Key skills
Identity & Access ManagementSecurity EngineeringCloud SecurityOktaAWS IAMGCP IAMAzure ADRBACTerraform/OpenTofuPythonDatadogSAMLOIDCOAuth2MFABashTinesZero TrustCISSPFedRAMPAIAgenticAWSAzureGCPTerraformCloudFormationIAMMongoDBSSOGitHubRepositoryCloudflareCI/CD
About this role
MongoDB is a company that empowers customers and employees to innovate at the speed of the market. They are seeking a highly skilled Senior IAM & Security Engineer to design, implement, and manage identity, access, and endpoint security solutions at scale while collaborating with cross-functional teams to enhance their security posture and support compliance initiatives.
Responsibilities:
- Lead the administration and enhancement of IAM platforms, including Okta, AWS IAM, GCP IAM, and Azure AD, ensuring secure, least-privilege, and scalable access models for both human and non-human identities (service accounts, workloads, automation and agentic AI systems) across our workforce and cloud environments
- Architect and implement SSO and authentication solutions (SAML, OIDC, OAuth2, MFA), including signals sharing and global token revocation, to strengthen user and workload verification and session security
- Design, implement, and continuously improve RBAC, access models, and identity governance workflows, ensuring strong access hygiene, clear separation of duties, and audit readiness
- Define and standardize patterns for non-human identity lifecycle and access (e.g., cloud workloads, automation tools, agentic AI systems), ensuring consistent, least‑privilege access across environments
- Automate complex identity lifecycle processes (provisioning, deprovisioning, access changes, and just‑in‑time access) using Terraform/OpenTofu, CloudFormation, Python, and Tines, reducing manual effort and error rates
- Secure multi-cloud environments (AWS, GCP, Azure) from an identity and access perspective, focusing on IAM policies, resource permissions, preventative controls, and alignment with our enterprise cloud strategy
- Define and enforce security controls for GitHub and CI/CD access, ensuring secure repository management, branch protection, and integration with centralized IAM policies
- Use Datadog and related observability / SIEM tooling to build, tune, and maintain security alerting and investigation capabilities for identity, access, and endpoint events, partnering closely with detection engineering and incident response teams
- Manage and improve our endpoint security posture and device trust controls, working closely with teams that operate MDM platforms to ensure signals are integrated into IAM and Zero Trust decisions
- Support FedRAMP High and other regulatory/compliance programs by implementing required IAM and endpoint controls, improving monitoring coverage, and providing evidence for audits and assessments
- Monitor, investigate, and respond to IAM and cloud security incidents; lead root cause analysis, drive remediation efforts, and contribute to continuous improvement of controls and processes
- Provide subject matter expertise to cross-functional teams (e.g., IT, Cloud Security, HRIS, and product teams) as they design and deploy services that rely on secure identity, access, and device trust foundations
Requirements:
- At least 5 years of experience in Identity & Access Management, Security Engineering, or Cloud Security roles with increasing responsibility
- Demonstrated experience working in or supporting FedRAMP High or Moderate environments, or equivalent U.S. public-sector frameworks (e.g., FISMA, StateRAMP), including control implementation, continuous monitoring, and audit support (e.g., NIST 800‑53, Authority to Operate (ATO) and ATO‑ready processes, and Plan of Action and Milestones (POA&M))
- Subject matter expertise in securing workforce identity and access at scale in an enterprise environment using platforms such as Okta, AWS IAM, GCP IAM, and Azure AD
- Strong understanding of authentication and authorization in modern environments, including OAuth2, OIDC, SAML, MFA, and phishing-resistant authentication methods
- Deep experience designing and operating RBAC models, access patterns, and identity governance workflows, including identity lifecycle (provisioning, deprovisioning, access reviews, and just‑in‑time access)
- Experience securing non-human identities (e.g., service accounts, workloads, automation identities, and agentic AI systems), including lifecycle management, secret/key management, and least‑privilege access design
- Strong experience with infrastructure-as-code, such as Terraform/OpenTofu and CloudFormation, to deploy and manage IAM and security controls in AWS and at least one additional cloud provider (Azure or GCP)
- Experience using scripting languages such as Python and Bash and low‑code automation tools such as Tines to automate and integrate IAM, endpoint, and cloud security workflows
- Experience using Datadog (or similar observability / SIEM platforms) for security logging, alerting, and incident investigation around identity, access, and endpoint signals
- The ability to perform security and access reviews of architectures and products, identify gaps and weaknesses, and recommend pragmatic controls to address them
- Experience helping to craft and deliver security and IAM policies and standards that drive the organization's security posture forward
- The ability to convey complex technical issues to a variety of audiences with different levels of technical expertise, and to partner with stakeholders across the business to deliver impactful solutions
- Comfort working in a geographically distributed team and providing constructive, actionable feedback as needed
- Be a US Citizen
- Experience designing and operating phishing-resistant authentication (e.g., WebAuthn, FIDO2, YubiKey) for workforce and privileged access
- Experience with identity governance and administration (IGA) platforms or complex access review and certification processes
- Experience with Zero Trust architectures, particularly integrating device posture, network controls (e.g., Cloudflare WARP, next‑gen VPN alternatives), and IAM policies
- Experience managing MDM platforms (Jamf, Workspace ONE, Kolide) and implementing device trust models that integrate with IAM and Zero Trust architectures
- Experience with security incident response focused on identity, access, and endpoint security events
- Familiarity with cloud security posture management (CSPM) tooling and patterns
- Cloud provider certifications, such as AWS Certified Security – Specialty, AWS Certified Solutions Architect, Google Professional Cloud Security Engineer, or Microsoft Azure Security Engineer Associate
- Okta certifications (e.g., Okta Certified Administrator/Consultant) and/or broad security certifications such as CISSP