Sr Staff Product Owner, Product Security at Dexcom, Inc

Posted in Other 2 days ago.

Location: San Diego, California

Job Description:

About Dexcom

Founded in 1999, Dexcom, Inc. (NASDAQ: DXCM), develops and markets Continuous Glucose Monitoring (CGM) systems for ambulatory use by people with diabetes and by healthcare providers for the treatment of people with diabetes. The company is the leader in transforming diabetes care and management by providing CGM technology to help patients and healthcare professionals better manage diabetes. Since the company's inception, Dexcom has focused on better outcomes for patients, caregivers, and clinicians by delivering solutions that are best in class - while empowering the community to take control of diabetes. Dexcom reported full-year 2021 revenues of $2.48B, a growth of 27% over 2020. Headquartered in San Diego, California, with additional offices in the Americas, Europe, and Asia Pacific, the company employs over 7,000 people worldwide.

Position Summary:

The is an important role responsible for end-to-end execution of Dexcom's Pre-Market Security Process for key Dexcom products as part of our program to strengthen the security of Dexcom's product portfolio coordinating all cybersecurity efforts and resources for a given product line.

The highly collaborative role will represent the product security team and be a security liaison to all Dexcom groups that the Dexcom Product Security Team supports. This role will be responsible for coordination and execution of all product security tasks that occur during product development. This role must understand business and security needs and objectives and ensure both are successfully met.

The candidate should have extensive experience in product ownership and project management and ideally have experience working in a product security organization. Experience in the technical aspects of cybersecurity and a working knowledge of security engineering, security control implementation, and cybersecurity architecture are desired. The ideal candidate will be an effective communicator with technical and non-technical staff alike and quickly able to establish credibility and trust. The candidate must be comfortable leading and guiding at all levels necessary to achieve objectives. The candidate must understand the need to maintain active partnerships and alliances with team members and counterparts to keep lock-stepped with business direction and prepare for successful security integration. The candidate must be capable of understanding when something is not meeting cybersecurity expectations and act with a sense of urgency in order to achieve security objectives.

The role will work alongside highly skilled and passionate cybersecurity professionals. For this role, a candidate would be joining Dexcom's Product Security Team. This team helps design and implement new products and product features for Dexcom's medical device platforms. As a member of the team, the candidate will help review new and existing technologies, identify, and rank potential risks, provide remediation/mitigation suggestions, and document your recommendations for review. The candidate will be responsible for working with the various development teams and product managers to ensure that products are securely designed, deployed to market, and secured post market.

Essential Duties and Responsibilities:

  • Effectively collaborate with all Dexcom teams with direct accountability to develop and oversee product cybersecurity strategy, vision, and roadmap with a relentless focus on balancing security with usability

  • Effectively communicate with and influence key stakeholders across the enterprise, at all levels of the organization

  • Participate in security requirements and design reviews

  • Review security requirements and design specifications.

  • Conduct Risk Assessments and identify remediation and mitigation actions

  • Document technical and compliance cybersecurity issues within products

  • Analyze vulnerabilities and security gaps then collaborate with development teams to ensure issues are resolved

  • Follow internal software development, cybersecurity, and validation procedures that comply with medical and security regulations.

  • Modify test and assessment protocols based on requirement changes

  • Attend design review meetings to identify and document any potential security risks in cloud, hardware, firmware or mobile software implementations

  • Work with Development Operations (DevOps) to review currently deployed applications and their supporting infrastructure for potential security risks.

  • Work with R&D core team members to collaborate on pre-market security task coordination, tracking, and scheduling

Required Qualifications:

  • Experience - At least 5 years of relevant technical experience and a 4-year degree (or higher)

  • 3 or more years of successful experience as a leader or senior resource in a team in the cybersecurity field

  • 5 or more years demonstrated project management experience

  • 3 or more years product owner experience

  • Strong leadership skills with the ability to build and lead projects and initiatives

  • Strong interpersonal skills with the ability to communicate with all levels of management through diplomacy and tact

  • Excellent oral and written communication skills.

  • Deep technical expertise and thought leadership to design, implement and accelerate the adoption of the best security operations practices

  • Someone who loves security and who works to stay aware of new threats and advances in security. Not afraid to question the existing way if a better way exists.

  • Ability to effectively assess the impact of security vulnerabilities on the organization's product portfolio

  • Offering leadership and guidance regarding vulnerability response and potential risk to the business

  • Assigning and populating CVEs, CVSS scoring, etc. as needed and working to ensure vulnerabilities are remediated within their SLAs

  • Ability to be a team player, leading and following, including the ability to drive projects and initiatives in multiple departments

  • Demonstrated ability to identify risks associated with business processes, operations, information security programs, and technology projects

  • The ability to be an enterprise security subject matter expert who can explain technical topics to those without a technical background

  • Understanding of various cloud solutions and cloud penetration testing methodologies

  • A strong understanding of various forms of network architecture

  • Experience with using the common vulnerability scoring system (CVSS)

Preferred Qualifications:

  • 5 successive years as a cybersecurity, infosec, or related area manager or team lead

  • Experience with governance, standards, and compliance standards/requirements

  • Experience in the Medical Industry

  • Professional Security Certifications such as CISSP, CCSP, CISA, CISM, ITIL

  • Experience with threat modeling and hazard-analysis frameworks such as STAMP, STRIDE, etc.

  • Experience leveraging the MITRE ATT&CK™ Framework

  • Strong knowledge of industry standards as they relate to Cloud and Application security management including ISO, NIST, and Cloud Security Alliance (CSA)

  • Exposure to agile development, DevOps, SecOps, and scrum teams

  • Experience in the Medical device industry and HIPAA regulations

  • ARM Reverse Engineering & Exploit Development (including iOS & Android)

  • Mobile application (iOS/Android) high-level penetration testing

  • 2 or more years penetration testing experience

  • Wireless protocol testing (Bluetooth & NFC)

  • Understanding of CMMC, FedRAMP, NIST 800 Series Standards including NIST 800-53, NIST CSF, and CSA CSM.

Experience and Education

  • Typically requires a Bachelors degree in a technical discipline, and a minimum of 13+ years related experience or a Masters degree and 8+ years equivalent industry experience of a PhD and 5+ years of experience.

Exempt Salary Details

  • The annual base salary range for this role is $141,800 to $236,400. Final compensation package will ultimately depend on factors including relevant experience, skillset, knowledge, business needs and market demand.

Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom's AAP may be viewed upon request by contacting Talent Acquisition at

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at

View the OFCCP's Pay Transparency Non Discrimination Provision at this link.

UnitedHealthcare creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided:

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.
More jobs in San Diego, California


San Diego State University

San Diego State University
More jobs in Other

Memorial Healthcare System

Memorial Healthcare System

Memorial Healthcare System