Staff Cybersecurity Engineer – Cloud & AI Security 

The Company

Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health.

 

We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us.

Meet the Team: 

As a Staff Cybersecurity Engineer on the Enterprise Product Security team, you will implement and operationalize security controls across cloud platforms and the software delivery lifecycle. You will partner closely with DevOps, Software Engineering, Infrastructure, Enterprise Architecture, and InfoSec to secure cloud environments, AI services, and applications, and you will contribute as a subject-matter expert in internal technical reviews as needed. The role emphasizes hands‑on engineering, automation, and measurable risk reduction.

Where You Come In 

• Implement security architecture patterns and security improvements for GCP, AWS, and Azure. 
• Integrate security checks in CI/CD (e.g., IaC scanning, secrets detection, SAST, SCA, etc.), and configure cloud security guardrails (HashiCorp Sentinel, GCP Org Policies, etc.) to block non‑compliant changes. 
• Conduct security assessments on cloud workloads, applications, and DevOps stacks; document findings and drive remediation in collaboration with service owners. 
• Build scalable processes using ASPM/CSPM/SCA/SAST/DAST/IAST; correlate findings from Wiz, Apiiro, Snyk, Qualys; establish alerting, risk‑based prioritization, and remediation workflows. 
• Deploy and tune posture and threat monitoring for cloud infrastructure and applications; ensure logs, metrics, and traces support rapid investigation. 
• Implement defenses against prompt injection, data poisoning, model exfiltration, jailbreaks, sensitive information disclosure, etc. 
• Guide teams on safe GenAI adoption, aligning with InfoSec policies, compliance requirements, and industry best practices. 
• Support compliance and certification activities by providing evidence during audits and internal reviews. 
• Evaluate and recommend new security technologies; lead proofs‑of‑concept and production hardening, documenting standards and runbooks. 
• Participate in technical governance forums as a contributor, providing product security guidance and ensuring designs meet baseline controls. 

What Makes You Successful 

• 5+ years total experience in cybersecurity, DevOps, IT, or engineering; 3+ years hands‑on securing public cloud environments. 
• Demonstrated experience integrating security in DevOps (Terraform/IaC, GitOps, pipeline gates) and building guardrails/policy-as-code. 
• Understanding of AI model/data risks, prompt hardening, guardrails, and secure patterns; exposure to Vertex AI, Azure AI, Bedrock or demonstrable self‑driven learning. 
• Strong understanding of cloud security controls (identity, infrastructure, network, encryption, logging/monitoring, backup/recovery, WAF, microsegmentation) across GCP/AWS/Azure. 
• Proficiency with Terraform and/or HashiCorp Sentinel; source control with GitHub. 
• Familiarity with ASPM/CNAPP/CSPM tools such as Snyk, Apiiro, Wiz, Invicti. 
• Automation/scripting experience (Python or Go); Linux administration, shell scripting, containers/Kubernetes, and open‑source security tools. 
• Proven ability to influence without authority, partnering with DevOps/Engineering to land changes. 
• Strong written and verbal communication; comfortable documenting standards, patterns, and runbooks. 

Nice-to-Have (Preferred) 

• Experience pen testing applications and cloud systems. 
• Experience building security evaluations for GenAI systems (red‑teaming, jailbreak testing, hallucination minimization). 
• Familiarity with SecOps AI capabilities to augment detection/response. 

What You’ll Get:  

• A front-row seat to groundbreaking technology that impacts lives around the world.  
• A full and comprehensive benefits program, including medical, dental, and vision coverage, and wellness programs.  
• Competitive compensation with performance incentives and opportunities for advancement within a growing, innovative company.  
• Work-life balance support through flexible work arrangements and generous time-off policies.  
• Access to in-house training, professional development programs, and opportunities to attend security conferences.  
• The chance to work in an inclusive, diverse environment that values teamwork, collaboration, and continuous improvement.  
• The opportunity to connect with the #dexcomwarriors community and contribute to a purpose-driven mission that makes a difference.  

  

Travel Required:

• 0-5%

Experience and Education Requirements:

• Typically requires a Bachelor’s degree in a technical discipline, and a minimum of 8-12 years related experience or Master’s degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.
• BS/MS in Cybersecurity, Computer Science/Engineering, Information Technology, or related technical field (or equivalent experience). 

Remote Workplace: Your location will be a home office; you are not required to live within commuting distance of your assigned Dexcom site (typically 75 miles/120km). If you reside within commuting distance of a Dexcom site (typically 75 miles/120km) a hybrid working environment may be available. Ask about our Flex workplace option.

Please note: The information contained herein is not intended to be an all-inclusive list of the duties and responsibilities of the job, nor are they intended to be an all-inclusive list of the skills and abilities required to do the job. Management may, at its discretion, assign or reassign duties and responsibilities to this job at any time. The duties and responsibilities in this job description may be subject to change at any time due to reasonable accommodation or other reasons. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. 

An Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability. Dexcom’s AAP may be viewed upon request by contacting Talent Acquisition at talentacquisition@dexcom.com. 

If you are an individual with a disability and would like to request a reasonable accommodation as part of the employment selection process, please contact Dexcom Talent Acquisition at talentacquisition@dexcom.com. 

Meritain, an Aetna Company, creates and publishes the Machine-Readable Files on behalf of Dexcom. To link to the Machine-Readable Files, please click on the URL provided:  https://health1.meritain.com/app/public/#/one/insurerCode=MERITAIN_I&brandCode=MERITAINOVER/machine-readable-transparency-in-coverage?reportingEntityType=TPA_19874&lock=true

To all Staffing and Recruiting Agencies: Our Careers Site is only for individuals seeking a job at Dexcom. Only authorized staffing and recruiting agencies may use this site or to submit profiles, applications or resumes on specific requisitions. Dexcom does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to the Talent Acquisition team, Dexcom employees or any other company location. Dexcom is not responsible for any fees related to unsolicited resumes/applications.
 

Salary:

$156,400.00 - $260,600.00