Staff Security Engineer, MongoDB

Developer Productivity

Salary not provided
MongoDB
Docker
Kubernetes
Python
Java
Go
C++
C
Rust
Slack
Zoom
Senior and Expert level
Remote in Canada
MongoDB

Developer data platform

Open for applications

MongoDB

Developer data platform

1001+ employees

B2BEnterpriseBig dataCloud Computing

Open for applications

Salary not provided
MongoDB
Docker
Kubernetes
Python
Java
Go
C++
C
Rust
Slack
Zoom
Senior and Expert level
Remote in Canada

1001+ employees

B2BEnterpriseBig dataCloud Computing

Company mission

To empower innovators to create, transform, and disrupt industries by unleashing the power of software and data.

Role

Who you are

  • 8+ plus years of progressive experience with open source and commercial application security testing and analysis tools for attack surface management, dynamic security analysis (DAST), and static code analysis (SAST)
  • Relevant software development experience, understanding how software is designed, built and can be broken is critical
  • Subject matter expert in all phases of the software development lifecycle supply chain
  • Domain expertise of software and security through various software development and security best practices
  • Demonstrated experience with threat modeling, risk analysis and control design
  • Advanced understanding of vulnerability exploitation chaining and vulnerability remediation
  • Experience or understanding of languages such as C++, C, Rust, Go, Python, Java, or other related languages
  • Experience with cloud native development pipelines and tooling such as Docker, Kubernetes, and other release/deployment tooling
  • The ability to work autonomously, being able to identify gaps and create solutions independently with minimal direction
  • Demonstrated ability to work collaboratively across domains with senior engineering leaders and stakeholders in other teams and departments

Desirable

  • CISSP, CISA, and/or relevant cybersecurity certifications
  • Deep understanding of SLSA framework & CWE, MITRE, OWASP, CIS Benchmarks
  • Experience running Red Team exercises and building remediation roadmaps
  • Self-education to continuously learn and invest in skills and knowledge relevant to the team and the position
  • Knowledge or experience with MongoDB products and services

What the job involves

  • The Developer Productivity Platforms team owns the tools, services, and infrastructure that enables our developer ecosystem, ensures optimal performance and scalability, as well as the security of our runtime environments, supply chain, services, and published artifacts
  • A big part of Devprod Platform’s mission is to ensure the security of our MongoDB software supply chain against threats and attacks as well as the compliance of our products
  • By securing the supply chain and strengthening the security posture of our internal development systems, we protect our customers and the integrity of our shipped products
  • We ensure that the MongoDB development ecosystem is secure by driving engineering efforts to design and implement controls, processes, and best practices to provide assurance to internal stakeholders and external customers that their data is protected
  • Collaborate with MongoDB Infosec and application security teams to create a threat matrix focused on SDLC processes, tooling and infrastructure to improve and evolve our security posture within our development ecosystem
  • Provide architectural guidance on best practices on, and implement security tooling, automation and technical controls across our developer pipelines, services and infrastructure that adhere to the central principles of least privilege, defense in depth, protecting integrity and access control
  • Drive SDLC compliance through engineering efforts and implementation/automation of processes, controls and tools
  • Work with engineering teams across MongoDB to ensure that we are building scalable and sustainable security solutions for our product development and release processes
  • Engage in security investigations to respond to, and analyze emerging threats
  • Develop strategies to exercise and improve our SDLC security posture utilizing red team and pen test activities
  • Be a technical authority to help us stay aligned with MongoDB’s security initiatives and policies by driving mid to large scale projects with high visibility
  • Stay up to date on emerging trends in the software security industry to help us stay ahead of new threat vectors and compliance requirements
  • Work with Legal, Privacy and Internal Audit to ensure that we are operating within regulatory and compliance standards

Our take

MongoDB is an open-source, cross-platform, document-oriented database system. It stores data as JSON-like documents and is written in C++, Go, JavaScript and Python.

Essentially, the company develops tools and blueprints to help businesses and organisations modernise their legacy applications, migrating them to the MongoDB database and the MongoDB Atlas cloud database. With this initiative, MongoDB is particularly taking aim at Oracle customers with ageing applications running on the Oracle relational database system.

Since its release, MongoDB has become one of the most popularly used NoSQL database systems due to its ease of use and efficiency. It is also the fastest-growing database ecosystem, and boasts hundreds of millions of downloads. Recently, the company announced a partnership with Patronus AI, an automated evaluation and security platform, through which it will bring automated LLM evaluation and testing capabilities to enterprise customers.

Freddie headshot

Freddie

Company Specialist

Insights

Top investors

Some candidates hear
back within 2 weeks

13% employee growth in 12 months

Company

Funding (last 2 of 8 rounds)

Jan 2015

$80m

SERIES G

Oct 2013

$150m

SERIES F

Total funding: $311.1m

Company benefits

  • Rich health insurance coverage
  • Virtual & on-site fitness classes
  • Health screenings & telemedicine
  • Access to transgender-inclusive health insurance coverage
  • Global and internal mobility opportunities
  • Equity & Employee Stock Purchase Program
  • Pension & retirement programs
  • Income Protection
  • Flexible PTO is offered to every US employee & competitive time off policies for non-US employees
  • Employee Assistance Program
  • Mental health counseling
  • Free meditation app access
  • Fertility & adoption financial assistance
  • Parental counseling for new parents
  • 20 weeks of fully paid gender neutral parental leave & flexible work arrangements
  • 4 weeks of emergency care leave

Company values

  • Think Big, Go Far
  • Build Together
  • Embrace the Power of Differences
  • Be Intellectually Honest
  • Own What You Do
  • Make it Matter

Company HQ

Theater District, New York, NY

Founders

Dwight Merriman

(Co-Founder)

Previously CTO and Co-founder at DoubleClick for 10 years, and Chairman at AlleyCorp for 15 years.

Share this job

View 163 more jobs at MongoDB