Staff Product Security Engineer, Cloud Security

About The Position

Requirements

• ~10+ years of experience in application, product, and/or cloud security for large-scale, customer-facing systems
• Deep hands-on expertise with cloud security architecture across AWS, GCP, and Azure, with experience across: VPC/networking (segmentation, egress controls, private connectivity) IAM (roles, policies, workload identity, cross-account access) Keys and secrets (KMS, HSMs, secret management systems) Container/orchestration security (e.g., Kubernetes, ECS, serverless) Multi-tenant control planes and blast-radius reduction patterns
• Strong track record leading complex security programs from definition through rollout and measurable impact
• Ability to read and reason about code in languages like Go and Java or similar, and familiarity with IaC (e.g., Terraform/CloudFormation), CI/CD, and security automation tooling
• Experience assessing and securing modern AI and ML-powered features in cloud environments, including data protection, model and prompt abuse, and responsible use of third-party AI services
• Excellent written and verbal communication skills; you can explain complex risks and trade-offs to technical and non-technical audiences and influence without direct authority

Nice To Haves

• Prior experience as a security lead for a multi-tenant SaaS or cloud platform, particularly in data, database, or infrastructure-as-a-service domains
• Direct experience with Atlas-like environments: control planes managing resources across multiple cloud providers, with strong isolation and blast-radius containment requirements
• Experience driving improvements in CSPM, vulnerability management, and IaC scanning signal quality and developer adoption at scale
• Public contributions to the security community (talks, tools, standards, or publications) in cloud, product, or application security
• Experience mentoring other senior/staff engineers, or serving as a bar-raiser in interviews for product/cloud security roles

Responsibilities

• Own and lead Atlas cloud security initiatives such as control plane hardening, cloud security baselines, IAM and customer account protection, and data-plane protections for multi-tenant environments
• Translate risk and product roadmap goals into measurable workstreams, defining problem statements, requirements, success metrics, and delivery plans that align with Atlas engineering and SRE priorities
• Design and review large-scale cloud architectures, including networking, identity, secrets management, and service-to-service access, and define secure reference architectures that can be reused across Atlas teams
• Embed security into platforms and guardrails by partnering with security engineering and platform teams to implement policies and automation that make secure-by-default behavior the easiest path for developers
• Leverage CSPM, infrastructure vulnerability data, and IaC scanning to drive concrete, prioritized hardening work in Atlas environments, with clear coverage and posture metrics
• Lead assessments for Atlas features and platform changes, including design reviews, threat modeling, code review, and targeted testing, with a focus on pragmatic, partner-friendly guidance
• Partner with detection & response, SRE, and other security teams to provide product and cloud context during incidents, threat hunts, and cloud posture investigations
• Mentor and level up others, contributing to documentation, internal talks, and training that improve Atlas and cloud security practices across MongoDB
• Serve as a visible security leader and trusted partner for Atlas engineering and SRE leadership on cloud security trade-offs and roadmap decisions

Benefits

• equity
• participation in the employee stock purchase program
• flexible paid time off
• 20 weeks fully-paid gender-neutral parental leave
• fertility and adoption assistance
• 401(k) plan
• mental health counseling
• access to transgender-inclusive health insurance coverage
• health benefits offerings