Information Security Specialist, Bug Bounty

London, Dublin or Remote Europe

Applications have closed
MongoDB logo

Posted 1 month ago

The database market is massive (the IDC estimates it to be $106B+ by 2024!) and MongoDB is at the head of its disruption. The MongoDB community is transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.


MongoDB is seeking a hardworking Security Specialist to help expand MongoDB’s Information Security Program, specifically focusing on developing, running and leading the Bug Bounty Program.

The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems, company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.

This role offers an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.

Role Description:

MongoDB is looking for a dedicated professional with passion for learning to join our security team. You will have at least 2 years+ of experience in Information/Cyber Security and experience with Bug Bounty Programs (either as a researcher or as a part of triaging findings).

Primary focus of this role will be to create, run and manage a new Bug Bounty Program for MongoDB organizations globally. This will include triaging issues, determining when CVEs are needed and collaborating with other teams to create world-class experience for the security researchers and MongoDB employees alike.

Candidate Profile:

Candidates for this role should have a proven track record of completing sophisticated projects on a global scale. Candidates should also have experience working in global teams spanning across multiple time-zones.

Ideal candidates should have experience with Bug Bounty programs, either from a researcher viewpoint or from an internal viewpoint.

We are looking for someone who is comfortable with presenting to a wide audience. Candidates for this role should also be proactive.

The markup of this role will focus 70% of bug bounty responsibilities and 30% on other related engineering work.

The ideal candidate for this role will have:

  • Minimum 2 years hands-on experience in cyber security
  • Demonstrated success completing complex projects in previous roles
  • Experience working in global teams spanning multiple time-zones and geographies
  • Experience with Bug Bounty programs, either from a researcher viewpoint or from an internal viewpoint.
  • Be comfortable with presenting to larger audiences
  • Ability to understand and triage received issues
  • Experience interfacing with technical and non-technical teams
  • Be Fluent in variety of security technologies
  • Some experience with application architecture reviews
  • Understanding of different security vulnerabilities types, for instance XSS, SQL injection and others, and their impact of different software components
  • Understanding of Cyber Security terminology and concepts

Position Expectations:

  • Create, run and manage a new Bug Bounty Program for MongoDB organizations globally.
  • Understand and Triage issues to right owners
  • Make sure that researchers and MongoDB developers have world-class bug bounty experience
  • Rapidly understand and assess new technologies
  • Be comfortable with presenting to larger audiences
  • Willingness to learn new technologies and adapt to a modern, fast-paced organization
  • Educate Engineers and application owners on the important of Security and associated risks
  • Ability to quickly learn new systems and architectures
  • Work Cross functionally with multiple teams on establishing new processes and improving existing ones
  • Ability to create documentation when needed as well as defend and execute on findings

Success Measures:

The Information Security Engineer, SaaS security will be successful in this role when they can execute the following strategic tasks:

  • People: Collaborate to secure our products with fellow engineers in various departments
  • Organization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritization
  • Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.
  • Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.
  • Creative: Find creative yet simple solutions to complex problems with technical requirements.

This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office.

This position will report directly to the Director of Product Security, EMEA.

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.

Job tags: Architecture SaaS Vulnerabilities
Job region(s): Europe Remote/Anywhere
Job stats:  53  9  0