Senior Software Engineer, Tools (MERN Stack, Security Focused)

Responsibilities

As a Senior Tools Software Engineer, you bring expertise in hands-on MERN stack software development with a focus on software security.

You will primarily contribute to our MERN stack codebase in the capacity of feature development and enhancement, bug fixes, and participating in code reviews and architecture design and decisions.

Additionally, you will be the SME on software security concepts and best practices on our team. This includes identifying potential vulnerabilities in various layers of our applications and efficiently and effectively defining the work needed to address them consistently.

You will directly collaborate with MongoDB corporate security and data governance teams, as well as Technical Services FedRamp stakeholders, and the CRM team, to identify the various requirements and security priorities, and translate them to actionable work items for the tools team.

You’d be responsible for maintaining a high standard of security for the tools team apps and services and establishing security by design approach and best practices for the team to follow.

You’ll be responsible for coordinating and managing security and data compliance requirements for the team.

Important Notice

Kindly be advised that this position is exclusively open to candidates residing within the United States Eastern or Central time zones, with the capacity to work remotely or with flexible arrangements from our NYC office.

Please note that applicants from outside these specified US time zone locations or from outside the US will not be considered for this particular role.

We encourage candidates who still need to meet these geographical criteria to explore other enriching opportunities available at MongoDB.

Candidate Profile

The qualified candidate for this role should possess the following qualifications :

• Minimum 7 years of hands-on experience designing and developing full-stack web apps and systems using the MERN stack that leverages modern security methods and best practices.
• Demonstrable expertise with Node js and an API framework (e.g. Express, Next.js, Fastify, etc)
• Excellent Knowledge of secure coding and development practices and good knowledge of remediating common vulnerabilities and exploit techniques.
• Experience with API security, container security, cloud policy, configuration, and security management tools.
• Solid understanding of Secure SDLC (SSDLC), CI / CD, and cloud security
• Proficiency in SSO and cert-based authentication mechanisms
• Demonstrable experience applying security best practices such as principles of least privilege and defense-in-depth
• Direct and recent working experience supporting software development compliance with at least one of the following : Fedramp, HITRUST, SOC 2, ISO 27001.
• Excellent English communication skills, both verbal and written.
• Ability to thrive in a fast-paced environment and adapt to changes seamlessly.
• Demonstrable experience owning complex projects from inception to completion, with efficiency and organization.
• Thrive in cross-functional environments and effectively collaborate with a wide range of stakeholders and teams.

Nice to haves

• Any of the relevant certifications such as CISSP, CCSP, OSCP
• Experience with MongoDB database security best practices
• Good working knowledge of FedRamp, and supporting software development compliance for applications and systems developed for the US federal government.
• Experience with SalesForce security best practices
• Good hands-on experience with Splunk
• Good working knowledge of software development with Python.

What makes you stand out

• Comprehensive technical expertise in a variety of DevSecOps toolkits and scanners, such as Ansible, Artifactory, Black Duck, Synk, Terraform, Sigstore toolchain, or comparable technologies.
• Experience with security for GenAI-enabled applications and services

Interview process

Upon successfully passing the preliminary screenings, candidates will be invited to participate in a live coding assessment, to determine the alignment of their technical proficiencies with the requirements of the role.

It is imperative that candidates demonstrate a high level of hands-on technical expertise and experience in the live sessions;

otherwise, they will be disqualified.

Success Measures

In 3 months, you’ve gained a deep understanding of the tools team ecosystem, apps and services, build and deployment workflows, security constraints, as well as stakeholders and relevant teams.

You have also gained a good understanding of our API codebase, and have started contributing to it. As well, you’ve started identifying and communicating software and process security improvement opportunities.

In 6 months, you have determined a feasible process and roadmap for addressing various security-related requirements for the tools team, and have gained alignment from the team.

You have established good working relationships with the tools team engineers and leads as well as various stakeholders and teams that uphold corporate security and data governance.

At this point, you are successfully leading security initiatives for the tools team. As well, you are contributing consistently to our API codebase with quality and high impact.

• In 12 months, you are successfully contributing to mentoring and growing other team members.
30+ days ago