Information Security Engineer, SaaS Security
The database market is massive (the IDC estimates it to be $106B+ by 2024!) and MongoDB is at the head of its disruption. The MongoDB community is transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.
MongoDB is seeking a hardworking Security Engineer to help expand MongoDB’s Information Security Program, specifically focusing on Corporate SaaS Security.
The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems, company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.
This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.
MongoDB is looking for an experienced professional to join our security team. We are looking for someone with at least 3 years+ of experience in Information/Cyber Security.
Main focus of this role will be ensuring that 3rd party Corporate SaaS applications used by MongoDB are configured and run securely. This will include developing novel approaches and tools for SaaS security (like SOAR), utilizing industry best practices and responding to security incidents.
3rd party SaaS applications in this context can be defined as “productivity” and “corporate” SaaS platforms which are used by hundreds or thousands of MongoDB employees. The role will not be specifically focused on PaaS tools like Amazon, GCP, Azure - although some overlap is possible and necessary.
The right person for the role should be proficient in a variety of information security tools, including some Cloud-based technologies. Ideal candidates will also have experience application in pen testing, security reviews and awareness of different SaaS platforms.
You will be willing to undergo additional training to learn more about different SaaS platforms specifics.
You will be proactive in presenting ideas with proven problem-solving skills.
Additionally, this role requires good ability to multitask as well as solid communication skills.
The ideal candidate for this role will have
- Minimum 3 years hands-on experience in cyber security
- Proven success completing sophisticated projects in previous roles
- Be familiar with different SaaS technologies like Salesforce, or PaaS technologies like AWS, GCP, GSuite
- Demonstrated ability to create scripts and automated processes interfacing with REST APIs
- Be Proficient in variety of security technologies
- Demonstrated problem solving capabilities
- Experience collaborating with technical and non-technical teams
- Experience with SIEM platforms like Splunk
- Some experience with application architecture reviews
- Some pen testing experience or awareness is preferred
- Experience utilizing SaaS management tools like CASB is desired
- Willingness to work with different technical teams on finding elegant solutions to complex problems, handling them to resolution and release
- Have at least a basic understanding of different Information Security standards (e.g. SOC2, HIPAA, Fedramp)
- Rapidly understand and assess new technologies
- Ability to learn new technologies and adapt to a modern, fast-paced organization
- Have interest in rapidly expanding world of SaaS security
- Ability to work with geographically distributed teams and multitasking are critical
- Communicate security threats, assessments and risks as well as make recommendations
- Capacity to organize, coordinate and implement in both a global and regional context as required
- Educate Engineers and application owners on the importance of SaaS Security and associated risks
- Ability to quickly learn new systems and architectures
- Work Cross functionally with multiple teams on establishing new processes and improving existing ones
- Ability to create documentation when needed as well as defend and execute on findings
- Ability to create process that help address configuration drift
The Information Security Engineer, SaaS security will be successful in this role when they can execute the following strategic tasks:
- People: Collaborate to secure our products with fellow engineers in various departments
- Organization: Ability to handle multiple parallel efforts and utilise risk-based approach for prioritization
- Communication: Optimally communicate your recommendations and rationale to both technical and semi-technical resources.
- Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.
- Creative: Find creative yet simple solutions to complex problems with technical requirements.
This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential, and we’re looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office.
This position will report directly to the Director of Product Security, EMEA.
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
*MongoDB is an equal opportunities employer.*