MongoDB is looking to strengthen its core database products by solving hard security engineering problems and putting a strong emphasis on customer experience.
Requirements
- 3 years of experience in application security, software security, or product security
- Demonstrated experience in C++ programming, performing security assessments on low-level codebases, and implementing remediation strategies for memory-related security flaws such as buffer overflows and memory leaks
- Scripting experience and ability to contribute code back to our environments
- Comfortable leading threat modeling and being a security ambassador to other engineering teams
- Subject matter expertise in database security, or data security
- Knowledge of database engines, database internals, or applied cryptography
- Experience contributing or partnering with security researchers to identify vulnerabilities that eventually are published CVEs or administrative responsibilities of a CNA
Responsibilities
- You will take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security
- Advocate for and lead complex security projects from inception through completion
- Drive architecture, patterns, and processes across Server Engineering that make security the easiest path
- Partner closely with engineering teams to design and implement security controls across our software and systems
- Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls
- Serve as a security subject matter expert for software security and architecture
- Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship
Other
- A strong sense of ownership and delivery
- Can facilitate a conversation rather than dominate it
- Skilled at providing collaborative, actionable feedback, not just a list of flaws
- Communicate complex technical issues in a simple manner that builds trust with a variety of audiences
- Must be based in New York City, NY for our hybrid working model
