Sr. Product Cybersecurity Engineer - DevSecOps

Meet the Team

At Dexcom, our Product Security team is pivotal in protecting the integrity and security of our innovative continuous glucose monitoring (CGM) devices. As an Application Security Engineer, you'll collaborate with various cross-functional teams to ensure our software is developed securely, leveraging insights from scanning tools and manual reviews. Join us in our mission to safeguard the technology that empowers better health outcomes.

Where You Come In

• You integrate security tooling across all phases of the software development lifecycle, from CI/CD to production.
• You drive the automation of security processes, ensuring efficient and seamless integration with application teams.
• You collaborate with application teams to interpret, prioritize, and drive remediation of findings from security tools (SAST, DAST, IAST, SCA, SBOM, artifact scanning, container scanning, etc.).
• You design and implement security guardrails within development processes to proactively detect and prevent vulnerabilities.
• You have experience with a variety of DevSecOps tools of the types mentioned above.
• You develop and manage systems for the creation, delivery, and lifecycle management of Software Bill of Materials (SBOMs) across diverse platforms and products.

What Makes You Successful

• You have a strong grasp of the OWASP Top 10 vulnerabilities and effective mitigation strategies.
• You are proficient in securing cloud-based and mobile applications, with a focus on cloud security architectures.
• You can write and review code in at least one of the following languages: Java, Scala, C#, or similar.
• You have experience with DevOps practices and the secure software development lifecycle.
• You constantly seek out opportunities for improvement and stay updated on the latest security threats and tools.
• You are familiar with compliance frameworks and regulated environments (ISO 27001, NIST 800-171, NIST 800-53, etc.).
• You possess excellent oral and written communication skills, with the ability to communicate with all levels of management through diplomacy and tact.
• You provide deep technical expertise to design, implement, and accelerate the adoption of the best security operations practices.
• You ensure the pen testing and threat modeling teams maintain knowledge of security industry innovations, trends, and best practices.
• You are a role model and mentor, helping to coach and strengthen the team's skills.
• You have a passion for security and stay aware of new threats and advances in security, questioning existing methods if a better way exists.
• You assess the initial impact of security vulnerabilities on the organizations product portfolio and offer guidance regarding vulnerability response and potential risk to the business.
• You assign and populate CVEs, CVSS scoring, etc., as needed, and work to ensure vulnerabilities are remediated within their SLAs.
• You evangelize Coordinated Vulnerability Disclosure (CVD), negotiate with suppliers and security researchers, and publish communication of a fix or mitigation via Security Advisories.
• You demonstrate teamwork, leading and following, and the ability to drive projects and initiatives in multiple departments.
• You identify risks associated with business processes, operations, information security programs, and technology projects.
• You are an enterprise security subject matter expert who can explain technical topics to those without a technical background.
• You have experience in vulnerability assessment and penetration testing methodologies.
• You understand various cloud solutions and cloud penetration testing methodologies.
• You have a strong understanding of various forms of network architecture.
• You have experience using a security-based risk scoring system (CVSS).

Education and Experience Requirements:

• Typically requires a bachelor’s degree in a technical discipline, and a minimum of 5-8 years related experience or master’s degree and 2-5 years equivalent industry experience or a PhD and 0-2 years’ experience