Senior Application Security Engineer

MongoDB•Tampa, FL

9h•Remote

About The Position

MongoDB’s Enterprise Security team owns the company’s Information Security program, helping reduce risk across our systems, workforce, and cloud products while building trust with our customers. We partner closely with internal teams and support external-facing services to ensure security is embedded into how we design, build, and operate software at scale. We’re hiring a Senior Application Security Engineer to help secure internally developed applications and SaaS integrations across MongoDB. This role offers hands-on exposure to modern application architectures alongside the opportunity to shape and mature application security practices company-wide. This role can be based in our New York City office or remotely within the United States. As a Senior Application Security Engineer, you’ll play a critical role in advancing MongoDB’s Information Security program at a company disrupting an $80B market. You’ll help secure the applications and integrations that power our internal operations and cloud offerings, working closely with engineering, product, and infrastructure teams to embed security throughout the software development lifecycle. You’ll assess the security of new and existing applications through secure code reviews, penetration testing, and architecture reviews, identifying risk across SaaS-to-SaaS and SaaS-to-internal integrations. You’ll support application asset inventory and vulnerability management efforts, develop automation to improve security testing and operational efficiency, and apply threat modeling to recommend mitigations aligned with business risk. In addition, you’ll collaborate with teams to design secure, scalable solutions, clearly communicate findings to both technical and non-technical stakeholders, and help evolve application security standards, processes, and documentation; enabling MongoDB to move quickly while maintaining a strong security posture. We’re seeking a senior-level security engineer with strong technical depth, sound judgment, and the ability to influence secure design and development practices across the organization. You should be comfortable operating across the full SDLC, collaborating cross-functionally, and balancing hands-on execution with strategic thinking.

Requirements

4+ years of hands-on experience in at least two of the following: application penetration testing, secure code review, or cloud security
1+ year of software development experience using languages such as Python, TypeScript, JavaScript, or Go
Solid understanding of application security and security engineering fundamentals, including system and network security, authentication and security protocols, and cryptography
Experience performing application architecture reviews and identifying design-level security risks
Hands-on experience with vulnerability management tools and processes, including remediation tracking
Ability to build scripts or automation to support security initiatives
Experience with threat modeling and presenting findings and recommendations to senior stakeholders
Familiarity with cloud platforms and SaaS technologies (e.g., AWS, GCP, Google Workspace)
Working knowledge of security standards and compliance frameworks such as SOC 2, HIPAA, or FedRAMP
Strong written and verbal communication skills, with the ability to tailor messaging for technical and non-technical audiences
Relevant security certifications (e.g., OSCP, OSCE, OSEP, OSWE, OSEE, CCSAS, CCT INF, CWES, CWEE, or equivalent SANS certifications)

Responsibilities

Assess the security of new and existing applications through secure code reviews, penetration testing, and architecture reviews, identifying risk across SaaS-to-SaaS and SaaS-to-internal integrations.
Support application asset inventory and vulnerability management efforts
Develop automation to improve security testing and operational efficiency
Apply threat modeling to recommend mitigations aligned with business risk.
Collaborate with teams to design secure, scalable solutions
Clearly communicate findings to both technical and non-technical stakeholders
Help evolve application security standards, processes, and documentation; enabling MongoDB to move quickly while maintaining a strong security posture.