Senior JavaScript Engineer (FedRamp, Security), Tools

The worldwide data management software market is massive (According to IDC, the worldwide database software market, which it refers to as the database management systems software market, was forecasted to be approximately $82 billion in 2023 growing to approximately $137 billion in 2027. This represents a 14% compound annual growth rate). At MongoDB we are transforming industries and empowering developers to build amazing apps that people use every day. We are the leading developer data platform and the first database provider to IPO in over 20 years. Join our team and be at the forefront of innovation and creativity.

Responsibilities

As a Senior JavaScript Engineer (FedRamp, Security) for the tools team, you will be instrumental in identifying the security requirements for the apps and services that the tools team develops and maintains, identifying potential vulnerabilities in various layers of our applications, and efficiently and effectively defining the work needed to address them consistently. You will collaborate with MongoDB corporate security and data governance teams, as well as Technical Services FedRamp stakeholders, and the CRM team, to identify the various requirements and priorities, and translate them to actionable work items for the tools team. You’d be responsible for maintaining a high standard of security for the tools team apps and services and establishing security by design approach and best practices for the team to follow. You’ll be responsible for coordinating and managing security and data compliance requirements for the team, as well as security incidents that concern the team. You will also establish and leverage security tooling, processes and workflows for the team. You will also contribute to our JavaScript codebase hands-on. 

Important Notice

Kindly be advised that this position is exclusively open to candidates residing within the United States Eastern or Central time zones, with the capacity to work remotely or with flexible arrangements from our NYC office. Please note that applicants from outside these specified US time zone locations or from outside the US will not be considered for this particular role. We encourage candidates who still need to meet these geographical criteria to explore other enriching opportunities available at MongoDB.

Candidate Profile

The qualified candidate for this role should possess the following qualifications:

• Excellent English communication skills, both verbal and written
• Ability to thrive in a fast-paced environment and adapt to changes seamlessly
• Demonstrable experience owning complex projects from inception to completion, with efficiency and organization
• Thrive in cross-functional environments and effectively collaborate with a wide range of stakeholders and teams
• Minimum 7 years of hands-on experience designing and developing security mechanisms for full-stack web apps and systems that leverage modern security methods and best practices
• Demonstrable expertise with Node js and an API framework (Express, Next.js, Fastify, etc)
• Excellent Knowledge of secure coding and development practices and good knowledge of common vulnerabilities and exploit techniques
• Good working knowledge of FedRamp, and supporting software development compliance for applications and systems developed for the US federal government.
• Experience with API security, container security, cloud policy, configuration, and security management tools
• Solid understanding of Secure SDLC (SSDLC), CI/CD, and cloud security
• Proficiency in SSO and cert-based authentication mechanisms
• Demonstrable experience applying security best practices such as principles of least privilege and defense-in-depth
• Direct and recent working experience supporting software development compliance with at least one of the following: HITRUST, SOC 2, ISO 27001

Nice to haves

• Any of the relevant certifications such as CISSP, CCSP, OSCP
• Experience with MongoDB database security best practices
• Experience with SalesForce security best practices
• Good hands-on experience with Splunk
• Good working knowledge of software development with Python

What makes you stand out

• Comprehensive technical expertise in a variety of DevSecOps toolkits, such as Ansible, Artifactory, Black Duck, Synk, Terraform, Sigstore toolchain, or comparable technologies
• Experience with SaC (security-as -code) 
• Experience with security for GenAI-enabled applications and services

Interview process

Upon successfully passing the preliminary screenings, candidates will be invited to participate in a live coding assessment, to determine the alignment of their technical proficiencies with the requirements of the role. 

It is imperative that candidates demonstrate a high level of technical expertise and experience in the live sessions; otherwise, they will be disqualified.

Success Measures

• In 3 months, you’ve gained a deep understanding of the tools team ecosystem, apps and services, build and deployment workflows, security constraints, as well as stakeholders and relevant teams. You’ve started developing a roadmap and corresponding Jira artifacts for the tools team security requirements and initiatives. You have also gained a good understanding of our API codebase, and have started contributing to it
• In 6 months, you have determined a feasible process and roadmap for addressing various security-related requirements for the tools team, and have gained alignment from the team. You have established good working relationships with the tools team engineers and leads as well as various stakeholders and teams that uphold corporate security and data governance. At this point, you are successfully leading security initiatives for the tools team. As well, you are contributing consistently to our API codebase with quality and high impact  
• In 12 months, you are successfully contributing to mentoring and growing other team members

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups to fertility assistance and a generous parental leave policy, we value our employees’ well-being and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.