Information Security Engineer, Vulnerability Management and Systems Security
New York City
Posted 2 weeks ago
MongoDB is seeking a passionate Security Engineer to help expand MongoDB’s Security Program and help us mature our posture with respect to Vulnerability Management and Systems Security.
This is an exciting opportunity to be a key member of our Security Team. The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems and company, and to help establish trust in our product offerings and cloud services.
Your focus will be on Systems Security and Vulnerability Management across our systems, services and devices used by our employees and used to offer our services. You will work directly with internal stakeholders to understand internal systems and develop pragmatic controls to harden systems, a means to measure control-drift, and a vulnerability management plan to be used to identify known vulnerabilities and identify appropriate means to resolve vulnerabilities.
This is a both a hands-on role as well as a role where you will lead by influencing other teams and assisting them in coming into compliance with our regulatory and internal requirements.
This is a critically important role to help scale out the Information Security Program for a recently Public breakthrough company that is disrupting a $40B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help secure our company. This position is based out of our New York City Headquarters.
The right candidate for this role will have:
- A background in Information Security fundamentals and direct experience working in a Security role for 3+ years
- Hands-on experience configuring and operating tools related to system security hardening and/or vulnerability management
- An understanding of Windows and Linux Systems Security
- A good grasp of current threat intelligence and modern attacker exploits
- Direct experience in identifying known vulnerabilities in systems and working with teams to remediate identified vulnerabilities
- A firm understanding of networking protocols
- An entrepreneurial spirit; you enjoy challenges across broad range of disciplines
- Experience interfacing with technical and non-technical persons on Information Security Topics
- Work with internal stakeholders to develop pragmatic System and Vulnerability Management policies. Advise on common approaches, tooling and industry best practices
- Educate Engineers and Product teams on the importance of System Hardening and Vulnerability Management
- Rapidly understand and assess new technologies
- Drive continual maturity improvements with respect to the Information Security program in general
- Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
- Communicate complex technical issues simply to different audiences
- Ability to write, defend, and execute on your findings
- Assist the larger Information Security team on general activities, such as architecture reviews and risk related assessments.
- Review compliance and regulatory requirements (e.g., FedRAMP, PCI DSS, etc), and assist in accomplishing required tasks to ensure we are compliant with requirements
The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:
- People: Collaborate to secure our infrastructure and products with fellow engineers in various departments
- Organization: Ability to manage multiple parallel efforts and prioritize risk based upon understanding and interpreting business needs
- Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources
- Research: Research modern approaches to offensive and defensive processes, tooling and techniques
- Creative: Find creative yet simple solutions to complex problems with technical requirements
“MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws”