MongoDB is hiring a
InfoSec Engineer I

Summary

Join MongoDB's dynamic team as a Security Engineer to help expand the company's Information Security Program, focusing on Corporate SaaS Security. This role will involve ensuring secure configuration and management of 3rd party Corporate SaaS applications used by MongoDB.

Requirements

• Minimum 3 years hands-on experience in cyber security
• Demonstrated success completing complex projects in previous roles
• Be familiar with different SaaS technologies like Salesforce, Google Workspace
• Experience utilizing SaaS management tools like CASB, SSPM is desired
• Demonstrated ability to create scripts and automated processes interfacing with REST APIs
• Be Fluent in variety of security technologies
• Demonstrated problem solving capabilities
• Strong ability to collaborate with technical and non-technical teams
• Experience with SIEM platforms like Splunk
• Some experience with application architecture reviews
• Some pentesting experience or awareness is preferred
• Willingness to work with different technical teams on finding elegant solutions to complex problems, managing them to resolution and release
• Have at least a basic understanding of different Information Security standards (e.g. SOC2, HIPAA, Fedramp)

Responsibilities

• Ensuring that 3rd party Corporate SaaS applications used by MongoDB are configured and managed securely
• Developing novel approaches and tools for SaaS security (like SOAR), utilizing industry best practices, and responding to security incidents
• Assessing new technologies and adapting to a modern, fast-paced organization
• Communicating security threats, assessments, and risks as well as making recommendations
• Collaborating with geographically distributed teams and multitasking are essential
• Educating Engineers and application owners on the importance of SaaS Security and associated risks
• Ability to quickly learn new systems and architectures
• Work Cross functionally with multiple teams on establishing new processes and improving existing ones
• Ability to create documentation when needed as well as defend and execute on findings
• Ability to create process that help address configuration drift