Job Description
The worldwide data management software market is massive (According to IDC, the data management software market is forecast to be $94 billion in 2023 growing to approximately $153 billion in 2027, representing a 13% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.Team:MongoDB is seeking a passionate Information Security Engineer to help expand MongoDB's Information Security Program, specifically focusing on the development of Application Security systems.The MongoDB Security Team is responsible for the Information Security Program for MongoDB Incl. helping to reduce risk in our systems, and company and to help establish trust in our product offerings and cloud services. Our customers are both our internal MongoDB employees and our external customers.This is an exciting chance to be part of a dynamic and innovative team with a lot of opportunities to grow. MongoDB prides itself on offering careers rather than jobs.Role Description:MongoDB is looking for an experienced professional to join our security team. The ideal candidate will have at least 2 years+ of experience in Information/Cyber Security AND ability to develop software in order to create innovative applications to address security gaps.The primary focus of this role centers on internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.The secondary focus will be helping our applications to be more secure - e.g. by helping application owners to understand full application release lifecycles, penetration testing, assistance with code reviews and more.This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security.Candidate Profile:Candidates for this role should have experience in software development and possess a deep understanding of programming languages and software development best practices. Ideal candidates will also have experience in SDLC, pentesting or security reviews and awareness of different approaches to application security.We are looking for someone who is proactive in presenting ideas with demonstrated problem-solving skills. Additionally, this role requires strong ability to multitask as well as solid communication skills.The ideal candidate for this role will have:2+ years of software development experience with at least one programming language such as Java, Python, JavaScript, Go, Ruby, C# or C/C++Minimum 2 years of hands-on experience in cyber securityDemonstrated success in completing development projects in previous rolesAbility to develop applications from scratch using ReactJS/JS/Python.Intermediate knowledge and understanding of application security, security engineering, system and network security, authentication and security protocols, or cryptographyCertifications in offensive security, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS coursesDemonstrated success completing complex projects in previous rolesBe familiar with different Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)Strong experience with application architecture reviewsExperience with vulnerability management tools and processesDemonstrated ability to create scripts and automated processesHave a background in threat modelling and advocating for technical changes to exceed customer expectations, including delivering reports to upper managementExcellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels including senior leadershipHave at least a basic understanding of different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)Experience working with technical teams on finding elegant solutions to complex problems, managing them to resolution and releaseUnderstanding of networking protocolsPosition Expectations:Develop and maintain custom InfoSec tools and systems, including but not limited to tools focused on automation and automation of asset inventory.Continuously assess and improve existing internal tools for performance, scalability, and security, with a special emphasis on enhancing automation capabilities and maintaining an accurate asset inventory.Cross-collaborate with other team members to understand security needs and translate them into functional software solutions.Rapidly understand and assess new technologiesParticipate in code reviews, contribute to best practices, and maintain documentation related to the development and deployment of InfoSec tools.Ability to work with geographically distributed teams and multitasking are essentialCommunicate security threats, assessments and risks as well as make recommendationsEducate Engineers and Product teams on the important of Application Security and Vulnerability ManagementAbility to quickly learn new systems and architecturesWillingness to learn new technologies and adapt to a modern, fast-paced organisationWork Cross functionally with multiple teams on establishing new processes and improving existingAbility to create documentation when needed as well as defend and execute on findingsSuccess Measures:The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:People: Collaborate to secure our products with fellow engineers in various departmentsOrganization: Ability to manage multiple parallel efforts and utilise risk-based approach for prioritizationCommunication: Successfully communicate your recommendations and rationale to both technical and semi-technical resources.Research: Research modern approaches to security problems, offensive and defensive processes, tooling and techniques.Creative: Find creative yet simple solutions to complex problems with technical requirements.This is an important role to help mature the capabilities of the Information Security Program for a breakthrough company that is disrupting a $80B market. This position has significant growth potential and we're looking for someone who is excited to take initiative and help secure our company. This position is based out of our London Hatfields office or remote.This position will report directly to the Manager of Application Security (EMEA based).MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.MongoDB is an equal opportunities employer.