About the position
MongoDB's mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build and run applications anywhere-on premises, or across cloud providers. With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it's no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.
Responsibilities
- Take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security
- Advocate for and lead complex security projects from inception through completion
- Drive architecture, patterns, and processes across cloud engineering that make security the easiest path
- Partner closely with engineering teams to design and implement security controls across our software and systems
- Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls
- Serve as a security subject matter expert for software security and architecture
- Partner with cloud detection and response to create new capabilities or respond to security events
- Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship
Requirements
- 7 years of experience in application security, software security, or product security
- Demonstrated expertise in C++ programming to thoroughly assess existing codebases for security vulnerabilities and develop or support remediations and enhancements including mitigating memory-related security flaws such as buffer overflows and memory leaks
- Deep subject matter expertise in database security, application security, software security, or data security
- Deep knowledge database engines, database internals and applied cryptography
- Demonstrated ability to identify and fix security issues through manual code review, application penetration testing, or red teaming
- Scripting experience and ability to contribute code back to our environments
- Comfortable leading threat modeling and being a security ambassador to other engineering teams
- Communicate complex technical issues in a simple manner that builds trust with a variety of audiences
- A strong sense of ownership and delivery
- Can facilitate a conversation rather than dominate it
- Skilled at providing collaborative, actionable feedback, not just a list of flaws
Nice-to-haves
- Working knowledge of one or more major cloud providers (AWS, GCP, or Azure)
- Experience with large scale environments
Benefits
- Equity
- Participation in the employee stock purchase program
- Flexible paid time off
- 20 weeks fully-paid gender-neutral parental leave
- Fertility and adoption assistance
- 401(k) plan
- Mental health counseling
- Access to transgender-inclusive health insurance coverage
- Health benefits offerings
