Founded in 1999, Dexcom, Inc. (NASDAQ: DXCM), develops and markets Continuous Glucose Monitoring (CGM) systems for ambulatory use by people with diabetes and by healthcare providers for the treatment of people with diabetes. The company is the leader in transforming diabetes care and management by providing CGM technology to help patients and healthcare professionals better manage diabetes. Since the company's inception, Dexcom has focused on better outcomes for patients, caregivers, and clinicians by delivering solutions that are best in class - while empowering the community to take control of diabetes. Dexcom reported full-year 2021 revenues of $2.48B, a growth of 27% over 2020. Headquartered in San Diego, California, with additional offices in the Americas, Europe, and Asia Pacific, the company employs over 7,000 people worldwide.
Position Summary:
The is an important role responsible for end-to-end execution of Dexcom's Pre-Market Security Process for key Dexcom products as part of our program to strengthen the security of Dexcom's product portfolio coordinating all cybersecurity efforts and resources for a given product line.
The highly collaborative role will represent the product security team and be a security liaison to all Dexcom groups that the Dexcom Product Security Team supports. This role will be responsible for coordination and execution of all product security tasks that occur during product development. This role must understand business and security needs and objectives and ensure both are successfully met.
The candidate should have extensive experience in product ownership and project management and ideally have experience working in a product security organization. Experience in the technical aspects of cybersecurity and a working knowledge of security engineering, security control implementation, and cybersecurity architecture are desired. The ideal candidate will be an effective communicator with technical and non-technical staff alike and quickly able to establish credibility and trust. The candidate must be comfortable leading and guiding at all levels necessary to achieve objectives. The candidate must understand the need to maintain active partnerships and alliances with team members and counterparts to keep lock-stepped with business direction and prepare for successful security integration. The candidate must be capable of understanding when something is not meeting cybersecurity expectations and act with a sense of urgency in order to achieve security objectives.
The role will work alongside highly skilled and passionate cybersecurity professionals. For this role, a candidate would be joining Dexcom's Product Security Team. This team helps design and implement new products and product features for Dexcom's medical device platforms. As a member of the team, the candidate will help review new and existing technologies, identify, and rank potential risks, provide remediation/mitigation suggestions, and document your recommendations for review. The candidate will be responsible for working with the various development teams and product managers to ensure that products are securely designed, deployed to market, and secured post market.
Essential Duties and Responsibilities:
Effectively collaborate with all Dexcom teams with direct accountability to develop and oversee product cybersecurity strategy, vision, and roadmap with a relentless focus on balancing security with usability
Effectively communicate with and influence key stakeholders across the enterprise, at all levels of the organization
Participate in security requirements and design reviews
Review security requirements and design specifications.
Conduct Risk Assessments and identify remediation and mitigation actions
Document technical and compliance cybersecurity issues within products
Analyze vulnerabilities and security gaps then collaborate with development teams to ensure issues are resolved
Follow internal software development, cybersecurity, and validation procedures that comply with medical and security regulations.
Modify test and assessment protocols based on requirement changes
Attend design review meetings to identify and document any potential security risks in cloud, hardware, firmware or mobile software implementations
Work with Development Operations (DevOps) to review currently deployed applications and their supporting infrastructure for potential security risks.
Work with R&D core team members to collaborate on pre-market security task coordination, tracking, and scheduling
Required Qualifications:
Experience - At least 5 years of relevant technical experience and a 4-year degree (or higher)
3 or more years of successful experience as a leader or senior resource in a team in the cybersecurity field
5 or more years demonstrated project management experience
3 or more years product owner experience
Strong leadership skills with the ability to build and lead projects and initiatives
Strong interpersonal skills with the ability to communicate with all levels of management through diplomacy and tact
Excellent oral and written communication skills.
Deep technical expertise and thought leadership to design, implement and accelerate the adoption of the best security operations practices
Someone who loves security and who works to stay aware of new threats and advances in security. Not afraid to question the existing way if a better way exists.
Ability to effectively assess the impact of security vulnerabilities on the organization's product portfolio
Offering leadership and guidance regarding vulnerability response and potential risk to the business
Assigning and populating CVEs, CVSS scoring, etc. as needed and working to ensure vulnerabilities are remediated within their SLAs
Ability to be a team player, leading and following, including the ability to drive projects and initiatives in multiple departments
Demonstrated ability to identify risks associated with business processes, operations, information security programs, and technology projects
The ability to be an enterprise security subject matter expert who can explain technical topics to those without a technical background
Understanding of various cloud solutions and cloud penetration testing methodologies
A strong understanding of various forms of network architecture
Experience with using the common vulnerability scoring system (CVSS)
Preferred Qualifications:
5 successive years as a cybersecurity, infosec, or related area manager or team lead
Experience with governance, standards, and compliance standards/requirements
Experience in the Medical Industry
Professional Security Certifications such as CISSP, CCSP, CISA, CISM, ITIL
Experience with threat modeling and hazard-analysis frameworks such as STAMP, STRIDE, etc.
Experience leveraging the MITRE ATT&CK™ Framework
Strong knowledge of industry standards as they relate to Cloud and Application security management including ISO, NIST, and Cloud Security Alliance (CSA)
Exposure to agile development, DevOps, SecOps, and scrum teams
Experience in the Medical device industry and HIPAA regulations
ARM Reverse Engineering & Exploit Development (including iOS & Android)
Mobile application (iOS/Android) high-level penetration testing
2 or more years penetration testing experience
Wireless protocol testing (Bluetooth & NFC)
Understanding of CMMC, FedRAMP, NIST 800 Series Standards including NIST 800-53, NIST CSF, and CSA CSM.
Experience and Education
Typically requires a Bachelors degree in a technical discipline, and a minimum of 13+ years related experience or a Masters degree and 8+ years equivalent industry experience of a PhD and 5+ years of experience.
Exempt Salary Details
The annual base salary range for this role is $141,800 to $236,400. Final compensation package will ultimately depend on factors including relevant experience, skillset, knowledge, business needs and market demand.
Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.
An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com.
If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com.
View the OFCCP's Pay Transparency Non Discrimination Provision at this link.
UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided: https://transparency-in-coverage.uhc.com/.
To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.
