Lead Application Security Engineer

About MongoDB

MongoDB is built for change, empowering our customers and our people to innovate quickly in the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries through software. Our globally distributed database platform supports organizations in modernizing legacy workloads, embracing innovation, and leveraging AI. MongoDB Atlas, our cloud-native platform, is the only globally distributed, multi-cloud database available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and nearly 60,000 customers—including 75% of the Fortune 100 and AI-native startups—relying on MongoDB for their most critical applications, we are driving the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding our decisions, interactions, and victories. It is what defines MongoDB.

To foster personal growth and business impact for our employees, we are dedicated to creating a supportive and enriching culture for everyone. From employee affinity groups to generous parental leave policies, we prioritize our employees' well-being and support them throughout their professional and personal journeys.

MongoDB is committed to providing necessary accommodations for individuals with disabilities during our application and interview processes. If you require an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. ensures equal employment opportunities to all employees and applicants, prohibiting discrimination and harassment of any type. We make all hiring decisions based on skill, experience, and qualifications without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

About the Team

At MongoDB, our Enterprise Security team takes charge of the Information Security program, significantly reducing risks across our systems, workforce, and cloud products, while fostering trust with our customers. We collaborate with internal teams and support services that face customers, ensuring that security is an integral part of how we design, build, and operate software at scale.

We are excited to welcome a Lead Application Security Engineer to enhance the security of our internally developed applications and SaaS integrations. This role presents a fantastic opportunity to engage with modern application architectures and to advance application security practices across the entire company.

This position can be based in our New York City office or remotely within the United States.

What You'll Do

As a Lead Application Security Engineer, you will be pivotal in propelling MongoDB's Information Security program within a company that is transforming an $80B market. You will help to secure the applications and integrations that fuel our internal operations and cloud solutions, collaborating with engineering, product, and infrastructure teams to integrate security throughout the software development lifecycle.

Your responsibilities will include:

• Assessing the security of new and existing applications through secure code reviews, penetration testing, and architectural assessments, identifying risks across various integrations.
• Supporting application asset inventory and vulnerability management efforts, developing automation to enhance security testing and operational efficiency.
• Applying threat modeling techniques and recommending mitigations aligned with business risk.
• Collaborating with teams to design secure, scalable solutions and clearly communicating findings to both technical and non-technical stakeholders.
• Contributing to the evolution of our application security standards, processes, and documentation while enabling MongoDB to act quickly with a robust security posture.

What We're Looking For

We seek a senior-level security engineer with profound technical expertise, strong judgment, and the capability to influence secure design and development practices across the organization. You should be comfortable navigating the full SDLC, collaborating effectively across functions, and balancing hands-on work with strategic thinking.

Required Qualifications

• 4+ years of hands-on experience in at least two of the following areas: application penetration testing, secure code review, or cloud security.
• 1+ years of experience in software development using languages such as Python, TypeScript, JavaScript, or Go.
• Deep understanding of application security and security engineering fundamentals, including system and network security, authentication protocols, and cryptography.
• Experience conducting application architecture reviews and identifying design-level security risks.
• Practical experience with vulnerability management tools and processes, including remediation tracking.
• Skills to build scripts or automation to support security initiatives.
• Experience with threat modeling and the ability to present findings and recommendations to senior stakeholders.
• Familiarity with cloud platforms and SaaS technologies (e.g., AWS, GCP, Google Workspace).
• Knowledge of security standards and compliance frameworks such as SOC 2, HIPAA, or FedRAMP.
• Excellent written and verbal communication skills, able to tailor messages for both technical and non-technical audiences.
• Relevant security certifications (e.g., OSCP, OSCE, OSEP, OSWE, OSEE, CCSAS, CCT INF, CWES, CWEE, or equivalent SANS certifications).

What Success Looks Like

You will excel in this role if you consistently demonstrate:

• Collaboration: Partner effectively with engineers and stakeholders to secure applications and services.
• Execution & Prioritization: Manage multiple initiatives using a risk-based approach.
• Communication: Clearly explain security risks, trade-offs, and recommendations.
• Curiosity & Learning: Stay current on emerging threats, tools, and techniques.
• Problem Solving: Develop practical, scalable solutions to complex security challenges.

Compensation

MongoDB's base salary range for this role in the U.S. is: $118,000-$231,000 USD

Req ID: 4263323551