Information Security Engineer, Systems Security

The database market is massive (the IDC estimates it to be $106B+ by 2024!) and MongoDB is at the head of its disruption. The MongoDB community is transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

MongoDB is seeking a passionate Security Engineer to help expand MongoDB’s Security Program and help us mature our posture with respect to Vulnerability Management and Systems Security and associated Policies and Guidelines.

This is an exciting opportunity to be a key member of our Security Team. The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems and company, and to establish trust in our product offerings and cloud services.

Your focus will be on Systems Security and Vulnerability Management across our systems, services, and devices used by our employees and infrastructure used to offer our services. You will work directly with internal partners to understand internal systems and develop pragmatic controls to harden systems, a means to measure control-drift, and a vulnerability management plan to be used to identify known vulnerabilities and identify appropriate means to resolve vulnerabilities. In addition, you will help scale our systems security and vulnerability management efforts by updating and creating new policies and guidelines for our employees to follow.

This is a both a hands-on role as well as a role where you will lead by influencing other teams and assisting them in coming into compliance with our regulatory and internal requirements.

This is a critically important role to help scale out the Information Security Program for a breakthrough company that is reinventing an $80B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help secure our company. This position is based out of our New York City Headquarters.

Candidate Profile

The right candidate for this role will have

• A background in Information Security fundamentals and direct experience working in a Security role for 3+ years
• An entrepreneurial spirit; you enjoy challenges across broad range of disciplines
• Hands on experience of the following:
• Configuring and operating tools related to system security hardening and creating security baselines, and/or vulnerability management
• Windows and Linux Systems Security
• Current Cyber Security threats, trends and an understanding of how attackers execute their campaigns
• Identifying known vulnerabilities in systems and working with teams to develop or mature processes to remediate identified vulnerabilities
• Collaborating with technical and non-technical persons on Information Security Topics
• Performing security reviews on cloud (SaaS) applications
• Containerization technologies
• Vulnerability management scanning tools such as Qualys, Nessus, and Rapid7.

Position Expectations

• Work with internal stakeholders to develop pragmatic System and Vulnerability Management policies. Advise on common approaches, tooling and industry standard methodologies
• Be our domain expert for policies and guidelines. Update and/or create new security policies and guidelines based upon review of existing policies and feedback you acquire from peers and our internal partners. Facilitate internal working groups for policy updates.
• Educate Engineers and Product teams on the importance of System Hardening and Vulnerability Management
• Rapidly understand and assess new technologies
• Help manage and maintain endpoint security tools such as anti-virus tools
• Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
• Communicate sophisticated technical issues simply to different audiences
• Ability to write, defend, and execute on your findings
• Assist the larger Information Security team on general activities, such as architecture reviews and risk related assessments.
• Review compliance and regulatory requirements (e.g., FedRAMP, PCI DSS, etc), and assist in accomplishing required tasks to ensure we are compliant with requirements

Success Measures

The Information Security Engineer will be successful in this role when they can execute the following strategic tasks

• People: Collaborate to secure our infrastructure and products with fellow engineers in various departments
• Organization: Ability to manage multiple parallel efforts and prioritize risk based upon understanding and interpreting business needs.
• Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.
• Research: Research modern approaches to offensive and defensive processes, tooling and techniques.
• Creative: Find creative yet simple solutions to complex problems with technical requirements.

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.