Senior Application Security Engineer
IT, InfoSec, Cyber Risk & Business Operations | Remote

Our agreement with employees
DocuSign is committed to building trust and making the world more agree-able for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.

The Team
Our IT, InfoSec, Cyber Risk & Business Ops team is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers.  We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business

This position
We are looking for a Senior Application Security Engineer with a strong background in design, build, and use infrastructure securely at scale. DocuSign's Application Security team is seeking a passionate Security Engineer whose goal would be to reveal potential weaknesses and find creative solutions to eliminate those issues. Your focus will be on scaling and automating the application security processes and be the foundation of security initiatives that protect the security and privacy of our users. You will provide our engineering and product teams with the security expertise necessary to make confident product decisions.

This position reports to the Director of Application Security.

Responsibilities

• Conduct source code reviews
• Conduct security reviews of core products
• Help in the design of new products or features in order to be able to keep DocuSign assets secure
• Provide security expertise and guidance to the DocuSign engineering and business teams
• Build and improve our security tools and processes using Python or C# for critical infrastructure protection, monitoring and remediation

Basic Qualifications

• Bachelor's degree in Computer Science or a related technical field, or equivalent practical experience
• 8+ years of security engineering experience including development and scripting (Python, C#, PowerShell)
• Experience with attacks and mitigation methods, Web application and browser security, Security assessments and penetration testing

Preferred Qualifications

• Bachelor’s degree in Computer Science or related field
• Experience building and integrating automation into existing platforms and procedures
• Experience with common web application testing tools for IAST, DAST and SAST, and analysis tools such as Burp Suite or similar
• Experience with authentication and access control, applied cryptography and security protocols; Security monitoring and intrusion detection
• You are a team player who is considerate of others
• You have excellent interpersonal skills

About us
DocuSign® helps organizations connect and automate how they prepare, sign, act on, and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature: the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, hundreds of thousands of customers and hundreds of millions of users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people's lives. Plus, we save more trees together! And that’s a good thing.

DocuSign is an Equal Opportunity Employer. DocuSign is committed to building a diverse team of talented individuals who bring different perspectives to the discussion and who feel a sense of inclusion and belonging when they join our team. Individuals seeking employment at DocuSign are considered without regards to race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, citizenship status, or any other legally protected category.

#LI-DS1