InfoSec Engineer I

MongoDB’s mission is to empower innovators to create, transform, and disrupt industries by unleashing the power of software and data. We enable organizations of all sizes to easily build, scale, and run modern applications by helping them modernize legacy workloads, embrace innovation, and unleash AI. Our industry-leading developer data platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available in more than 115 regions across AWS, Google Cloud, and Microsoft Azure. Atlas allows customers to build anywhere—on the edge, on premises, or across cloud providers. With offices worldwide and over 175,000 developers joining MongoDB every month, it’s no wonder that leading organizations, like Samsung and Toyota, trust MongoDB to build next-generation, AI-powered applications.

MongoDB is seeking a passionate Application Developer to help expand MongoDB’s Information Security Program, specifically focusing on developing Application Security systems.

The MongoDB Security Team is responsible for MongoDB Inc.'s Information Security Program. It helps reduce risk in our systems and company and establish trust in our product offerings and cloud services. Our customers are both internal MongoDB employees and external customers. 

This is an exciting chance to join a dynamic and innovative team with many opportunities to grow. MongoDB prides itself on offering careers rather than jobs.

We are looking to speak to candidates who are based in London for our hybrid working model or remote within the UK.

Role Description

MongoDB is looking for an experienced professional to join our security team, emphasizing a strong background in software development. The ideal candidate will have over two years of experience in software development at least one year of experience in Information/Cyber Security AND the ability to develop production standard software to create innovative applications to address security gaps. 

This role's primary focus is internal tool development. You will be responsible for designing, developing, and implementing software solutions to address a variety of information security challenges. Your primary objective will be to code and create robust and efficient tools that aid in the protection of our company's digital assets.

The secondary focus will be making our applications more secure, e.g., by helping application owners understand full application release lifecycles, penetration testing, assistance with code reviews, and more.

This role is technical, focusing mainly on development work, but will also present an opportunity to improve company-wide processes focusing on application security. 

Candidate Profile

Candidates for this role should have strong software development experience and a deep understanding of programming languages and software development best practices. The ideal candidate will possess hands-on experience working with frontend frameworks such as React, Angular, or Vue.js. Additionally, we're looking for individuals with a background in pen testing or security reviews, and a solid awareness of various approaches to application security. Previous experience in implementing secure coding practices and identifying potential vulnerabilities in web applications is highly desirable.

We are looking for someone who is proactive in presenting ideas and has demonstrated problem-solving skills. Additionally, this role requires a strong ability to multitask and solid communication skills. 

The ideal candidate for this role will have

• 2+ years of software development experience with at least one programming language such as Python, JavaScript, Go, Ruby, Java, C# or C/C++
• Previous experience working with frontend frameworks such as React or Angular
• Minimum 1 year of hands-on experience in cyber security
• Demonstrated success in completing development projects in previous roles
• Ability to develop applications from scratch using React / Node JS / Typescript / Python
• Intermediate knowledge of application security, security engineering, system and network security, authentication and security protocols, or cryptography
• Have Offensive security certifications, including OSCP, OSCE, OSEP, OSEE, CCSAS, CCT INF or relevant SANS courses
• Demonstrated success completing complex projects in previous roles
• Be familiar with Cloud (Paas or SaaS) technologies (like AWS, GCP, GSuite)
• Strong experience with application architecture reviews
• Experience with vulnerability management tools and processes
• Demonstrated ability to create scripts and automated processes
• Have a background in threat modeling and advocating for technical changes to exceed customer expectations, including delivering reports to upper management
• Excellent written and verbal communication skills with the ability to adapt messaging to technical and non-technical audiences at all levels, including senior leadership
• Understand different Information Security standards and reports (e.g. SOC2, HIPAA, Fedramp)
• Experience working with technical teams on finding elegant solutions to complex problems managing them to resolution and release
• Understanding of networking protocols

Position Expectations

• Develop and maintain custom InfoSec tools and systems, including, but not limited to, tools focused on automation and asset inventory automation
• Continuously assess and improve existing internal tools for performance, scalability, and security, emphasizing enhancing automation capabilities and maintaining an accurate asset inventory
• Cross-collaborate with other team members to understand security needs and translate them into functional software solutions
• Rapidly understand and assess new technologies
• Participate in code reviews, contribute to best practices, and maintain documentation related to developing and deploying InfoSec tools
• The ability to work with geographically distributed teams and multitasking are essential
• Communicate security threats, assessments and risks, as well as make recommendations
• Educate Engineers and Product teams on the importance of Application Security and Vulnerability Management
• Ability to quickly learn new systems and architectures
• Willingness to learn new technologies and adapt to a modern, fast-paced organization
• Work cross-functionally with multiple teams to improve existing processes and establish new ones
• Ability to create documentation when needed and defend and execute on findings

What will make you stand out

• Experience developing excellent software with front-end technologies and familiar with back-end development
• Familiar with the factors that impact UX and proficient in designing intuitive UIs
• Knowledge or experience with MongoDB products and services.

This is an important role in helping mature the capabilities of the Information Security Program for a breakthrough company disrupting a $80B market. This position has significant growth potential, and we’re seeking someone excited to take the initiative and help secure our company. 

This position will report directly to the Manager of Application Security (EMEA-based).

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB is an equal opportunities employer.