Senior IAM & Security Engineer

We are looking for a highly skilled Senior IAM & Security Engineer who will help us design, implement, and manage identity, access, and endpoint security solutions at scale. In this role, you will collaborate with cross-functional teams to enhance our IAM and endpoint security posture, implement pragmatic solutions to hard security problems, and support key compliance initiatives such as FedRAMP High.

We are looking to speak to candidates who are based on the East Coast of the US for our hybrid working model.

• Lead the administration and enhancement of IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, ensuring secure, least-privilege, and scalable access models for both human and non-human identities (service accounts, workloads, automation and agentic AI systems) across our workforce and cloud environments
• Architect and implement SSO and authentication solutions (SAML, OIDC, OAuth2, MFA), including signals sharing and global token revocation, to strengthen user and workload verification and session security
• Design, implement, and continuously improve RBAC, access models, and identity governance workflows, ensuring strong access hygiene, clear separation of duties, and audit readiness
• Define and standardize patterns for non-human identity lifecycle and access (e.g., cloud workloads, automation tools, agentic AI systems), ensuring consistent, least‑privilege access across environments
• Automate complex identity lifecycle processes (provisioning, deprovisioning, access changes, and just‑in‑time access) using Terraform/OpenTofu, CloudFormation, Python, and Tines, reducing manual effort and error rates
• Secure multi-cloud environments (AWS, GCP, Azure) from an identity and access perspective, focusing on IAM policies, resource permissions, preventative controls, and alignment with our enterprise cloud strategy
• Define and enforce security controls for GitHub and CI/CD access, ensuring secure repository management, branch protection, and integration with centralized IAM policies
• Use Datadog and related observability / SIEM tooling to build, tune, and maintain security alerting and investigation capabilities for identity, access, and endpoint events, partnering closely with detection engineering and incident response teams
• Manage and improve our endpoint security posture and device trust controls, working closely with teams that operate MDM platforms to ensure signals are integrated into IAM and Zero Trust decisions
• Support FedRAMP High and other regulatory/compliance programs by implementing required IAM and endpoint controls, improving monitoring coverage, and providing evidence for audits and assessments
• Monitor, investigate, and respond to IAM and cloud security incidents; lead root cause analysis, drive remediation efforts, and contribute to continuous improvement of controls and processes
• Provide subject matter expertise to cross-functional teams (e.g., IT, Cloud Security, HRIS, and product teams) as they design and deploy services that rely on secure identity, access, and device trust foundations

• At least 5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles with increasing responsibility
• Demonstrated experience working in or supporting FedRAMP High or Moderate environments, or equivalent U.S. public-sector frameworks (e.g., FISMA, StateRAMP), including control implementation, continuous monitoring, and audit support (e.g., NIST 800‑53, Authority to Operate (ATO) and ATO‑ready processes, and Plan of Action and Milestones (POA&M))
• Subject matter expertise in securing workforce identity and access at scale in an enterprise environment using platforms such as Okta, AWS IAM, GCP IAM, and Azure AD
• Strong understanding of authentication and authorization in modern environments, including OAuth2, OIDC, SAML, MFA, and phishing-resistant authentication methods
• Deep experience designing and operating RBAC models, access patterns, and identity governance workflows, including identity lifecycle (provisioning, deprovisioning, access reviews, and just‑in‑time access)
• Experience securing non-human identities (e.g., service accounts, workloads, automation identities, and agentic AI systems), including lifecycle management, secret/key management, and least‑privilege access design
• Strong experience with infrastructure-as-code, such as Terraform/OpenTofu and CloudFormation, to deploy and manage IAM and security controls in AWS and at least one additional cloud provider (Azure or GCP)
• Experience using scripting languages such as Python and Bash and low‑code automation tools such as Tines to automate and integrate IAM, endpoint, and cloud security workflows
• Experience using Datadog (or similar observability / SIEM platforms) for security logging, alerting, and incident investigation around identity, access, and endpoint signals
• The ability to perform security and access reviews of architectures and products, identify gaps and weaknesses, and recommend pragmatic controls to address them
• Experience helping to craft and deliver security and IAM policies and standards that drive the organization’s security posture forward
• The ability to convey complex technical issues to a variety of audiences with different levels of technical expertise, and to partner with stakeholders across the business to deliver impactful solutions
• Comfort working in a geographically distributed team and providing constructive, actionable feedback as needed

• Experience designing and operating phishing-resistant authentication (e.g., WebAuthn, FIDO2, YubiKey) for workforce and privileged access
• Experience with identity governance and administration (IGA) platforms or complex access review and certification processes
• Experience with Zero Trust architectures, particularly integrating device posture, network controls (e.g., Cloudflare WARP, next‑gen VPN alternatives), and IAM policies
• Experience managing MDM platforms (Jamf, Workspace ONE, Kolide) and implementing device trust models that integrate with IAM and Zero Trust architectures
• Experience with security incident response focused on identity, access, and endpoint security events
• Familiarity with cloud security posture management (CSPM) tooling and patterns
• Cloud provider certifications, such as AWS Certified Security – Specialty, AWS Certified Solutions Architect, Google Professional Cloud Security Engineer, or Microsoft Azure Security Engineer Associate
• Okta certifications (e.g., Okta Certified Administrator/Consultant) and/or broad security certifications such as CISSP

• Be a US Citizen

MongoDB is built for change, empowering our customers and our people to innovate at the speed of the market. We have redefined the database for the AI era, enabling innovators to create, transform, and disrupt industries with software. MongoDB’s unified database platform, the most widely available, globally distributed database on the market, helps organizations modernize legacy workloads, embrace innovation, and unleash AI. Our cloud-native platform, MongoDB Atlas, is the only globally distributed, multi-cloud database and is available across AWS, Google Cloud, and Microsoft Azure.

With offices worldwide and over 60,000 customers, including 75% of the Fortune 100 and AI-native startups, relying on MongoDB for their most important applications, we’re powering the next era of software.

Our compass at MongoDB is our Leadership Commitment, guiding how and why we make decisions, show up for each other, and win. It’s what makes us MongoDB. 

To drive the personal growth and business impact of our employees, we’re committed to developing a supportive and enriching culture for everyone. From employee affinity groups, to fertility assistance and a generous parental leave policy, we value our employees’ wellbeing and want to support them along every step of their professional and personal journeys. Learn more about what it’s like to work at MongoDB, and help us make an impact on the world!

MongoDB is committed to providing any necessary accommodations for individuals with disabilities within our application and interview process. To request an accommodation due to a disability, please inform your recruiter.

MongoDB, Inc. provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type and makes all hiring decisions without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Req. ID: 1273371608