- 7+ years of hands-on experience designing and developing security mechanisms for full-stack web apps and systems that leverage modern security methods and best practices.
- Demonstrable expertise with Node js and an API framework (Express, , Fastify, etc)
- Excellent Knowledge of secure coding and development practices and good knowledge of remediating common vulnerabilities and exploit techniques.
- Good working knowledge of FedRamp, and supporting software development compliance for applications and systems developed for the US federal government.
- Experience with API security, container security, cloud policy, configuration, and security management tools.
- Solid understanding of Secure SDLC (SSDLC), CI/CD, and cloud security
- Proficiency in SSO and cert-based authentication mechanisms
- Demonstrable experience applying security best practices such as principles of least privilege and defense-in-depth
- Direct and recent working experience supporting software development compliance with at least one of the following: HITRUST, SOC 2, ISO 27001.
- Excellent English communication skills, both verbal and written.
- Ability to thrive in a fast-paced environment and adapt to changes seamlessly.
- Demonstrable experience owning complex projects from inception to completion, with efficiency and organization.
- Thrive in cross-functional environments and effectively collaborate with a wide range of stakeholders and teams.
- Any of the relevant certifications such as CISSP, CCSP, OSCP
- Experience with MongoDB database security best practices
- Experience with SalesForce security best practices
- Good hands-on experience with Splunk
- Good working knowledge of software development with Python.
- Comprehensive technical expertise in a variety of DevSecOps toolkits and scanners, such as Ansible, Artifactory, Black Duck, Synk, Terraform, Sigstore toolchain, or comparable technologies.
- Experience with security for GenAI-enabled applications and services
- In 3 months, you've gained a deep understanding of the tools team ecosystem, apps and services, build and deployment workflows, security constraints, as well as stakeholders and relevant teams. You've started developing a roadmap and corresponding Jira artifacts for the tools team security requirements and initiatives. You have also gained a good understanding of our API codebase, and have started contributing to it.
- In 6 months, you have determined a feasible process and roadmap for addressing various security-related requirements for the tools team, and have gained alignment from the team. You have established good working relationships with the tools team engineers and leads as well as various stakeholders and teams that uphold corporate security and data governance. At this point, you are successfully leading security initiatives for the tools team. As well, you are contributing consistently to our API codebase with quality and high impact.
- In 12 months, you are successfully contributing to mentoring and growing other team members.
Senior JavaScript Engineer, Security Tools - New York, United States - MongoDB
Description
Responsibilities
As a Senior JavaScript Engineer focusing on security for the tools team, you will be instrumental in identifying the security requirements for the apps and services that the tools team develops and maintains, identifying potential vulnerabilities in various layers of our applications, and efficiently and effectively defining the work needed to address them consistently. You will directly collaborate with MongoDB corporate security and data governance teams, as well as Technical Services FedRamp stakeholders, and the CRM team, to identify the various requirements and security priorities, and translate them to actionable work items for the tools team. You'd be responsible for maintaining a high standard of security for the tools team apps and services and establishing security by design approach and best practices for the team to follow. You'll be responsible for coordinating and managing security and data compliance requirements for the team. You will also contribute to our JavaScript codebase hands-on to improve the security of our code and applications, as well as develop and enhance features.
Important Notice
Kindly be advised that this position is exclusively open to candidates residing within the United States Eastern or Central time zones, with the capacity to work remotely or with flexible arrangements from our NYC office. Please note that applicants from outside these specified US time zone locations or from outside the US will not be considered for this particular role. We encourage candidates who still need to meet these geographical criteria to explore other enriching opportunities available at MongoDB.
Candidate Profile
The qualified candidate for this role should possess the following qualifications:
Nice to haves
What makes you stand out
Interview process
Upon successfully passing the preliminary screenings, candidates will be invited to participate in a live coding assessment, to determine the alignment of their technical proficiencies with the requirements of the role.
It is imperative that candidates demonstrate a high level of technical expertise and experience in the live sessions; otherwise, they will be disqualified.
Success Measures