to an ever-evolving threat. Your team is globally responsible for product security operations, infrastructure security, DevSecOps security testing, security automation, penetration testing, security research, and security training. The Director of Product Security Engineering will play a lead role in overseeing the Dexcom Secure Development Lifecycle which ensures that Dexcom products are secure by design.

Where you come in:

• Mature our Secure Software Development Lifecycle and educate and onboard product teams for consistent adoption.
• Experience leading a team that proactively assesses security risk through technical deep dives, , requirements, design, and implementation reviews
• Be a security advocate and subject matter expert within the organization and be able to effectively communicate security risk and concepts to both technical and non-technical audiences
• Help improve security tooling, automation, processes and how product teams approach security in their day to day work
• Collaborate closely with the Security, Legal, Privacy, IT, QA, RA and R&D/Engineering teams to to ensure the security of Dexcom Products
• Monitor our DevSecOps security testing efforts and custom monitoring tools for security quality defects and help triage and prioritize and oversee and enforce remediation
• Evolve policy around our SDLC to ensure security practices are embedded in all aspects of product design and development.
• Providing role-based training and guidance for software, cloud and hardware security
• Work closely with Product Management to develop security requirements and acceptance criteria that clearly describe customer requested security features, capabilities and opportunities for growth initiatives
• Have responsibility for ensuring product security related adherence to evolving regulatory landscape.
• Comprehensive experience in selecting, operating, and rationalizing security tooling for common security processes
• Proficiency in web and application security frameworks and best practices (OWASP, BSIMM).

What makes you successful:

• 7 or more years cyber security management experience
• Partnering with our Education, Awareness, and Training function to provide ongoing training and support of development teams in the areas of tools, responsiveness, and processes
• Experience with product security and medical regulations since the medical industry is highly regulated.
• In depth knowledge of firmware, IoT, and hardware security as well as cloud security.
• Container & VM Security Experience
• AI Tool / Prompt Engineering Experience with Gemini, OpenAI ChatGPT and/or others
• Experience in supply chain security
• Demonstrated knowledge of identity and access management
• System design and programming & Threat modeling, secure code review experience
• Hands on Security automation experience deploying and managing DAST, SAST, IAST, Fuzzing and other DevSecOps controls in CI/CD Pipelines
• Deep technical expertise and thought leadership to implement and accelerate the adoption of the very best cyber engineering practices
• Hands-on penetration testing experience and experience managing penetration testers
• Experience managing DevSecOps and Security Operations/SOC teams
• Experience in the medical industry is preferred but not required

You understand software/firmware/application testing concepts such as:

• Low-level hardware attacks including fault-injection & side-channel attacks
• High-Level hardware attacks such as identification & analysis of serial communications
• Bare-metal firmware reverse engineering

You have 3 or more years of experience with Cloud Infrastructure Penetration Testing and IOT & Firmware Device Penetration Testing experience

What you'll get:

• A front row seat to life changing CGM technology. Learn about our brave #dexcomwarriors community.
• A full and comprehensive benefits program.
• Growth opportunities on a global scale.
• Access to career development through in-house learning programs and/or qualified tuition reimbursement.
• An exciting and innovative, industry-leading organization committed to our employees, customers, and the communities we serve.

Travel Required:

• 15-25%

Experience and Education Requirements:

• Typically requires a Bachelor's degree with 15+ years of industry experience
• Requires a degree in a technical discipline
• 9+ years of successful management experience in relevant industry
• 7+ years cybersecurity management experience including experience managing Security Operations, DevSecOps and penetration testing teams as well as 3+ years product security experience
• Professional Security Certifications such as CISSP, SANS GIAC, CISM, OSCP, CEH
• Cloud Computing certifications i.e. CCSK, and Certs for GCP
• Experience with threat modeling and hazard-analysis frameworks such as STAMP, STRIDE, etc.
• Experience with Security Standards and Frameworks including NIST 800-53, HIPAA, NIST CSF, CMMC, ISO 27001, CSA CCM
• Understanding of DevSecOps concepts, tools and processes
• Experienced in Security Training & Awareness & Incident Response planning and execution

Remote Workplace:

• Your location will be a home office; you are not required to live within commuting distance of your assigned Dexcom site (typically 75 miles/120km). If you reside within commuting distance of a Dexcom site (typically 75 miles/120km) a hybrid working environment may be available. Ask about our Flex workplace option.

Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com.

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com.

View the OFCCP's Pay Transparency Non Discrimination Provision at this link.

Meritain, an Aetna Company, creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided: https://health1.meritain.com/app/public/#/one/insurerCode=MERITAIN_I&brandCode=MERITAINOVER/machine-readable-transparency-in-coverage?reportingEntityType=TPA_19874&lock=true

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.

Salary:
$190,100.00 - $316,800.00

This job has expired.