About Dexcom:Dexcom, Inc. empowers people to take control of diabetes through innovative continuous glucose monitoring (CGM) systems. Headquartered in San Diego, California, Dexcom has emerged as a leader of diabetes care technology. By listening to the needs of users, caregivers, and providers, Dexcom simplifies and improves diabetes management around the world.Summary:Dexcom is a high-growth, fast-paced environment where you work with leading-edge, cloud-native technologies supporting containerized, microservices-based applications and big data platforms in a DevOps environment. We're seeking a Staff Security Engineer (which is one level above Senior Engineer) to design and implement application security controls/services and champion security initiatives across our team. As a member of the R cybersecurity team, this individual prototypes and leads engineering efforts around security and privacy in the data platform/data science publicly hosted cloud environment.This is an almost greenfield opportunity where you will help design the security architecture and determine our future roadmap. You will work alongside highly-skilled and passionate innovators who know how to deliver exceptional results while also having some fun along the way. In this work, you may specify, evaluate, or recommend new platform security or privacy features. You will interact with platform engineers, platform cybersecurity SMEs, and mobile app teams to design or create features that reduce risk.Essential Duties and Responsibilities:Evaluate, design, implement, and recommend security controls around the Dexcom data platform and associated platform servicesSupport and take technical leadership in security projects that support teams in the PlatformServe as a cybersecurity and privacy engineer SME and provide guidance Support compliance/certification activities and participate in security audits/reviewsKeep abreast of and provide recommendations on emerging security technologies/toolsServe as SME in threat modelingLead in the application of static/dynamic analysis toolsParticipate in security assessments and provide recommendations on securing various web applications and APIs; contribute to secure coding standards and participate in code reviewsDesign and manage application monitoring and forensics capabilitiesKeep abreast of and provide recommendations on emerging AppSec technologies/toolsRequired Qualifications: Has strong cybersecurity background in CS, cybersecurity, IT, or engineering fieldsPrevious experience as a developer, security architect, or security engineerComfortable in working in cloud environment to design and implement security controlsAble to identify gaps and then enable team to address those gapsPreferred Qualifications: IoT experienceExperience in cloud computing systems including AWS, GCP, Azure or othersStrong understanding of application security domain including OWASP top ten, exploitation and defense of web applications and APIsStrong understanding of authentication/authorization, OAuth, JWT, key management, and applied cryptographyExperience in developing in a modern programming language including one or more of Java, OCaml, Haskell, Spark, Rust, Dart, Go, C#, or PythonExperience and Education Requirements:Typically requires a Bachelor's degree in a technical discipline, and a minimum of 8-12 years related experience or Master's degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.Travel Required: Up to 25%Functional Description: Technical Individual ContributorPerforms security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities. Designs and develops security features for products including systems, applications and/or solutions. Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle. Provides product security engineering recommendations and resolves integration and testing issues. Builds a standardized set of security product requirements and produces metrics to report performance against those requirements. Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events. Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues. Leads or participates in security architecture and design review meetings.Functional/Business Knowledge: Possesses advanced knowledge of technical principles and theories. Recommends solutions in support of functional objectives tied to overall company objectives and strategies.Scope:Demonstrates significant technical expertise, collaboration with others and independent thought. Anticipates potential complex problems requiring an in-depth evaluation. Demonstrates strategic thinking and commercial/industry understanding in functional projects.Judgement:Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.Determines methods and procedures on new assignments and may coordinate activities of other colleagues.#LI-BA1An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against on the basis of disability.If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Talent Acquisition at all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.
Associated topics: cybersecurity, forensic, identity, information security, information technology security, malicious, protect, security analyst, security engineer, vulnerability