Staff Product Security Engineer
New York City
MongoDB
Get your ideas to market faster with a developer data platform built on the leading modern database. MongoDB makes working with data easy.The worldwide data management software market is massive (IDC forecasts it to be $138 billion by 2026!). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.
Who You Are
With a strong engineering background, you’re looking for a role that gives you the freedom to help define and implement a modern security engineering function. You’re passionate about building a program that puts a heavy emphasis on customer and engineer experience. You enjoy partnering with different teams to find and implement pragmatic solutions.
Who We Are
The MongoDB Atlas Team is a diverse collection of individuals working together to provide services at global scale. The team is responsible for several products including MongoDB Atlas Cloud, Ops Manager, and the Kubernetes Operator.
The MongoDB Atlas Security Team helps the engineers design, implement, and operate systems in a manner that protects customer data. It is a multidisciplinary team that covers product, software, cloud, infrastructure, and operational security concerns. The team is working to:
- Build a developer driven security program where there is tight integration with engineering artifacts, process, and tooling
- Use software architecture and coding patterns to reduce the impact of security issues
- Be security subject matter experts for our tech stack and products
Responsibilities
- You will take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security
- Advocate for and lead complex security projects from inception through completion
- Drive architecture, patterns, and processes across cloud engineering that make security the easiest path
- Partner closely with engineering teams to design and implement security controls across our software and systems
- Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls
- Serve as a security subject matter expert for software security and architecture
- Partner with cloud detection and response to create new capabilities or respond to security events
- Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one conversations
Requirements
- Deep subject matter expertise in application security or experience across a number of additional security specialties such as detection response or cloud security.
- Demonstrated ability to identify and fix security issues through manual code review, application penetration testing, or red teaming
- Scripting experience and ability to contribute code back to our environments
- Comfortable leading threat modeling and being a security ambassador to other engineering teams
- Communicate complex technical issues in a simple manner that builds trust with a variety of audiences
- A strong sense of ownership and delivery
- Can facilitate a conversation rather than dominate it.
- Skilled at providing courteous actionable feedback, not just a list of flaws
Nice to Haves
- Knowledge of one or more core project languages (Golang, Java, Javascript, Python)
- Docker and Kubernetes operation and security
- Working knowledge of one or more major cloud providers (AWS, GCP, or Azure)
- Experience with large scale environments
Success in this role means
- Taking ownership of one or more security programs such as appsec, cloud, or detect/response
- Seeing projects through from conception to completion in order to deliver new services or capabilities for the team
- Partnering with and collaborating with other engineering teams
- Establishing yourself as a go-to person for discussing security topics
This role can be based out of our New York City office or remotely in the region.
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Azure Cloud Docker GCP Golang Java JavaScript Kubernetes MongoDB Pentesting Product security Python Red team Scripting Security assessment Strategy
Perks/benefits: Career development Fertility benefits Parental leave Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs