Staff Cybersecurity Engineer at Dexcom in Dallas, TX

Position Summary:

The Dexcom IT Department is expanding its cybersecurity program by adding a Staff Cybersecurity Engineer to design, implement and manage security technology such as networksecurity (firewalls, DMZs, NAC and segmentation), endpoint security (patching, hardening, anti-malware, etc.), asset management and monitoring, SIEM, passive vulnerability scanning, and intrusion detection systems to secure a hybrid computing environment that directly supports Dexcom's manufacturing and operations functions across multiple manufacturing plants and facilities. The position will also conduct security assessments, implement security controls, establish security standards and runbooks, develop threat detection/response and forensics capabilities, and provide technical direction for security operations and incident response investigations. The position offers opportunity for career advancement and additional responsibilities as the security function expands.

Essential Duties and Responsibilities:

• Designs and implements security controls and systems aligned to NIST CSF and IEC 62443 to achieve the security program goals.
• Serves as lead engineer on assigned security technologies and services, ensures service uptime and reliability, troubleshoots service disruptions, investigates root causes and implements corrective actions and controls.
• Conducts threat modeling and security assessments, determines security requirements and specifications, and develops security solutions to satisfy design requirements.
• Serves as technical lead and guides other technical staff and stakeholders to implement security technology, while also considering and anticipating people and process factors.
• Drives results by instilling a sense of urgency and by using influence, communication, and collaboration across technical teams.
• Serves as technical lead of security operations and directs analysts in supporting asset management and monitoring systems, vulnerability management, intrusion detection systems and endpoint security systems.
• Serves as technical lead on OT security infrastructure and operations projects.
• Produces internal documentation, requirements, design specifications, system and network diagrams, runbooks, etc.
• Assesses OT and ICS security practices and recommends and implements process improvements.
• Stays abreast of the security industry, events and technologies and ensures security systems stay current and responsive to emerging threats and trends.
• Supports security awareness and training activities as needed.

Required Qualifications:

• Typically requires a Bachelor's degree in a technical discipline, and a minimum of 8-12 years related experience or Master's degree and 5-7 years equivalent industry experience or a PhD and 2-4 years of experience.
• Expert knowledge in selected domains of cybersecurity such as network security and segmentation, firewalls, DMZs, network access control (NAC), endpoint security and hardening, anti-malware, passive asset discovery and monitoring, vulnerability management, SIEM, and threat detection and response systems.
• Strong understanding of networking, network security, and network security technologies.
• Experience managing and securing Windows, Linux, and embedded systems.
• Project management skills and ability to drive results across cross-functional teams.
• Demonstrated success in influencing technical peers without direct authority to achieve results.
• Proficiency in communicating technical concepts both verbally and in written documentation.
• Ability to provide technical direction to other cybersecurity engineers and analysts.
• Willingness to travel and conduct assessments and deliver projects in different geographies.

Preferred Qualifications:

• 4+ years of experience in a security engineering role.
• Understanding of manufacturing environments and OT, ICS, SCADA, and PLC technology.
• Familiarity with OT security frameworks such as NIST CSF, IEC-62443 and/or the Purdue model.
• Experience in security operations, forensics, and incident response.
• Security certification such as CISSP, CISM, SANS/GIAC, GCIP, GICSP, GRID, etc.
• Ability to develop basic scripts in languages such as PowerShell, Python, Java, etc.

Functional Description: Technical Individual Contributor

Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities. Designs and develops security features for products including systems, applications and/or solutions. Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle. Provides product security engineering recommendations and resolves integration and testing issues. Builds a standardized set of security product requirements and produces metrics to report performance against those requirements. Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of securityevents. Detects and mitigates securityrisks, responds to product security incidents, and works with customers regarding product security related issues. Leads or participates in securityarchitecture and design review meetings.

Travel Required:

• 25%

Functional/Business Knowledge:

• Possesses advanced knowledge of technical principles and theories. Recommends solutions in support of functional objectives tied to overall company objectives and strategies.

Scope:

• Demonstrates significant technical expertise, collaboration with others and independent thought. Anticipates potential complex problems requiring an in-depth evaluation. Demonstrates strategic thinking and commercial/industry understanding in functional projects.

Judgement:

• Exercises judgment in selecting methods, techniques and evaluation criteria for obtaining results.
• Determines methods and procedures on new assignments and may coordinate activities of other colleagues.