The worldwide data management software market is massive (IDC forecasts it to be $136 billion by 2027!). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.
MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB’s Information Security Program, specifically focusing on Application Security and Internal Product Security.
The MongoDB Security Team is responsible for the Information Security Program for MongoDB Inc; helping to reduce risk in our systems, company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.
This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.
MongoDB is looking for an experienced application security engineer with a software development background to join our security team. The ideal candidate will have at least 4 years+ of experience in Information/Cyber Security.
Primary focus of this role will be ensuring that new and existing internally facing applications are secure. This would include understanding the full application release lifecycles, helping to support application asset registries, penetration testing, assistance with code reviews and more. This role is technical but will also present an opportunity to improve company-wide processes focusing on application security.
This role will be based from our London office.
Candidates for this role should be fluent in a variety of information security tools and ideally some programming languages. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.
We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.
The ideal candidate for this role will have:
Minimum of 4 years hands-on experience in at least two of the following areas: penetration testing, secure coding cloud security, and network security
Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptography
Certifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS courses
Demonstrated success completing complex projects in previous roles
Be familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)
Strong experience with application architecture reviews
Experience with vulnerability management tools and processes
Demonstrated ability to create scripts and automated processes
Have a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper management
Excellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadership
Have at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)
Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and release
Understanding of networking protocols
Rapidly understand and assess new technologies
Ability to work with geographically distributed teams and multitasking are essential
Communicate security threats, assessments and risks as well as make recommendations
Educate Engineers and Product teams on the important of Application Security and Vulnerability Management
Ability to quickly learn new systems and architectures
Willingness to learn new technologies and adapt to a modern, fast-paced organisation
Work Cross functionally with multiple teams on establishing new processes and improving existing
Ability to create documentation when needed as well as defend and execute on findings
The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:
People: Collaborate to secure our products with fellow engineers in various departments
Organization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritization
Communication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.
Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.
Creative: Find creative yet simple solutions to complex problems with technical requirements.
This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we’re looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office.
This position will report directly to the Manager of Product Security, EMEA.
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB is an equal opportunities employer.