• With a strong security engineering background, you’re looking for a role that gives you the freedom to increase MongoDB’s resonance with customers by strengthening our products
• You’re passionate about building a security program that puts a heavy emphasis on customer and engineer experience, leveraging your own extensive experience
• You enjoy collaborating with different teams to innovate and implement pragmatic solutions
• 7 years of experience in security incident detection and response engineering or similar role
• Broad knowledge across the Security disciplines. Deep focus in one or more core product security concerns such as software security, cloud (AWS, GCP, or Azure), or Platforms (Linux, Containers, Supporting services)
• Can plan and develop code for security team tooling. Can collaborate with engineering teams on code and architecture for our production services
• Able to Communicate complex technical issues in a simple manner that builds trust with a variety of audiences
• A strong sense of ownership and delivery
• Can facilitate a conversation rather than dominate it
• Can lead post-incident analysis and facilitate postmortems

Desirable

• The MongoDB Product Security organization is a diverse collection of individuals working together to scale MongoDB’s security, both security of the products themselves and the security features we offer to customers
• The team is responsible for several products including MongoDB Atlas Cloud, Ops Manager, Kubernetes Operator, and the MongoDB Server (Community and Enterprise editions)
• The MongoDB Product Security organization works with software engineers to design, implement, and operate systems in a manner that protects customer data
• It is a multidisciplinary team that covers product, software, cloud, infrastructure, detection/response, and operational security concerns
• Builds an engineering driven security program where there is tight integration with engineering artifacts, process, and tooling. Applies sound engineering to the practice of security
• Proactively leverages software architecture, coding patterns, security capabilities built into our products to reduce the impact of security issues
• Acts as security subject matter experts for our tech stack and products
• You will take ownership, define strategy, and drive improvement of our product detection and response program. This team is primarily focused on D&R engineering for the Atlas suite of products and supporting supply chain
• Advocate for and lead complex security projects from inception through completion
• Build frameworks and services that enable engineering teams to build and own detection capability for their products. Be a security subject matter expert and a trusted partner for those teams
• Integrate with our engineering processes like architecture review to drive new telemetry, detections, or containment as part of feature development
• Research and drive architecture, patterns, and processes across engineering that make unexpected behavior obvious and traceable. Build in context so that response workflows can be scaled and automated
• Partner closely with engineering teams to design and build new capability throughout our technology stack
• Research and monitor the threat landscape and facilitate feedback loops back in to security and engineering
• Design and implement attack testing automation to validate detection coverage
• Lead cross-team incident investigations and manage the IR process
• Success in this role means
• Taking ownership of one or more security programs such as application security, cloud security, or incident detection and response
• Seeing projects through from conception to completion in order to deliver new services or capabilities for the team
• Partnering with and collaborating with other engineering teams
• Establishing yourself as a go-to person for discussing security topics