Senior Product Security Engineer, Server New York City

MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build and run applications anywhere—on premises, or across cloud providers. With offices worldwide and over 175,000 new developers signing up to use MongoDB every month, it’s no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.

We are looking to speak to candidates remotely in the US.

With a strong security engineering background, you’re looking for a role that gives you the freedom to increase MongoDB’s resonance with customers by strengthening our products. You’re passionate about solving hard security engineering problems while putting a strong emphasis on customer experience, leveraging your own significant experience. You enjoy collaborating with different teams to innovate and implement pragmatic solutions.

The MongoDB Product Security organization is a diverse collection of individuals working together to scale MongoDB’s security, both security of the products themselves and the security features we offer to customers. The team is responsible for several products including MongoDB Atlas Cloud , Ops Manager , Kubernetes Operator , and the MongoDB Server (Community and Enterprise editions).

The MongoDB Product Security organization works with software engineers to design, implement, and operate systems in a manner that protects customer data. It is a multidisciplinary team that covers product, software, cloud, infrastructure, and operational security concerns. The team does the following:

• Build a developer driven security program where there is tight integration with engineering artifacts, process, and tooling
• Use software architecture and coding patterns to reduce the impact of security issues
• Be security subject matter experts for our tech stack and products

• You will take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security
• Advocate for and lead complex security projects from inception through completion
• Drive architecture, patterns, and processes across cloud engineering that make security the easiest path
• Partner closely with engineering teams to design and implement security controls across our software and systems
• Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls
• Serve as a security subject matter expert for software security and architecture
• Partner with cloud detection and response to create new capabilities or respond to security events
• Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship

• 7 years of experience in application security, software security, or product security
• Demonstrated expertise in C++ programming to thoroughly assess existing codebases for security vulnerabilities and develop or support remediations and enhancements including mitigating memory-related security flaws such as buffer overflows and memory leaks
• Deep subject matter expertise in database security, application security, software security, or data security
• Deep knowledge database engines,database internals and applied cryptography
• Demonstrated ability to identify and fix security issues through manual code review, application penetration testing, or red teaming
• Scripting experience and ability to contribute code back to our environments
• Comfortable leading threat modeling and being a security ambassador to other engineering teams
• Communicate complex technical issues in a simple manner that builds trust with a variety of audiences
• A strong sense of ownership and delivery
• Can facilitate a conversation rather than dominate it
• Skilled at providing collaborative, actionable feedback, not just a list of flaws

Don’t feel that you meet all of the requirements? We encourage you to apply anyway because studies have shown that some strong candidates may self-select out of the interview process prematurely. We have a diverse, inclusive, equitable, and high-performing environment at MongoDB and want to continuously improve our ability to deliver for customers.

• Working knowledge of one or more major cloud providers (AWS, GCP, or Azure)
• Experience with large scale environments

• Taking ownership of one or more security programs such as appsec, cloud, or detect/response
• Seeing projects through from conception to completion in order to deliver new services or capabilities for the team
• Establishing yourself as a go-to person for discussing security topics

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB , and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

REQ ID: 1263107313

MongoDB’s base salary range for this role in the U.S. is:

$118,000 — $231,000 USD

*

indicates a required field

First Name *

Last Name *

Email *

Phone

Resume/CV *

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Preferred Name *

Website

LinkedIn Profile

Github

StackExchange

Would you like to stay up to date with MongoDB Culture and Careers content? Select...

How did you learn about this job? Select...

If you answered MongoDB Employee, MongoDB Event, or Other, please specify here:

Receive alerts for similar jobs? Select...

Will you now or in the future require employment sponsorship? * Select...

Have you ever worked at MongoDB before? * Select...

At MongoDB, we believe in fostering an environment where diverse perspectives can grow and thrive. We are committed to creating a culture of inclusion and a sense of belonging by seeking and valuing employees from different backgrounds. One of our core values as a company is to Embrace the Power of Differences.

In the spirit of inclusion, below is a set of voluntary demographic questions. The information collected is for compliance reporting purposes and internal data analysis only. Your responses help us remain compliant and identify areas for improvement in our recruiting processes. If you choose to self-identify, your responses will not be used in any hiring or subsequent employment decision. While answering the questions is required, you will have the option to select "I don't wish to answer" for each question.

This information, should you choose to provide it, will be collected, stored and processed in accordance with MongoDB’s Privacy Notice as applicable. Please see our Privacy Notice here .

Reporting requirements in the United States currently only allow MongoDB to report applicant and employee gender as either “male” or “female”. Candidates will have the opportunity to provide further detail about their gender identity in the second survey question should they so choose.

For more information on Voluntary Self-Identification of Disability, please review the information found here . For more information to determine Protected Veteran status, please review the information found here .

To all recruitment agencies: MongoDB does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias or MongoDB employees. MongoDB is not responsible for any fees related to unsolicited resumes.

Please note that we will only communicate with our job applicants by using @mongodb.com and @greenhouse.io domains. We will never contact applicants from any other email address, including @gmail addresses. You may always view the most current and accurate job postings at MongoDB by visiting our website at https://www.mongodb.com/careers .