← Return to Job Board

Lead AppSec Engineer

Dexcom – SAN DIEGO, CA, United States - Published On 2/25/19


Help Dexcom Save Lives!

Founded in 1999, Dexcom, Inc. provides continuous glucose monitoring (CGM) technology to help patients and their clinicians better manage diabetes. Since our inception, we have focused on better outcomes for patients, caregivers, and clinicians by delivering solutions for people with diabetes - while empowering our community to take control of diabetes. For more information on how Dexcom changes lives, see our Warriors page at

Our success is largely dependent on our culture and the following values:
Listen - We comprehend the needs of people affected by diabetes.
Serve with integrity - Act in the best interest of our community.
Think big - Use technology to revolutionize diabetes care.
Be dependable - Inspire confidence within our community and in one another.

Please see the following video for more information about working for Dexcom:

What we need in our team:
Dexcom is a high-growth, fast-paced environment where you work with leading-edge, cloud-native technologies supporting containerized, microservices-based applications and big data platforms in a DevOps environment. The Dexcom R&D Data team is establishing an information security program to protect multiple web applications, APIs, and a Data Platform and Data Science environment hosted in a public cloud. We’re seeking a Staff Security Engineer (which is one level above Senior Engineer) to design and implement application security controls/services and champion security initiatives across our team. This is a greenfield opportunity where you will help design the security architecture and determine our future roadmap. You will work alongside highly-skilled and passionate innovators who know how to deliver exceptional results while also having some fun along the way.

What you will get to do:
Design, implement and manage application security controls; integrate and automated security tools and testing into the CI/CD pipeline.
Ensure security processes are included in all phases of Software Development Lifecycle (SDLC).
Lead application scanning and penetration testing activities and drive remediation of findings.
Lead the selection and management of static/dynamic code analysis tools.
Perform security assessments and provide recommendations on securing our various web applications and APIs; contribute to secure coding standards and participate in code reviews.
Design and manage application monitoring and forensics capabilities.
Serve as a security expert and provide guidance and technical leadership to other staff members.
Keep abreast of and provide recommendations on emerging AppSec technologies/tools.
Support compliance/certification activities and participate in security audits/reviews.

Must haves:
6+ years’ experience in the cybersecurity, IT, or engineering fields; with at least 2 years in an AppSec role.
Strong understanding of application security domain including OWASP Top Ten, exploitation and defense of web applications and APIs.
Strong understanding of authentication/authorization, OAuth, JWT, secret/key management, and encryption technologies.
Experience with automated software testing, static/dynamic code analysis, whitebox/blackbox testing and the associated open source and/or commercial tools.
Experience developing in modern programming language such as Java, Spark, C# or Python
Ability to work effectively in a cross-functional setting through influence, persuasion, and collaboration; strong communication skills

Nice to haves:
BS/MS in computer science/engineering or equivalent work experience.
Software development experience preferred
Familiarity with regulatory security/privacy standards such as HIPAA, GPDR, NIST or ISO.
CISSP, GIAC or CCSP certification preferred.

How to Apply


This document was retrieved from on Wed, 24 Apr 2019 20:04:38 -0400.