Staff Cybersecurity Engineer – Cloud & AI Security

Dexcom

7d•Remote

About The Position

The Company Dexcom Corporation (NASDAQ DXCM) is a pioneer and global leader in continuous glucose monitoring (CGM). Dexcom began as a small company with a big dream: To forever change how diabetes is managed. To unlock information and insights that drive better health outcomes. Here we are 25 years later, having pioneered an industry. And we're just getting started. We are broadening our vision beyond diabetes to empower people to take control of health. That means personalized, actionable insights aimed at solving important health challenges. To continue what we've started: Improving human health. We are driven by thousands of ambitious, passionate people worldwide who are willing to fight like warriors to earn the trust of our customers by listening, serving with integrity, thinking big, and being dependable. We've already changed millions of lives and we're ready to change millions more. Our future ambition is to become a leading consumer health technology company while continuing to develop solutions for serious health conditions. We'll get there by constantly reinventing unique biosensing-technology experiences. Though we've come a long way from our small company days, our dreams are bigger than ever. The opportunity to improve health on a global scale stands before us. Meet the Team: As a Staff Cybersecurity Engineer on the Enterprise Product Security team, you will implement and operationalize security controls across cloud platforms and the software delivery lifecycle. You will partner closely with DevOps, Software Engineering, Infrastructure, Enterprise Architecture, and InfoSec to secure cloud environments, AI services, and applications, and you will contribute as a subject-matter expert in internal technical reviews as needed. The role emphasizes hands‑on engineering, automation, and measurable risk reduction.

Requirements

5+ years total experience in cybersecurity, DevOps, IT, or engineering; 3+ years hands‑on securing public cloud environments.
Demonstrated experience integrating security in DevOps (Terraform/IaC, GitOps, pipeline gates) and building guardrails/policy-as-code.
Understanding of AI model/data risks, prompt hardening, guardrails, and secure patterns; exposure to Vertex AI, Azure AI, Bedrock or demonstrable self‑driven learning.
Strong understanding of cloud security controls (identity, infrastructure, network, encryption, logging/monitoring, backup/recovery, WAF, microsegmentation) across GCP/AWS/Azure.
Proficiency with Terraform and/or HashiCorp Sentinel; source control with GitHub.
Familiarity with ASPM/CNAPP/CSPM tools such as Snyk, Apiiro, Wiz, Invicti.
Automation/scripting experience (Python or Go); Linux administration, shell scripting, containers/Kubernetes, and open‑source security tools.
Proven ability to influence without authority, partnering with DevOps/Engineering to land changes.
Strong written and verbal communication; comfortable documenting standards, patterns, and runbooks.
Typically requires a Bachelor’s degree in a technical discipline, and a minimum of 8-12 years related experience or Master’s degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.
BS/MS in Cybersecurity, Computer Science/Engineering, Information Technology, or related technical field (or equivalent experience).

Nice To Haves

Experience pen testing applications and cloud systems.
Experience building security evaluations for GenAI systems (red‑teaming, jailbreak testing, hallucination minimization).
Familiarity with SecOps AI capabilities to augment detection/response.

Responsibilities

Implement security architecture patterns and security improvements for GCP, AWS, and Azure.
Integrate security checks in CI/CD (e.g., IaC scanning, secrets detection, SAST, SCA, etc.), and configure cloud security guardrails (HashiCorp Sentinel, GCP Org Policies, etc.) to block non‑compliant changes.
Conduct security assessments on cloud workloads, applications, and DevOps stacks; document findings and drive remediation in collaboration with service owners.
Build scalable processes using ASPM/CSPM/SCA/SAST/DAST/IAST; correlate findings from Wiz, Apiiro, Snyk, Qualys; establish alerting, risk‑based prioritization, and remediation workflows.
Deploy and tune posture and threat monitoring for cloud infrastructure and applications; ensure logs, metrics, and traces support rapid investigation.
Implement defenses against prompt injection, data poisoning, model exfiltration, jailbreaks, sensitive information disclosure, etc.
Guide teams on safe GenAI adoption, aligning with InfoSec policies, compliance requirements, and industry best practices.
Support compliance and certification activities by providing evidence during audits and internal reviews.
Evaluate and recommend new security technologies; lead proofs‑of-concept and production hardening, documenting standards and runbooks.
Participate in technical governance forums as a contributor, providing product security guidance and ensuring designs meet baseline controls.

Benefits

A front-row seat to groundbreaking technology that impacts lives around the world.
A full and comprehensive benefits program, including medical, dental, and vision coverage, and wellness programs.
Competitive compensation with performance incentives and opportunities for advancement within a growing, innovative company.
Work-life balance support through flexible work arrangements and generous time-off policies.
Access to in-house training, professional development programs, and opportunities to attend security conferences.
The chance to work in an inclusive, diverse environment that values teamwork, collaboration, and continuous improvement.
The opportunity to connect with the #dexcomwarriors community and contribute to a purpose-driven mission that makes a difference.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume