Senior Application Security Engineer
Who We Are
MongoDB’s Enterprise Security team owns the company’s Information Security program, helping reduce risk across our systems, workforce, and cloud products while building trust with our customers. We partner closely with internal teams and support external-facing services to ensure security is embedded into how we design, build, and operate software at scale.
We’re hiring a Senior Application Security Engineer to help secure internally developed applications and SaaS integrations across MongoDB. This role offers hands-on exposure to modern application architectures alongside the opportunity to shape and mature application security practices company-wide.
This role can be based in our New York City office or remotely within the United States.
What You’ll Do
As a Senior Application Security Engineer, you’ll play a critical role in advancing MongoDB’s Information Security program at a company disrupting an $80B market. You’ll help secure the applications and integrations that power our internal operations and cloud offerings, working closely with engineering, product, and infrastructure teams to embed security throughout the software development lifecycle.
You’ll assess the security of new and existing applications through secure code reviews, penetration testing, and architecture reviews, identifying risk across SaaS-to-SaaS and SaaS-to-internal integrations. You’ll support application asset inventory and vulnerability management efforts, develop automation to improve security testing and operational efficiency, and apply threat modeling to recommend mitigations aligned with business risk.
In addition, you’ll collaborate with teams to design secure, scalable solutions, clearly communicate findings to both technical and non-technical stakeholders, and help evolve application security standards, processes, and documentation; enabling MongoDB to move quickly while maintaining a strong security posture.
What We’re Looking For
We’re seeking a senior-level security engineer with strong technical depth, sound judgment, and the ability to influence secure design and development practices across the organization. You should be comfortable operating across the full SDLC, collaborating cross-functionally, and balancing hands-on execution with strategic thinking.
Required Qualifications
4+ years of hands-on experience in at least two of the following: application penetration testing, secure code review, or cloud security
1+ year of software development experience using languages such as Python, TypeScript, JavaScript, or Go
Solid understanding of application security and security engineering fundamentals, including system and network security, authentication and security protocols, and cryptography
Experience performing application architecture reviews and identifying design-level security risks
Hands-on experience with vulnerability management tools and processes, including remediation tracking
Ability to build scripts or automation to support security initiatives
Experience with threat modeling and presenting findings and recommendations to senior stakeholders
Familiarity with cloud platforms and SaaS technologies (e.g., AWS, GCP, Google Workspace)
Working knowledge of security standards and compliance frameworks such as SOC 2, HIPAA, or FedRAMP
Strong written and verbal communication skills, with the ability to tailor messaging for technical and non-technical audiences
Relevant security certifications (e.g., OSCP, OSCE, OSEP, OSWE, OSEE, CCSAS, CCT INF, CWES, CWEE, or equivalent SANS certifications)
What Success Looks Like
You’ll be successful in this role if you consistently demonstrate:
Collaboration: Partner effectively with engineers and stakeholders to secure applications and services
Execution & Prioritization: Manage multiple initiatives using a risk-based approach
Communication: Clearly articulate security risks, trade-offs, and recommendations
Curiosity & Learning: Stay current on emerging threats, tools, and techniques
Problem Solving: Develop practical, scalable solutions to complex security challenges
About MongoDB
MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform—the most widely available, globally distributed database on the market—helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.
With offices worldwide and nearly 60,000 customers—including 75% of the Fortune 100 and AI-native startups—relying on MongoDB for their most important applications, we’re powering the next era of software.
Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB.
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Req ID: 4263323551
About the job
Apply for this position
Senior Application Security Engineer
Who We Are
MongoDB’s Enterprise Security team owns the company’s Information Security program, helping reduce risk across our systems, workforce, and cloud products while building trust with our customers. We partner closely with internal teams and support external-facing services to ensure security is embedded into how we design, build, and operate software at scale.
We’re hiring a Senior Application Security Engineer to help secure internally developed applications and SaaS integrations across MongoDB. This role offers hands-on exposure to modern application architectures alongside the opportunity to shape and mature application security practices company-wide.
This role can be based in our New York City office or remotely within the United States.
What You’ll Do
As a Senior Application Security Engineer, you’ll play a critical role in advancing MongoDB’s Information Security program at a company disrupting an $80B market. You’ll help secure the applications and integrations that power our internal operations and cloud offerings, working closely with engineering, product, and infrastructure teams to embed security throughout the software development lifecycle.
You’ll assess the security of new and existing applications through secure code reviews, penetration testing, and architecture reviews, identifying risk across SaaS-to-SaaS and SaaS-to-internal integrations. You’ll support application asset inventory and vulnerability management efforts, develop automation to improve security testing and operational efficiency, and apply threat modeling to recommend mitigations aligned with business risk.
In addition, you’ll collaborate with teams to design secure, scalable solutions, clearly communicate findings to both technical and non-technical stakeholders, and help evolve application security standards, processes, and documentation; enabling MongoDB to move quickly while maintaining a strong security posture.
What We’re Looking For
We’re seeking a senior-level security engineer with strong technical depth, sound judgment, and the ability to influence secure design and development practices across the organization. You should be comfortable operating across the full SDLC, collaborating cross-functionally, and balancing hands-on execution with strategic thinking.
Required Qualifications
4+ years of hands-on experience in at least two of the following: application penetration testing, secure code review, or cloud security
1+ year of software development experience using languages such as Python, TypeScript, JavaScript, or Go
Solid understanding of application security and security engineering fundamentals, including system and network security, authentication and security protocols, and cryptography
Experience performing application architecture reviews and identifying design-level security risks
Hands-on experience with vulnerability management tools and processes, including remediation tracking
Ability to build scripts or automation to support security initiatives
Experience with threat modeling and presenting findings and recommendations to senior stakeholders
Familiarity with cloud platforms and SaaS technologies (e.g., AWS, GCP, Google Workspace)
Working knowledge of security standards and compliance frameworks such as SOC 2, HIPAA, or FedRAMP
Strong written and verbal communication skills, with the ability to tailor messaging for technical and non-technical audiences
Relevant security certifications (e.g., OSCP, OSCE, OSEP, OSWE, OSEE, CCSAS, CCT INF, CWES, CWEE, or equivalent SANS certifications)
What Success Looks Like
You’ll be successful in this role if you consistently demonstrate:
Collaboration: Partner effectively with engineers and stakeholders to secure applications and services
Execution & Prioritization: Manage multiple initiatives using a risk-based approach
Communication: Clearly articulate security risks, trade-offs, and recommendations
Curiosity & Learning: Stay current on emerging threats, tools, and techniques
Problem Solving: Develop practical, scalable solutions to complex security challenges
About MongoDB
MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform—the most widely available, globally distributed database on the market—helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.
With offices worldwide and nearly 60,000 customers—including 75% of the Fortune 100 and AI-native startups—relying on MongoDB for their most important applications, we’re powering the next era of software.
Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB.
To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!
MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.
MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
Req ID: 4263323551