Senior Product Security Engineer, Server

Want to secure the future of data management and AI/ML? At MongoDB we are transforming industries and empowering developers to build amazing AI/ML-powered apps that people and enterprises use every day. We are the leading modern data platform and the first database provider to IPO in over 20 years. Overall, the worldwide data management software market is massive (IDC forecasts it to be $138 billion by 2026!). Join our team and be at the forefront of innovation and creativity. Who You Are With a strong security engineering background, you’re looking for a role that gives you the freedom to increase MongoDB’s resonance with customers by strengthening our core database products. You’re passionate about solving hard security engineering problems while putting a strong emphasis on customer experience, leveraging your own significant experience. You enjoy collaborating with different teams to innovate and implement pragmatic solutions. Who We Are The MongoDB Product Security organization is a diverse collection of individuals working together to scale MongoDB’s security, both security of the products themselves and the security features we offer to customers. The team is responsible for the MongoDB Database Server ( Community and Enterprise editions). The MongoDB Product Security organization works with software engineers to design, implement, and operate systems in a manner that protects customer data. It is a multidisciplinary team that covers product, software, cloud, infrastructure, and operational security concerns. The team does the following: Build a developer driven security program where there is tight integration with engineering artifacts, process, and tooling Use software architecture and coding patterns to reduce the impact of security issues Be security subject matter experts for our tech stack and products Responsibilities You will take ownership, define strategy, and drive improvement for parts of our program such as fuzzing, threat modeling, secrets management, or container security Advocate for and lead complex security projects from inception through completion Drive architecture, patterns, and processes across Server Engineering that make security the easiest path Partner closely with engineering teams to design and implement security controls across our software and systems Research and POC new attacks against our systems. Plan and perform product security assessments including architecture review threat modeling, code review, pen testing and general security consulting to proactively build security controls Serve as a security subject matter expert for software security and architecture Educate the engineering org on security through CTFs, lunch-and-learns, and one-on-one mentorship Requirements 7+ years of experience in application security, software security, or product security Proven experience in C++ programming, performing security assessments on low-level codebases, and implementing remediation strategies for memory-related security flaws such as buffer overflows and memory leaks Programming experience and ability to contribute code back to our environments A strong track record of partnering with software engineers: leading threat models, performing security design reviews, and developing an understanding of their product space to form pragmatic security recommendations and influence their prioritization Comfortable communicating complex technical issues in a simple manner that builds trust with a variety of audiences Demonstrated ownership of security initiatives, with the ability to deliver results autonomously or collaboratively Can work flexible hours occasionally to collaborate with US-based colleagues Don’t feel that you meet all of the requirements? We encourage you to apply anyway because studies have shown that some strong candidates may self-select out of the interview process prematurely. We have a diverse, inclusive, equitable, and high-performing environment at ... (truncated, view full listing at source)