Application Security Engineer at MongoDB
The database market is massive (the IDC estimates it to be $106B+ by 2024!) and MongoDB is at the head of its disruption. The MongoDB community is transforming industries and empowering developers to build amazing apps that people use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team Description
MongoDB is seeking a passionate Application Security Engineer to help expand MongoDB’s Application Security Program and assist in general Information Security needs.
This is an exciting opportunity to be a key member of our Security Team. The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems and company, and to help establish trust in our product offerings and cloud services.
Your focus will be on Application Security; starting from day one you will work on a team overseeing all of the company’s applications and tools and work on ways to identify technical issues and reduce risk. This is a hands-on role, some days it may be code reviews, penetration tests, security recommendations, developer education (CTFs), or developing tools to make our jobs more efficient. In addition to application security, you will collaborate and assist others within the Information Security Team in other domains, which will help broaden your overall experience.
Within the first three months you will:
- Gain an in-depth understanding of the different product groups at MongoDB
- Perform you first penetration and risk assessment on one of those products
- Write a scope document and rollout a new static analysis platform of your choice
This is a critically important role to help scale out the Information Security Program for a breakthrough company. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help lead. This position is available for fully remote or based out of our New York City Headquarters.Candidate Profile
The right candidate for this role will have:
- A strong background in application development
- Hands-on experience of analyzing threats and vulnerabilities to determine security impact
- Demonstrated knowledge of different programming methodologies and paradigms
- A strong understanding of Web application and Linux Systems security
- Experience of integrating security into Software Development Life Cycle (SDLC) by performing threat modeling, architecture reviews and code reviews
- Experience with Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools
- Expert knowledge and hands-on experience in performing Web Application penetration testing
- Experience interfacing with technical and non-technical persons on Information Security Topics
- BS in Computer Science or equivalent experience
- 5+ years working in an information security discipline
- Ability to work on multiple projects concurrently
- Experience or knowledge of the following:
- Finding vulnerabilities and recommending solutions
- Web Application Penetration testing
- Web, network, and systems security
- Cryptography: SSL/TLS, PGP, AES, SHA-2
- Fluent in at least one programming or scripting language
- Familiarity with security in DevOps environments a plus
- Educate Engineers and Product teams on the importance of Application Security
- Continually evaluate the current Application Security Program; work with the team to grow the program out
- Participate in weekly on-call rotations
- Work Cross functionally with multiple teams on establishing new processes and improving existing
- Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
- Communicate complex technical issues simply to different audiences
The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:
- People: Collaborate to secure our products with fellow engineers in various departments
- Organization: Ability to manage multiple parallel efforts and prioritize risk based upon understanding and interpreting business needs
- Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources
- Research: Research modern approaches to offensive and defensive processes, tooling and techniques
- Creative: Find creative yet simple solutions to complex problems with technical requirements
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.