Senior Application Security Engineer

<h3>Who We Are</h3> <p>MongoDB’s Enterprise Security team owns the company’s Information Security program, helping reduce risk across our systems, workforce, and cloud products while building trust with our customers. We partner closely with internal teams and support external-facing services to ensure security is embedded into how we design, build, and operate software at scale.</p> <p>We’re hiring a Senior Application Security Engineer to help secure internally developed applications and SaaS integrations across MongoDB. This role offers hands-on exposure to modern application architectures alongside the opportunity to shape and mature application security practices company-wide.</p> <p>This role can be based in our New York City office or remotely within the United States.</p> <h3>What You’ll Do</h3> <p>As a Senior Application Security Engineer, you’ll play a critical role in advancing MongoDB’s Information Security program at a company disrupting an $80B market. You’ll help secure the applications and integrations that power our internal operations and cloud offerings, working closely with engineering, product, and infrastructure teams to embed security throughout the software development lifecycle.</p> <p>You’ll assess the security of new and existing applications through secure code reviews, penetration testing, and architecture reviews, identifying risk across SaaS-to-SaaS and SaaS-to-internal integrations. You’ll support application asset inventory and vulnerability management efforts, develop automation to improve security testing and operational efficiency, and apply threat modeling to recommend mitigations aligned with business risk.</p> <p>In addition, you’ll collaborate with teams to design secure, scalable solutions, clearly communicate findings to both technical and non-technical stakeholders, and help evolve application security standards, processes, and documentation; enabling MongoDB to move quickly while maintaining a strong security posture.</p> <h3>What We’re Looking For</h3> <p>We’re seeking a senior-level security engineer with strong technical depth, sound judgment, and the ability to influence secure design and development practices across the organization. You should be comfortable operating across the full SDLC, collaborating cross-functionally, and balancing hands-on execution with strategic thinking.</p> <h3>Required Qualifications</h3> <ul> <li>4+ years of hands-on experience in at least two of the following: application penetration testing, secure code review, or cloud security</li> <li>1+ year of software development experience using languages such as Python, TypeScript, JavaScript, or Go</li> <li>Solid understanding of application security and security engineering fundamentals, including system and network security, authentication and security protocols, and cryptography</li> <li>Experience performing application architecture reviews and identifying design-level security risks</li> <li>Hands-on experience with vulnerability management tools and processes, including remediation tracking</li> <li>Ability to build scripts or automation to support security initiatives</li> <li>Experience with threat modeling and presenting findings and recommendations to senior stakeholders</li> <li>Familiarity with cloud platforms and SaaS technologies (e.g., AWS, GCP, Google Workspace)</li> <li>Working knowledge of security standards and compliance frameworks such as SOC 2, HIPAA, or FedRAMP</li> <li>Strong written and verbal communication skills, with the ability to tailor messaging for technical and non-technical audiences</li> <li>Relevant security certifications (e.g., OSCP, OSCE, OSEP, OSWE, OSEE, CCSAS, CCT INF, CWES, CWEE, or equivalent SANS certifications)</li> </ul> <h3>What Success Looks Like</h3> <p>You’ll be successful in this role if you consistently demonstrate:</p> <ul> <li>Collaboration: Partner effectively with engineers and stakeholders to secure applications and services</li> <li>Execution Prio ... (truncated, view full listing at source)