Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

MongoDB Senior Product Security Engineer Server 
United States, New York, New York 
454530246

24.06.2024

This role can be based out of our New York city office or Seattle office.

The MongoDB Product Security organization works with software engineers to design, implement, and operate systems in a manner that protects customer data. It is a multidisciplinary team that covers product, software, cloud, infrastructure, and operational security concerns. The team does the following:

  • Build a developer driven security program where there is tight integration with engineering artifacts, process, and tooling.
  • Use software architecture and coding patterns to reduce the impact of security issues.

Be security subject matter experts for our tech stack and products.

Responsibilities
  • You will take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security.
  • Advocate for and lead complex security projects from inception through completion.
  • Drive architecture, patterns, and processes across server engineering that make security the easiest path.
  • Partner closely with engineering teams to design and implement security controls across our software and systems.
  • Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls.
  • Serve as a security subject matter expert for software security and architecture.
  • Partner with detection and response to create new capabilities or respond to security events.
  • Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship.
Requirements
  • 7 years of experience in application security, software security, or product security.
  • Deep subject matter expertise in database security, application security, software security, or data security.
  • Deep knowledge database engines, database internals and applied cryptography.
  • Demonstrated ability to identify and fix security issues through manual code review, application penetration testing, or red teaming.
  • Scripting experience and ability to contribute code back to our environments.
  • Comfortable leading threat modeling and being a security ambassador to other engineering teams.
  • Communicate complex technical issues in a simple manner that builds trust with a variety of audiences.
  • A strong sense of ownership and delivery.
  • Can facilitate a conversation rather than dominate it.
  • Skilled at providing collaborative, actionable feedback, not just a list of flaws.
Nice to Haves
  • Knowledge of one or more core project languages (Golang, C++, Javascript, Python)
  • Working knowledge of one or more major cloud providers (AWS, GCP, or Azure)
  • Experience with large scale environments
Success in this role means
  • Taking ownership of one or more security programs such as appsec, cloud, or detect/response
  • Seeing projects through from conception to completion in order to deliver new services or capabilities for the team
  • Establishing yourself as a go-to person for discussing security topics
$231,000 USD