Senior Application Security Engineer

MongoDB is seeking a passionate Application Security Engineer to help expand MongoDB’s Application Security Program and assist in general Security needs.

This is an exciting opportunity to be a key member of our Security Team. The MongoDB Security Team heads up the Information Security Program for MongoDB Inc; helping to reduce risk in our systems and company, and to help establish trust in our product offerings and cloud services.

Your focus will be on Application Security; starting from day one you will work on a team responsible for all of the company’s applications and tools and work on ways to identify technical issues and reduce risk. This is a hands-on role, some days it may be code reviews, penetration tests, security recommendations, developer education (CTFs), or developing tools to make our jobs more efficient. In addition to application security, you will collaborate and assist others within the Security Team in other domains, which will help broaden your overall experience.

Within the first three months you will

• Gain an in-depth understanding of the different product groups at MongoDB
• Perform you first penetration and risk assessment on one of those products
• Write a scope document and rollout a new static analysis platform of your choice

This is a critically important role to help scale out the Information Security Program for a breakthrough company that is reinventing an $89B market. This position has significant growth potential, and we’re looking for someone who is excited to take initiative and help lead. This position is based out of our New York City Headquarters.

Candidate Profile

The right candidate for this role will have

• A solid background in application development or security disciplines
• Hands-on experience of analyzing threats and vulnerabilities to determine security impact
• Decent understanding of different programming methodologies and paradigms
• A thorough understanding of Web application and Linux Systems security
• Experience of integrating security into Software Development Life Cycle (SDLC) by performing threat modeling, architecture reviews and code reviews
• Hands-on experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools
• Expert knowledge and hands-on experience in performing Web Application penetration testing
• Experience collaborating closely with technical and non-technical persons on Information Security Topics

Position Expectations

• BS in Computer Science or equivalent experience
• 5+ years working in an information security discipline
• Ability to work on multiple projects concurrently
• Capable of finding vulnerabilities and recommending solutions
• Web Application Penetration testing experience
• Knowledge of Web, network, and systems security
• Functional knowledge of cryptography: SSL/TLS, PGP, AES, SHA-2
• Fluent in at least one programming or scripting language
• Familiarity with security in DevOps environments a plus
• Educate Engineers and Product teams on the importance of Application Security
• Continually evaluate the current Application Security Program; work with the team to grow the program out
• Participate in weekly on-call rotations
• Work Cross functionally with multiple teams on establishing new processes and improving existing
• Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
• Communicate complex technical issues simply to different audiences

Success Measures

The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:

• People: Collaborate to secure our products with fellow engineers across the organization
• Organization: Ability to manage multiple parallel efforts and prioritize risk based upon understanding and interpreting business needs.
• Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.
• Research: Research modern approaches to offensive and defensive processes, tooling and techniques.
• Creative: Find creative yet simple solutions to complex problems with technical requirements.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.