Job Closed
This listing is no longer active.
MongoDB, originally called 10gen, is a software development company. Since 2007, MongoDB has created an open-source, document-oriented database to help clients
IAM Security Engineer 3
Location
United States
Posted
82 days ago
Salary
$101K - $198K / year
Seniority
Mid Level
Job Description
IAM Security Engineer 3
MongoDB
We are looking for an IAM & Security Engineer 3 to join our Enterprise Security (IAMSEC) team. In this role, you will help design, implement, and operate identity, access, and endpoint security solutions at scale. You’ll work closely with senior IAM engineers, Cloud Security, and IT teams to improve our IAM posture, automate routine operations, and support key compliance initiatives such as FedRAMP High. We are looking to speak to candidates who are based on the West Coast of the US for our hybrid working model. Responsibilities - Operate and enhance IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, helping to ensure secure, least-privilege, and scalable access models for employees and service accounts. - Need to be a US Citizen - Implement and support SSO integrations (SAML, OIDC, OAuth2) and MFA enforcement for internal and third-party applications. - Help maintain and improve RBAC models, groups, and policies, ensuring access is consistent with business needs and audit requirements. - Contribute to the identity lifecycle (provisioning, deprovisioning, access changes, and just-in-time access) using automation (Terraform/OpenTofu, Python, Tines) to reduce manual effort and errors. - Assist with hardening non-human identities (service accounts, workloads, automation identities, agentic AI systems), focusing on least-privilege and proper key/secret management. - Collaborate with senior engineers to support FedRAMP High and other regulatory/compliance programs by implementing and operating required IAM and endpoint controls, and helping prepare evidence for audits. - Integrate IAM and endpoint events into Datadog (or similar tools) to improve visibility, alerts, and investigations around authentication and access activity. - Partner with teams operating MDM platforms (Jamf, Workspace ONE, Kolide) to ensure device posture is reflected in IAM policies where applicable. - Create and maintain documentation and runbooks for IAM workflows, automations, and on-call procedures. - Participate in the IAMSEC team’s on-call rotation for production incidents impacting identity, access, or FedRAMP-scoped services, with guidance from senior team members. Requirements - 3–5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles. - Hands-on experience administering and securing Okta for workforce identity (groups, policies, app integrations, MFA). - Practical experience working with IAM in at least one major cloud provider (AWS IAM strongly preferred; GCP IAM or Azure AD a plus). - Good understanding of authentication and authorization standards, including OAuth2, OIDC, SAML, and modern MFA approaches. - Exposure to FedRAMP High or Moderate, or similar U.S. public-sector frameworks (e.g., FISMA, StateRAMP), and an interest in deepening expertise in NIST 800‑53, ATO processes, and POA&M management. - Experience implementing or supporting RBAC models, group/role structures, and access reviews in a mid-to-large enterprise. - Experience with scripting or programming (e.g., Python, Bash) to automate repetitive IAM or security tasks. - Familiarity with Infrastructure as Code (Terraform/OpenTofu, CloudFormation) and a willingness to grow into owning IAM-related IaC modules. - Experience with observability or SIEM tools such as Datadog (or similar) for working with logs, alerts, and dashboards. - Strong problem-solving skills, attention to detail, and the ability to follow and improve documented processes. - Comfortable collaborating in a remote, distributed team, communicating clearly in writing, and asking for help or clarification when needed. Nice to Have - Experience designing or operating phishing-resistant authentication (e.g., WebAuthn, FIDO2, YubiKey). - Experience with identity governance and administration (IGA) platforms or structured access review / certification processes. - Experience with Zero Trust concepts and integrating device posture into access policies. - Exposure to MDM platforms (Jamf, Workspace ONE, Kolide) and endpoint baselines. - Familiarity with Tines or other low-code automation tools for security workflows. - Industry certifications such as Okta Certified Administrator, AWS Associate/Professional, or security certifications like Security+; interest in pursuing more advanced certifications over time. Very Nice to Have - Experience with Data Security Posture Management (DSPM) platforms, including discovering and classifying sensitive data across cloud and SaaS environments, correlating data sensitivity with identity and access controls, identifying overly permissive access or misconfigurations, and driving remediation aligned to least-privilege and regulatory requirements (e.g., GDPR, HIPAA, FedRAMP). About MongoDBMongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure. With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software. Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world! MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter. MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. Req ID: 1273371609 MongoDB’s base salary range for this role is posted below. Compensation at the time of offer is unique to each candidate and based on a variety of factors such as skill set, experience, qualifications, and work location. Salary is one part of MongoDB’s total compensation and benefits package. Other benefits for eligible employees may include: equity, participation in the employee stock purchase program, flexible paid time off, 20 weeks fully-paid gender-neutral parental leave, fertility and adoption assistance, 401(k) plan, mental health counseling, access to transgender-inclusive health insurance coverage, and health benefits offerings. Please note, the base salary range listed below and the benefits in this paragraph are only applicable to U.S.-based candidates. MongoDB’s base salary range for this role in the U.S. is: $101,000—$198,000 USD
Benefits
- 401(K), Adoption Assistance, Childcare benefits, Commuter benefits, Company equity, Company-sponsored outings, Customized development tracks, Dental insurance, Disability insurance, Volunteer in local community, Employee stock purchase plan, Fitness stipend, Flexible Spending Account (FSA), Flexible work schedule, Generous parental leave, Generous PTO, Company-sponsored happy hours, Health insurance, Job training & conferences, Open door policy, Life insurance, Mentorship program, Open office floor plan, Paid holidays, Pair programming, Paid sick days, Onsite office parking, Partners with nonprofits, Performance bonus, Pet insurance, Promote from within, Recreational clubs, Lunch and learns, Relocation assistance, Remote work program, Return-to-work program post parental leave, Sabbatical, Free snacks and drinks, Team based strategic planning, OKR operational model, Vision insurance, Wellness programs, Some meals provided, Mental health benefits, Home-office stipend for remote employees, Fertility benefits, Employee resource groups, Employee-led culture committees, Hybrid work model, President's club, Employee awards, Transgender health care benefits, Abortion travel benefits, Meditation space, Mother's room, Flexible time off, Bereavement leave benefits
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Design and operate enterprise security controls as software products • Write and maintain high-quality production code • Collaborate with product managers and engineering teams
Staff / Principal Product Engineer, Security
RADARA platform combining radio-frequency identification (RFID) with computer vision, RADAR automates and augments retail processes. Founded in 2013, RADAR's technol
Role Description We're looking for Application Security Engineers to extend the security of the Radar application. Our daily traffic is 1 Billion API calls / day (15,000 requests / second) so you will be operating at scale. Some of the most sophisticated fraudsters in the world target our Protect product, which is where you come in. The application surface area is multi-stack, covering: - Mobile SDKs - Web SDKs - Web dashboard - Server APIs - Radar Verify desktop apps for Mac and Windows This role can either be in our NYC HQ or remote in the US. Qualifications - Think of yourself as a generalist engineer first, not tied to any particular stack - Have secured applications across mobile, web, desktop and server for high value applications like financial services, gaming, marketplaces, or similar industries - Are interested in talking to customers or prospects and making them successful Requirements - Work on core Application Security of Radar Protect across mobile SDKs, web SDKs, server APIs and desktop apps for Mac and Windows - Have your work secure 1 Billion API calls / day - Talk to Radar customers and prospects, hear their feedback, incorporate it into your work and make them successful Benefits - Competitive salary - Meaningful stock options in a fast-growing company - 401(k) plan with 4% match - New HQ in Flatiron, NYC - Top-notch equipment - Catered lunches - Unlimited PTO - Health, dental, and vision insurance with 100% coverage for employees - 12 weeks of paid parental leave - Commuter and fitness benefits Company Description Radar is the global leader in geolocation, with geofencing SDKs, maps APIs, and AI-enabled solutions for marketing, fraud, and operations teams. - We're trusted by some of the world's best companies, from high-growth startups to the Fortune 500. - We have incredible scale: We're processing over 1 billion API calls per day from hundreds of millions of devices. - We're well-resourced, and we've raised $85.5M from world-class investors, including Accel and Insight Partners. - We have a high-performance culture, with ambitious and entrepreneurial teammates in every role. - We recently moved into an amazing new office in Flatiron, Manhattan, NYC. - We were recently named a top 10 best place to work in NYC by Crain's. - Despite our growth and scale, we're still just getting started.
• Support design, deployment, and operations of enterprise security platforms including: SIEM (Security Information and Event Management) • Build and maintain vulnerability management programs including scanning, remediation tracking, and reporting. • Deploy and manage Linux-based security sensors and endpoint monitoring tools. • Integrate and automate security tools using scripting and orchestration (Python, Bash, etc.). • Assist in enterprise security architecture design aligned with business and compliance requirements. • Implement security controls and validate their effectiveness across systems and applications. • Support incident detection, log analysis, monitoring, and response activities. • Develop technical documentation, SOPs, and implementation guides. • Contribute to threat mitigation strategies and continuous security improvements.
Cybersecurity Engineer
ASRC FederalASRC Federal, a wholly owned subsidiary of Alaska’s largest Alaskan-owned and operated company, the Arctic Slope Regional Corporation (ASRC), is a leading pro
Title: Cybersecurity Engineer - Identity & Access (Okta) Location: Quantico United States Job Description: ASRC Federal is actively hiring a Cybersecurity Engineer - Identity & Access (Okta Engineer) in support of our Defense Counterintelligence Security Agency (DCSA) program based out of Quantico VA. This is primarily a Telework position with a requirement to be onsite at least two (2) days a week or as needed at Quantico Marine Corps Base VA. Position Description: We are seeking a highly skilled and motivated Okta Engineer to join our dynamic cybersecurity team. The ideal candidate will be responsible for the design, implementation, and management of our Okta Identity and Access Management (IAM) solutions, ensuring the confidentiality, integrity, and availability of our organization's data and systems. This role will focus on leveraging the full Okta suite, including Single Sign-On (SSO), Multi-Factor Authentication (MFA), Universal Directory, and Lifecycle Management, to enforce our Zero Trust security model and protect our hybrid workforce. Minimum Requirements: Minimum of 2 years of hands-on experience with the Okta platform in an enterprise environment. Solid understanding of cybersecurity principles, Zero Trust architecture, and Identity and Access Management (IAM) concepts. Active Secret Clearance REQUIRED, eligible to be upgraded to TS/SCI. Must meet 8570 certification requirements at the time of hire. IAT Level II (e.g., Security+ CE, CCNA Security, CySA+, GICSP, GSEC, SCCP or higher tiered 8570 certification. Bachelor's Degree, in Cybersecurity, Information Systems Management or a related field or an equivalent combination of military service and/or at least five (5) years of significant, relevant work experience. Okta certifications are highly desired, such as: Okta Certified Professional Okta Certified Administrator Okta Certified Consultant Responsibilities: Maintenance and Administration: Maintain the Okta Identity and Access Management platform to align with business needs and security policies. Policy and Configuration Management: Develop, implement, and enforce security policies for authentication, authorization, Multi-Factor Authentication (MFA), and application access. Platform Operations and Maintenance: Provide ongoing operational support, including monitoring tenant health, performance tuning, and managing Okta agents and integrations. Troubleshooting and Support: Act as a subject matter expert for Okta, providing technical support and troubleshooting for single sign-on (SSO), authentication, and user lifecycle issues. Collaboration and Integration: Collaborate with network, security, and application teams to ensure seamless integration of Okta with other security tools, applications (SaaS and on-prem), and identity providers such as Azure AD and SIEM platforms. Documentation and Training: Create and maintain comprehensive documentation for Okta architecture, configurations, and processes. Provide training and mentorship to other team members on Okta best practices. Stay Current: Stay up-to-date with the latest Okta features, security trends, and industry best practices to continuously improve our security posture. Work Environment and Physical Demands: This is primarily a Telework position with a requirement to be onsite up to two (2) days a week. If alternate worksite is other than DCSA facilities or corporate office space, must have the reliable ability to communicate over voice (cell phone preferred) and stable, capable internet connection. Must be able to communicate complex technical ideas to a diverse customer base both verbally and in written form.


