Staff Security Engineer, Developer Productivity

The worldwide data management software market is massive (According to IDC, the worldwide database software market, which it refers to as the database management systems software market, was forecasted to be approximately $82 billion in 2023 growing to approximately $137 billion in 2027. This represents a 14% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

The Developer Productivity Platforms team owns the tools, services, and infrastructure that enables our developer ecosystem, ensures optimal performance and scalability, as well as the security of our runtime environments, supply chain, services, and published artifacts. A big part of Devprod Platform’s mission is to ensure the security of our MongoDB software supply chain against threats and attacks as well as the compliance of our products. By securing the supply chain and strengthening the security posture of our internal development systems, we protect our customers and the integrity of our shipped products. We ensure that the MongoDB development ecosystem is secure by driving engineering efforts to design and implement controls, processes, and best practices to provide assurance to internal stakeholders and external customers that their data is protected.

What will this position do?

Collaborate with MongoDB Infosec and application security teams to create a threat matrix focused on SDLC processes, tooling and infrastructure to improve and evolve our security posture within our development ecosystem.Provide architectural guidance on best practices on, and implement security tooling, automation and technical controls across our developer pipelines, services and infrastructure that adhere to the central principles of least privilege, defense in depth, protecting integrity and access control.Drive SDLC compliance through engineering efforts and implementation/automation of processes, controls and tools.Work with engineering teams across MongoDB to ensure that we are building scalable and sustainable security solutions for our product development and release processesEngage in security investigations to respond to, and analyze emerging threats.Develop strategies to exercise and improve our SDLC security posture utilizing red team and pen test activities.Be a technical authority to help us stay aligned with MongoDB’s security initiatives and policies by driving mid to large scale projects with high visibility.Stay up to date on emerging trends in the software security industry to help us stay ahead of new threat vectors and compliance requirements.Work with Legal, Privacy and Internal Audit to ensure that we are operating within regulatory and compliance standards.

Requirements

8+ plus years of progressive experience with open source and commercial application security testing and analysis tools for attack surface management, dynamic security analysis (DAST), and static code analysis (SAST).Relevant software development experience, understanding how software is designed, built and can be broken is critical.Subject matter expert in all phases of the software development lifecycle supply chain.Domain expertise of software and security through various software development and security best practices.Demonstrated experience with threat modeling, risk analysis and control design.Advanced understanding of vulnerability exploitation chaining and vulnerability remediationExperience or understanding of languages such as C++, C, Rust, Go, Python, Java, or other related languages Experience with cloud native development pipelines and tooling such as Docker, Kubernetes, and other release/deployment toolingThe ability to work autonomously, being able to identify gaps and create solutions independently with minimal direction.Demonstrated ability to work collaboratively across domains with senior engineering leaders and stakeholders in other teams and departments.

What will make you stand out?

CISSP, CISA, and/or relevant cybersecurity certificationsDeep understanding of SLSA framework & CWE, MITRE, OWASP, CIS BenchmarksExperience running Red Team exercises and building remediation roadmapsSelf-education to continuously learn and invest in skills and knowledge relevant to the team and the positionKnowledge or experience with MongoDB products and services

Other things you might want to know

We’re a distributed team. Our Platforms team is located mostly in the EDT and PDT time zones, but we work with other teams all over the world.Our team is remote-first. We use tools like Slack and Zoom to work together. We try to get together on occasion, but our day-to-day is all remote. (If you live close to one of our offices, and would like to use it, that’s okay, too!)While our customers are internal, the work done in this space is still customer impacting, as the integrity of our systems and processes for our product depends on us.You’d have a chance to join our team at the early stages of modernizing and refining our engineering practices, tooling and infrastructure where you will have a tremendous impact to how we deliver our products.

Key Skills

• Cybersecurity