The MongoDB Information Security team is seeking an experienced and motivated Detection and Response Security Engineer to join the team. The ideal candidate will have a strong background in security, including but not limited to, experience in corporate environments, incident response, systems, applications, and a specialized focus on cloud environments.
This is an exciting opportunity to be a key member of our Information Security Engineer team. You will be responsible for solving technical and administrative problems, reducing risk, and building trust. You will also be responsible for developing and implementing security solutions, tooling, alerting, and workflow automations. The team aims to seek challenges, engineer creative solutions, and establish trust.
The right candidate for this role will have:
- A strong background in detection and response and incident response disciplines, 4+ years of experience
- Experience with scripting or programming; detection/incident tooling or workflow optimization
- Proven security experience working within cloud platforms, particularly AWS
- Experience working & maintaining with SIEM; developing queries & alerts
- Experience performing investigations, analysis and communicating the events or incidents to proper stakeholders clearly
- Experience deploying tooling to advance investigation tactics and incident response across different environments ie; corporate environments and cloud environments.
- A strong understanding of Linux & Mac systems
- An understanding of various threats and how to investigate, detect and prevent them
- Love to learn; you like to learn about security and tinkering
- Utilizing this knowledge in detection, or creatively using it in a response effort
- Experience interfacing with technical and non-technical
- Leveraging code for tooling, automation workflows, and enriching detections and analysis
- Assist with Incident Response and Investigation across different environments and platforms
- Utilizing analysis frameworks (ie; MITRE) to better understand gaps, and working towards closing those gaps.
- Maintain, improve, and configure Detection and Response tooling
- Develop well written documentation and playbooks
- Work cross functionally with multiple teams deploying tooling, establishing new processes, or improving existing processes.
- Ability to quickly learn new Information Security concepts and adapt to a modern, fast-paced organization
- Participate in weekly on-call rotations
The Information Security Engineer will be successful in this role when they can execute the following strategic tasks:
- You will have familiarized yourself with much of Detection and Response tooling. You will have the opportunity to have identify any gaps and make improvements, leading to an understanding of the Security Engineering departments process
- You will have familiarized yourself with much of the data and tooling the entire Security Engineering team uses. You would have fully scoped and executed a medium to small project by now, that has positively impacted the company security posture
- Fully understand our incident, investigation process and development of tooling, as well as workflow automation. You should be considered a subject matter expert in the realm of incident response and investigations for Cloud Platform based investigations or incidents