Staff Cybersecurity Engineer
Dexcom, Inc

Job Info

---

About Dexcom

Founded in 1999, Dexcom, Inc. (NASDAQ: DXCM), develops and markets Continuous Glucose Monitoring (CGM) systems for ambulatory use by people with diabetes and by healthcare providers for the treatment of people with diabetes. The company is the leader in transforming diabetes care and management by providing CGM technology to help patients and healthcare professionals better manage diabetes. Since the company's inception, Dexcom has focused on better outcomes for patients, caregivers, and clinicians by delivering solutions that are best in class - while empowering the community to take control of diabetes. Dexcom reported full-year 2021 revenues of $2.48B, a growth of 27% over 2020. Headquartered in San Diego, California, with additional offices in the Americas, Europe, and Asia Pacific, the company employs over 7,000 people worldwide.

Essential Duties and Responsibilities:

• Review cloud and mobile use case architecture to ensure we design confidentiality, integrity, resiliency, and privacy into our products
• Attend design review meetings to identify and document any potential security risks in a cloud or mobile implementation.
• Work with Development Operations (DevOps) to review currently deployed applications and their supporting infrastructure for potential security risks.
• Create,
• Document any findings and recommendations for formal review.
• Identify security-based controls to mitigate any potential risks identified during a security review.
• Advise DevOps team members on security best-practices

Required Qualifications:

• 6+ years' Experience creating security-based threat models for Cloud Applications
• 3 - 6 years' Experience working in a Cloud Environment (GCP, Azure, AWS)
• 3 - 6 years' Experience working in a Mobile Environment (Android, iOS)
• Experience with using a security-based risk scoring system (CVSS)
• Experience with threat modeling and hazard-analysis frameworks such as STAMP, STRIDE etc.
• Knowledge of OWASP top ten vulnerabilities for web applications and APIs
• Experience with a common scripting language (Python, Bash)

Preferred Qualifications:

• Experience leveraging the MITRE ATT&CK™ Framework
• Experience working with Google Cloud Provider (GCP)
• Experience working with common network appliances such as a Web Application Firewall (WAF), SIEM, traditional Firewall, API Gateways, or Load Balancers.
• Previous Web Application development experience
• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• Cloud Computing certifications such as CCSK, AWS, Azure, and GCP a plus
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• Exposure to agile development, DevOps, SecOps and scrum teams
• Familiarity with threat modeling tools such as ThreatModeler, IrisRisk, Threagile
• Experience in Medical device industry and HIPAA regulations

Functional Description

Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities. Designs and develops security features for products including systems, applications and/or solutions. Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle. Provides product security engineering recommendations and resolves integration and testing issues. Builds a standardized set of security product requirements and produces metrics to report performance against those requirements. Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events. Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues. Leads or participates in security architecture and design review meetings.

Functional/Business Knowledge

• Possesses advanced knowledge of technical principles and theories. Recommends solutions in support of functional objectives tied to overall company objectives and strategies.

Scope

• Demonstrates significant technical expertise, collaboration with others and independent thought. Anticipates potential complex problems requiring an in-depth evaluation. Demonstrates strategic thinking and commercial/industry understanding in functional projects.

Judgement

• Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
• Determines methods and procedures on new assignments and may coordinate activities of other colleagues.

Management

• N/A

Field Sales

• N/A

Experience and Education

• Typically requires a Bachelors degree in a technical discipline, and a minimum of 8-12 years related experience or Masters degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com.

View the OFCCP's Pay Transparency Non Discrimination Provision at this link.

UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided: https://transparency-in-coverage.uhc.com/.

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.

This job has expired.