Senior Application Security Engineer
New York City
MongoDB
Get your ideas to market faster with a developer data platform built on the leading modern database. MongoDB makes working with data easy.MongoDB is seeking a passionate Application Security Engineer to help expand MongoDB’s Application Security Program and assist in general Security needs.
This is an exciting opportunity to be a key member of our Security Team. The MongoDB Security Team heads up the Information Security Program for MongoDB Inc; helping to reduce risk in our systems and company, and to help establish trust in our product offerings and cloud services.
Your focus will be on Application Security; starting from day one you will work on a team responsible for all of the company’s applications and tools and work on ways to identify technical issues and reduce risk. This is a hands-on role, some days it may be code reviews, penetration tests, security recommendations, developer education (CTFs), or developing tools to make our jobs more efficient. In addition to application security, you will collaborate and assist others within the Security Team in other domains, which will help broaden your overall experience.
Within the first three months you will
- Gain an in-depth understanding of the different product groups at MongoDB
- Perform you first penetration and risk assessment on one of those products
- Write a scope document and rollout a new static analysis platform of your choice
This is a critically important role to help scale out the Information Security Program for a breakthrough company that is reinventing an $89B market. This position has significant growth potential, and we’re looking for someone who is excited to take initiative and help lead. This position is based out of our New York City Headquarters.
Candidate Profile
The right candidate for this role will have
- A solid background in application development or security disciplines
- Hands-on experience of analyzing threats and vulnerabilities to determine security impact
- Decent understanding of different programming methodologies and paradigms
- A thorough understanding of Web application and Linux Systems security
- Experience of integrating security into Software Development Life Cycle (SDLC) by performing threat modeling, architecture reviews and code reviews
- Hands-on experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools
- Expert knowledge and hands-on experience in performing Web Application penetration testing
- Experience collaborating closely with technical and non-technical persons on Information Security Topics
Position Expectations
- BS in Computer Science or equivalent experience
- 5+ years working in an information security discipline
- Ability to work on multiple projects concurrently
- Capable of finding vulnerabilities and recommending solutions
- Web Application Penetration testing experience
- Knowledge of Web, network, and systems security
- Functional knowledge of cryptography: SSL/TLS, PGP, AES, SHA-2
- Fluent in at least one programming or scripting language
- Familiarity with security in DevOps environments a plus
- Educate Engineers and Product teams on the importance of Application Security
- Continually evaluate the current Application Security Program; work with the team to grow the program out
- Participate in weekly on-call rotations
- Work Cross functionally with multiple teams on establishing new processes and improving existing
- Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
- Communicate complex technical issues simply to different audiences
Success Measures
The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:
- People: Collaborate to secure our products with fellow engineers across the organization
- Organization: Ability to manage multiple parallel efforts and prioritize risk based upon understanding and interpreting business needs.
- Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.
- Research: Research modern approaches to offensive and defensive processes, tooling and techniques.
- Creative: Find creative yet simple solutions to complex problems with technical requirements.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Tags: AES Application security Cloud Computer Science Cryptography DAST DevOps Linux MongoDB Pentesting Risk assessment SAST Scripting SDLC TLS Vulnerabilities
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Security Analyst jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open ISO 27001-related jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open CI/CD-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs