Security Engineer

About The Position

Requirements

• 5+ years of industry experience in cybersecurity, with a strong focus on vulnerability management or closely related areas.
• Experience with common vulnerability classes (e.g., memory corruption, injection, auth/z flaws, web/app vulnerabilities, misconfigurations, cryptographic weaknesses) and how they manifest in real systems
• Ability to read and interpret vulnerability advisories (CVE, vendor bulletins, security research), CVSS/EPSS scores, and vendor guidance, and translate them into clear risk statements and remediation recommendations for technical teams
• Experience with key infrastructure and platform technologies, such as Linux and Windows OS, networking fundamentals, web stacks, and at least one major cloud provider (Azure, AWS, or GCP)
• Hands‑on experience with one or more vulnerability management and cloud security tools, ideally including: Wiz (CNAPP / cloud exposure management), Microsoft Defender (Defender for Cloud / endpoint / server) and Traditional scanners (e.g., Tenable, Qualys, or similar)
• Experience using ticketing and workflow tools such as Jira and ServiceNow to drive vulnerabilities through their lifecycle—from discovery to remediation and closure
• Ability to communicate clearly with engineers and technical stakeholders: explain vulnerabilities, impact, tradeoffs, and remediation paths in precise technical language, adjusting depth to audience
• Experience writing basic scripts or queries (e.g., Python, PowerShell, Bash, or SQL) to analyze or enrich vulnerability data and support simple automation tasks
• Proven ability to manage multiple parallel streams of work, stay organized, and follow through on commitments in a fast‑moving environment

Nice To Haves

• Strong collaboration skills and a demonstrated ability to build productive relationships with platform, SRE, and application teams, even when priorities compete
• Experience working in a cloud‑heavy environment, including how vulnerabilities apply to IaaS/PaaS services, containers, and Kubernetes workloads
• Experience correlating vulnerability data with asset inventories/CMDBs (e.g., via ServiceNow) to improve ownership, attribution, and prioritization
• Familiarity with risk‑based scoring (e.g., EPSS, internal risk models) and using context (internet exposure, data sensitivity, compensating controls) to influence priorities and SLAs
• Experience contributing to or maintaining dashboards and metrics (e.g., MTTR, SLA compliance, risk debt, exposure trends) for leadership and technical partners
• Experience writing or improving runbooks, playbooks, or “how‑to” documentation used by security and engineering teams
• Relevant certifications (e.g., Security+, GSEC, GIAC, CISSP) or equivalent practical experience demonstrating similar depth in vulnerability management and infrastructure/cloud security
• Experience in a mid‑ to large‑scale environment where you partnered with multiple stakeholder teams to coordinate remediation across many services and platforms

Responsibilities

• Analyze vulnerabilities in depth
• Investigate vulnerabilities from scanners, advisories, and threat intel to understand root cause, affected components, pre‑conditions, and potential impact to Docusign services and infrastructure.
• Be an authoritative technical voice
• Explain vulnerabilities, exploit chains, and mitigations to engineers, SREs, and architects in clear technical terms, including trade‑offs between short‑term mitigations and long‑term fixes
• Operate and tune vulnerability tooling (hands‑on)
• Configure, run, and maintain internal and external vulnerability scans (e.g., infrastructure, cloud, container) using tools such as Wiz, Microsoft Defender, and related platforms, ensuring scope accuracy, coverage, and high‑quality signal with minimal noise
• Validate and prioritize findings
• Validate key findings, identify false positives, and de‑duplicate results. Prioritize vulnerabilities based on severity, exploitability, asset criticality, exposure, and business context
• Drive remediation with stakeholders (partnering)
• Partner with service, platform, and product teams to define remediation plans, align on timelines and SLAs, and ensure fixes are implemented and verified in production environments
• Translate data into actionable work
• Use Jira and ServiceNow to create clear, contextual tickets that include impact, affected assets, reproduction details (when appropriate), and recommended remediation steps, and track them through closure
• Collaborate across security and engineering
• Work closely with cloud security, infrastructure, SRE, and application teams to integrate remediation into normal engineering workflows and release cycles, avoiding unnecessary friction while still reducing risk
• Contribute to automation and reporting (hands‑on)
• Use scripts and queries to enrich vulnerability data, support bulk operations (e.g., ownership updates, tagging), and improve dashboards/metrics used to track risk, SLA performance, and remediation trends
• Document and share knowledge
• Contribute to runbooks, playbooks, and internal documentation that help stakeholders understand common vulnerability classes, secure configuration patterns, and best‑practice remediation approaches
• Support incident and surge response
• Assist with analysis and mitigation during high‑risk exposures or emerging threats, including targeted review of affected technologies and assets and close partnership with operations teams

Benefits

• Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events