IAM & Security Engineer 3

About MongoDB

MongoDB is built for change, empowering customers and employees to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB's unified, globally distributed database platform helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, MongoDB is powering the next era of software. Our compass is our Leadership Commitment, guiding our decisions, interactions, and success. We are committed to developing a supportive and enriching culture for everyone, offering benefits that support employee well-being and professional growth.

The Role

We are looking for an IAM & Security Engineer 3 to join our Enterprise Security (IAMSEC) team. In this role, you will help design, implement, and operate identity, access, and endpoint security solutions at scale. You’ll work closely with senior IAM engineers, Cloud Security, and IT teams to improve our IAM posture, automate routine operations, and support key compliance initiatives such as FedRAMP High.

Candidates based on the East Coast of the US are preferred for our hybrid working model.

Responsibilities

• Operate and enhance IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, ensuring secure, least-privilege, and scalable access models for employees and service accounts.
• Implement and support Single Sign-On (SSO) integrations (SAML, OIDC, OAuth2) and Multi-Factor Authentication (MFA) enforcement for internal and third-party applications.
• Maintain and improve Role-Based Access Control (RBAC) models, groups, and policies, ensuring access aligns with business needs and audit requirements.
• Contribute to the identity lifecycle management (provisioning, deprovisioning, access changes, just-in-time access) using automation tools like Terraform/OpenTofu, Python, and Tines to minimize manual effort and errors.
• Assist with hardening non-human identities (service accounts, workloads, automation identities, agentic AI systems), focusing on least-privilege and proper key/secret management.
• Collaborate with senior engineers to support FedRAMP High and other regulatory/compliance programs by implementing and operating required IAM and endpoint controls, and assisting with audit evidence preparation.
• Integrate IAM and endpoint events into observability tools like Datadog (or similar) to enhance visibility, alerting, and investigations related to authentication and access activity.
• Partner with teams managing Mobile Device Management (MDM) platforms (Jamf, Workspace ONE, Kolide) to ensure device posture is reflected in IAM policies where applicable.
• Create and maintain comprehensive documentation and runbooks for IAM workflows, automations, and on-call procedures.
• Participate in the IAMSEC team’s on-call rotation for production incidents impacting identity, access, or FedRAMP-scoped services, with guidance from senior team members.

Requirements

• 3-5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles.
• Hands-on experience administering and securing Okta for workforce identity (groups, policies, app integrations, MFA).
• Practical experience working with IAM in at least one major cloud provider (AWS IAM strongly preferred; GCP IAM or Azure AD a plus).
• Good understanding of authentication and authorization standards, including OAuth2, OIDC, SAML, and modern MFA approaches.
• Exposure to FedRAMP High or Moderate, or similar U.S. public-sector frameworks (e.g., FISMA, StateRAMP), and an interest in deepening expertise in NIST 800-53, ATO processes, and POA&M management.
• Experience implementing or supporting RBAC models, group/role structures, and access reviews in a mid-to-large enterprise.
• Experience with scripting or programming (e.g., Python, Bash) to automate repetitive IAM or security tasks.
• Familiarity with Infrastructure as Code (Terraform/OpenTofu, CloudFormation) and a willingness to grow into owning IAM-related IaC modules.
• Experience with observability or SIEM tools such as Datadog (or similar) for working with logs, alerts, and dashboards.
• Strong problem-solving skills, attention to detail, and the ability to follow and improve documented processes.
• Comfortable collaborating in a remote, distributed team, communicating clearly in writing, and asking for help or clarification when needed.
• Must be a US Citizen.

Nice to Have

• Experience designing or operating phishing-resistant authentication (e.g., WebAuthn, FIDO2, YubiKey).
• Experience with Identity Governance and Administration (IGA) platforms or structured access review/certification processes.
• Experience with Zero Trust concepts and integrating device posture into access policies.
• Exposure to MDM platforms (Jamf, Workspace ONE, Kolide) and endpoint baselines.
• Familiarity with Tines or other low-code automation tools for security workflows.
• Industry certifications such as Okta Certified Administrator, AWS Associate/Professional, or security certifications like Security+; interest in pursuing more advanced certifications over time.

Very Nice to Have

• Experience with Data Security Posture Management (DSPM) platforms, including discovering and classifying sensitive data across cloud and SaaS environments, correlating data sensitivity with identity and access controls, identifying overly permissive access or misconfigurations, and driving remediation aligned to least-privilege and regulatory requirements (e.g., GDPR, HIPAA, FedRAMP).

Benefits & Perks

MongoDB is committed to fostering personal growth and business impact through a supportive and enriching culture. Benefits include employee affinity groups, fertility assistance, generous parental leave, 401(k) plan, mental health counseling, transgender-inclusive health insurance, and more. Specific benefits for U.S.-based candidates include:

• Base Salary Range (U.S.): $106,000 - $209,000 USD
• Total Compensation: Includes base salary, potential equity, participation in the employee stock purchase program, flexible paid time off, 20 weeks fully-paid gender-neutral parental leave, fertility and adoption assistance, 401(k) plan, mental health counseling, and comprehensive health benefits.

MongoDB is committed to providing necessary accommodations for individuals with disabilities during the application and interview process. To request an accommodation, please inform your recruiter.

MongDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type. Hiring decisions are made without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.