InfoSec Engineer I
The worldwide data management software market is massive (According to IDC, the worldwide database software market, which it refers to as the database management systems software market, was forecasted to be approximately $82 billion in 2023 growing to approximately $137 billion in 2027. This represents a 14% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.
MongoDB is seeking a passionate Application Developer to help expand MongoDB’s Information Security Program, specifically focusing on developing Application Security systems.
The MongoDB Security Team is responsible for MongoDB Inc.'s Information Security Program. It helps reduce risk in our systems and company and establish trust in our product offerings and cloud services. Our customers are both internal MongoDB employees and external customers.
This is an exciting chance to join a dynamic and innovative team with many opportunities to grow. MongoDB prides itself on offering careers rather than jobs.
We are looking to speak to candidates who are based in London for our hybrid working model.
Role DescriptionMongoDB is looking for an experienced professional to join our security team, emphasizing a strong background in software development. The ideal candidate will have over two years of experience in software development at least one year of experience in Information/Cyber Security AND the ability to develop production standard software to create innovative applications to address security gaps.
This role's primary focus is internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.
The secondary focus will be making our applications more secure, e.g., by helping application owners understand full application release lifecycles, penetration testing, assistance with code reviews, and more.
This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.
Candidate ProfileCandidates for this role should have strong software development experience and a deep understanding of programming languages and software development best practices. The ideal candidate will possess hands-on experience working with frontend frameworks such as React, Angular, or Vue.js. Additionally, we're looking for individuals with a background in pen testing or security reviews, and a solid awareness of various approaches to application security. Previous experience in implementing secure coding practices and identifying potential vulnerabilities in web applications is highly desirable.
We are looking for someone who is proactive in presenting ideas and has demonstrated problem-solving skills. Additionally, this role requires a strong ability to multitask and solid communication skills.
The ideal candidate for this role will have
- 2+ years of software development experience with at least one programming language such as Python, JavaScript, Go, Ruby, Java, C# or C/C++
- Previous experience working with frontend frameworks such as React or Angular
- Minimum 1 year of hands-on experience in cyber security
- Demonstrated success in completing development projects in previous roles
- Ability to develop applications from scratch using React / Node JS / Typescript / Python
- Intermediate knowledge of application security, security engineering, system and network security, authentication and security protocols, or cryptography
- Have Offensive security certifications, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS courses
- Demonstrated success completing complex projects in previous roles
- Be familiar with Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)
- Strong experience with application architecture reviews
- Experience with vulnerability management tools and processes
- Demonstrated ability to create scripts and automated processes
- Have a background in threat modeling and advocating for technical changes to exceed customer expectations, including delivering reports to upper management
- Excellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels, including senior leadership
- Understand different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)
- Experience working with technical teams on finding elegant solutions to complex problems managing them to resolution and release
- Understanding of networking protocols
- Develop and maintain custom InfoSec tools and systems, including, but not limited to, tools focused on automation and asset inventory automation
- Continuously assess and improve existing internal tools for performance, scalability, and security, emphasizing enhancing automation capabilities and maintaining an accurate asset inventory
- Cross-collaborate with other team members to understand security needs and translate them into functional software solutions
- Rapidly understand and assess new technologies
- Participate in code reviews, contribute to best practices, and maintain documentation related to developing and deploying InfoSec tools
- The ability to work with geographically distributed teams and multitasking are essential
- Communicate security threats, assessments and risks, as well as make recommendations
- Educate Engineers and Product teams on the importance of Application Security and Vulnerability Management
- Ability to quickly learn new systems and architectures
- Willingness to learn new technologies and adapt to a modern, fast-paced organization
- Work cross-functionally with multiple teams to improve existing processes and establish new ones
- Ability to create documentation when needed and defend and execute on findings
- Experience developing excellent software with front-end technologies and familiar with back-end development
- Familiar with the factors that impact UX and proficient in designing intuitive UIs
- Knowledge or experience with MongoDB products and services.
This is an important role in helping mature the capabilities of the Information Security Program for a breakthrough company disrupting a $80B market. This position has significant growth potential, and we’re seeking someone excited to take the initiative and help secure our company.
This position will report directly to the Manager of Application Security (EMEA-based).
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB is an equal opportunities employer.