About Dexcom:
Founded in 1999, Dexcom, Inc. provides continuous glucose monitoring technology to help patients and their clinicians better manage diabetes. Since our inception, we have focused on better outcomes for patients, caregivers, and clinicians by delivering solutions for people with diabetes - while empowering our community to take control of diabetes.
Position Summary:
The Dexcom IT Department is seeking a Senior Staff Cybersecurity Engineer - Enterprise Product Security to serve as a hands-on security architect, technical lead of enterprise product security, and implementor of security controls across cloud, DevOps, and software development domains. The position will partner with SMEs across the Information Security (Infosec), DevOps and Applications teams to secure the IT department's rapidly growing cloud, microservices and enterprise applications environments. The position will represent product security interests in the Technology Advisory Group (TAG) and Solution Review Board (SRB) meetings. The position will establish security architecture, document security standards, and influence adoption of security best practices in a fast-pace, high-growth environment.
Essential Duties and Responsibilities:
• Establish security architecture and best practices for securing public cloud platforms (GCP, AWS, Azure) and DevOps technology stacks (Kubernetes, containers, serverless).
• Partner with DevOps to implement cloud security "landing zones" where security controls are codified in Terraform and all changes to the cloud environment are made via Gitops.
• Perform security assessments of cloud or DevOps technology deployments.
• Integrate security checks into CI/CD pipelines and develop Policy as Code using Hashicorp Sentinel or similar technologies.
• Design security monitoring and threat detection systems for cloud and container environments.
• Integrate cloud/DevOps security tools into the SIEM (Splunk) and implement processes for alerting and remediation anomalous activities.
• Support cloud compliance/certification activities and participate in security audits/reviews.
• Provide consulting and influence other teams to mature product security capabilities.
• Serve as a security expert and provide technical leadership to other staff members.
• Help establish appsec capabilities and integrate SAST/DAST tools into the build pipeline.
Required Qualifications:
• BS/MS in computer science/engineering, information technology, or technical field.
• 8+ years of experience in the cybersecurity, IT, or engineering fields; with 4+ years in a senior security engineer or higher role.
• Strong understanding of security controls/services in public cloud environments.
• Strong understanding of GCP, AWS, and Kubernetes networking and network security.
• Experience in technologies such as Terraform/TFC, Gitlab or Github, Sentinel, Vault, Jenkins, Cloud Build, Twistlock, Splunk, Apigee, GCP, AWS, encryption, access keys and key hygiene, secrets management, IAM, K8s, and/or containers.
• Ability to work within an Agile/Scrum framework and to manage work in Jira.
• Proficient in automation and scripting in a programming language such as Python or Go.
• Experience with Linux administration, shell scripting, containers, and open source security tools.
• Demonstrated success in influencing peers/partners without direct authority.
• Proficiency in communicating technical concepts both verbally and in written documentation.
#LI-REMOTE
#LI-AP1
Functional Description
Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities. Designs and develops security features for products including systems, applications and/or solutions. Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle. Provides product security engineering recommendations and resolves integration and testing issues. Builds a standardized set of security product requirements and produces metrics to report performance against those requirements. Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events. Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues. Leads or participates in security architecture and design review meetings.
Functional/Business Knowledge
Subscribe to job alerts and upload your resume!
*By registering with our site, you agree to our
Terms and Privacy Policy.