Lead Security Engineer

About The Position

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• 12+ years of industry experience in Cloud and Infrastructure Security with a deep focus on Vulnerability Management (VM), or equivalent related areas.
• Experience securing cloud platforms (Azure, AWS, GCP), especially public endpoints and security groups
• Experience in scripting and programming (Python, Go, or TypeScript) and SQL
• Background in infrastructure deployment and management (network, systems)
• Experience with DNS providers, CDNs, and WAFs
• Experience with coverage or EASM tools (e.g., Microsoft Defender EASM, VirusTotal, Wiz EASM)
• Experience with asset inventory and vulnerability management tools (e.g., ServiceNow, Qualys, Tenable)
• Experience with data aggregation and visualization platforms and techniques (e.g. PowerBI)
• Strong problem-solving skills and adaptability in a fast-paced environment
• Demonstrated ability to mentor and influence team members
• Knowledge of internet protocols (DNS, HTTP, TLS), IP/ports, and cloud security concepts

Nice To Haves

• Proven deep expertise and a track record in either Cloud Environment Security or Security tooling automation
• Detail-oriented, metrics-driven, and able to drive initiatives to completion
• Excellent communication and stakeholder management skills
• Ability to think critically and drive progress despite ambiguity or rapid change
• Certifications such as CISSP or CISM
• Experience working with data pipelines and reporting tools to visualize metrics and trends

Responsibilities

• Provide strategic and technical leadership for the Cloud Security and Infrastructure vulnerability program(s), partnering with stakeholders across the company
• Own the vision, develop the strategy, and execute on the plan to operate the program at scale, ensuring continuous improvement and alignment with organizational goals
• Analyze public and private vulnerability disclosures and exploit code, deeply understanding and assessing the technical details and potential impact across Docusign’s infrastructure, services, and applications
• Investigate, triage, and prioritize vulnerabilities, identifying severity and scope of potential impact, and supporting response and remediation efforts with engineering teams
• Establish technical security baselines and best practices for cloud and infrastructure components, leveraging industry standards (e.g., Azure Security Benchmarks, CIS Benchmarks) to measure compliance and drive remediation for non-compliant drift
• Design, implement, and maintain automation, tools, and workflows to enhance operational capabilities and efficiency
• Identify and deploy discovery scans with accurate scope, ensuring efficacy, freshness, and deduplication of data, and integrate results with existing reporting mechanisms
• Develop and maintain scripts and code (Python, Ruby, Go, Swift, Java, .Net, C++, SQL, etc.) for ETL, enrichment, evidence capture, and automation of external scanning processes
• Develop and refine OKRs for Surface Coverage areas, and represent the initiative with executive leadership, providing clear metrics and progress updates
• Contribute to runbooks, playbooks, and “how to” documentation, and assist with surge response for high-risk exposures
• Participate in a global on-call rotation to ensure continuous monitoring and rapid remediation of vulnerabilities, supporting a 24/7 security posture
• Mentor and support the development of team members

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Stock: This role is eligible to receive Restricted Stock Units (RSUs).
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events