Sr. Security Engineer, Vulnerability Management

Sr. Security Engineer, Vulnerability ManagementIT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA or Remote - US

This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.

Our agreement with employeesDocuSign is committed to building trust and making the world more agreeable for our employees, customers, and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.

The team Our IT, InfoSec, Vulnerability Management team is in the business of trust and security. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers.  We embrace Agile principles and values, favor DevOps practices, and view VM practices as building and maintaining trust with our stakeholders, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.

This positionAs a Sr. Security Engineer for Vulnerability Management, you will oversee vulnerability assessments and pen-testing to support compliance audits (PCI, FedRamp, IL4).  You will partner with a wide range of functional groups including Compliance, Legal, Security Architecture, Product Security, and Engineering teams. You are a highly motivated individual with strong emotional intelligence and demonstrated experience in high growth, fast-paced organizations. You are experienced with Cloud platforms (Azure, GCP, AWS), Vulnerability Management, Python automation, and API integrations.

You have the ability to lead through conflict, take input from multiple stakeholders and deliver solutions required to address complex security issues. 

This position is an individual contributor role reporting to the Senior Director of Vulnerability Management and is designated Flex.

Responsibilities

• Integrate telemetry from various source systems (technical assessment tools, inventory and configuration management systems) to measure Vulnerability Management program effectiveness and control gaps
• Evaluate control effectiveness and providing input to establish treatment plans for remediation of risk
• Coordinate vulnerability remediation activities with a focus on self-service to promote DevSecOps
• Provide tracking details needed to support continuous monitoring program reviews
• Lead penetration testing engagements by gathering logistics across product environments and track remediation of findings
• Automate compliance scanning and assessment functions
• Breakdown problems to re-engineer processes
• Provide direction to others to design solutions to automate capabilities.
• Maintain expert knowledge of DocuSign products/services, industry/regulatory standards, Vulnerability Management requirements and assessments
• Align with the Trust & Security initiatives that drive scale and operational excellence
• Maintain strong relationships based on trust and transparency with primary stakeholders
• Establish automated audit policies (CIS/STIG) based on defined baselines, including custom STIG policies
• Negotiate appropriate trade-offs and ensure clear accountability, targets, timelines, and deliverables for each major initiative
• Automate ticketing and deviation workflow related to remediation tracking and reporting for vulnerabilities
• Centralize evidence collection to support audits

Basic qualifications

• CyberSecurity or IT BS degree or equivalent work experience
• 8+ years of industry experience
• Experience with automation and scripting using Python and pulling data via Web API architectures
• Experience leading technical projects across multiple stakeholder organizations
• Experience in establishing and managing PCI compliance technical assessments (Vulnerability scans, ASV, Pen Tests, Segmentation testing) and coordinating remediation efforts to demonstrate compliance
• Experience aligning compliance requirements to control plans
• Experience of industry scan tools to provide assessment evidence related to control requirements (Nessus, Rapid7, NMAP, Microsoft Defender, Wiz, Prisma)
• Demonstrated knowledge of technical security controls and how they apply to on-premise, segmented, and cloud environments
• Understanding of network and operational processes to drive scalable architecture and workflow solutions
• Experience performing risk assessments using a variety of tools and processes (Threat Intelligence, Exploit Analysis, Threat Modeling, Nessus Scanners, Container Security Tools, Cloud telemetry)
• Experience with cloud solutions (i.e. AWS, Azure (preferred), GCP)
• Experience in alignment of Vulnerability Management processes with SDLC processes and transition from on-premise to cloud platforms
• Experience evaluating and recommending security tooling
• Familiarity with Google suite
• Automation of VM workflows (Discover, Prioritize, Assess, Report, Remediate, Deviations, Verify) using data aggregation and orchestration tools like Brinqa

Preferred qualifications

• BS in Computer Science or CISM/CISSP
• Software Engineering experience with a focus on performant and extensible solutions
• Data modeling experience
• Use of Agile for software development projects
• 7+ years of CyberSecurity industry experience at enterprise scale
• Comfortable with ambiguity and ability to adapt to rapid change

Based on Colorado law, the following details are for Colorado individuals only: Colorado base salary range: $115,800 - $163,575 and eligible for bonus, equity and benefits.

About usDocuSign helps organizations connect and automate how they prepare, sign, act on and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature, the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and more than a billion users in over 180 countries use the DocuSign Agreement Cloud to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability.

It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

Accommodations DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected]

#LI-Remote