Lead Security Logging Engineer

Lead Security Logging EngineerIT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA or Remote - US  This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.Our agreement with employeesDocuSign is committed to building trust and making the world more agree-able for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what's right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you'll be loved by us, our customers, and the world in which we live. The team Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers.  We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.

This positionDocuSign is seeking a passionate, dynamic, and experienced Lead Logging Engineer to join our team. This is a unique opportunity to work with everything security in a best-in-class, cloud-based logging platform on which DocuSign Security leverages. Come join a team who live and breathe information security and to work for a company with security in its DNA. 

In this dynamic and fast-paced role, you will deploy, configure, manage, maintain, administer, troubleshoot and onboard new data sources to Azure LogAnalytics-Azure Monitor / Azure Sentinel platform where it will be deployed in both Commercial and Gov Cloud. The toolset will need to be configured to support rigorous security controls for access, authentication, and authorization. The toolset should be configured in such a way that it is resilient, available and at optimal performance.

This position is an individual contributor role reporting to the Manager, Logging and SIEM and is designated Flex.

Responsibilities

• Onboard data from traditional and custom data sources such as Syslog, SaaS, IaaS, databases and others
• Develop analytics rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline
• Administer Log Analytics / Azure Monitor and Azure Sentinel while monitoring, maintaining, and troubleshooting the platform
• Train the Security Logging team on Azure Sentinel and Log Analytics concepts and document procedures
• Create, deploy, and administer Azure VMs, Load Balancers, VIPs, and other cloud infrastructure
• Perform full migration between logging platforms
• Be on-call (24x7) on a rotation basis as needed

Basic qualifications

• 12+ years of Linux Administration, 5+ years in Cloud Engineering, 3+ years in Azure and Azure Sentinel and Log Analytics / Azure Monitor
• Expertise in the Kusto Query Language (KQL)
• Working knowledge of tools and technologies like: Ansible, Git
• Knowledge of Azure Cloud architecture and deployment
• Experience writing leveraging APIs to collect events from data sources
• Experience implementing automated testing, continuous integration, and continuous deployment
• Experience building Azure Cloud Infrastructure with automated provisioning with terraform or other deployment tools
• Working knowledge and experience with Azure Active Directory and it’s integrations
• Experience in threat modeling and hunting
• Experience with Data Normalization
• Experience with Regex skills
• Experience scripting in Python, bash, or Powershell 

Preferred qualifications

• Microsoft Security Operations Analyst, Microsoft Azure Administrator certifications
• Provisioning with Container Orchestration using Elastic Kubernetes Service/Docker, etc.
• Experience working with Splunk data sources (onboarding, troubleshooting, administrating, searching, dashboarding and reporting)
• Previous experience working with Log Broker tools such as Cribl
• Previous experience in leading out similar technical projects that have business needs, decisions, and requirements at its core
• Ability to articulate risks and risk mitigations to technical, business, and executive audiences in verbal and written formats
• Excellent troubleshooting skills and experience
• Great communication skills and ability to work in teams
• Keen ability to take abstract direction and deliver results

Based on Colorado law, the following details are for Colorado individuals only: Colorado base salary range: $130,800 - $184,800 and eligible for bonus, equity and benefits.

About usDocuSign helps organizations connect and automate how they prepare, sign, act on and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature, the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and more than a billion users in over 180 countries use the DocuSign Agreement Cloud to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability.

It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

Accommodations DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected] #LI-Remote