DocuSign

Company Overview

DocuSign helps organizations connect and automate how they agree. Our flagship product, eSignature, is the world’s #1 way to sign electronically on practically any device, from virtually anywhere, at any time. Today, more than a million customers and a billion users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people’s lives.

What you'll do

The Director of Product Security leads a team of technical security professionals to secure the trust of the DocuSign products. The ideal candidate for this role strives to ensure that the development of our products and applications occurs in a secure and scalable manner.

This role drives thought leadership, partnering with Product and Engineering teams to lead secure Product Life Cycle, secure Software Development, deployment pipelines, testing practices, product vulnerability management, Bug Bounty, and Penetration testing at scale.

This role partners with our Vulnerability Management, Incident Response, and Trust Services teams to interface directly with DocuSign clients on cyber security topics. The right candidate has an established record of accomplishment, demonstrates subject area mastery, and experience leading a functional team in product and application security. They drive clarity of mission and have a strong drive for coaching talent, a bias for action, prioritization and long term benefits.

This position is a people manager role reporting to the Vice President of Security Assurance.

Responsibility

• Own and implement the vision for Product Security capabilities for the software development lifecycle (SDLC) across the company, guiding development of actionable roadmaps and plans
• Evolve and maintain a secure SDLC, partnering with Engineering to shift-left, drive initiatives and reduce risk in the development lifecycle
• Find opportunities and strategies for continuous improvement, efficiency and efficacy of Product Security and shift-left strategies
• Expand and evolve a team of application and product security professionals
• Partner closely with Engineering and Product teams, driving long term application security program alignment
• Provide review and oversight of CI/CD pipelines, build, and release systems
• Develop a rigorous threat modeling program, in conjunction with Security Architecture, to be used as a foundation for risk management, development priorities, and PSIRT telemetry
• Develop Application Security scorecards to drive action and reduce risk for the organization
• Provide oversight to software craftsmanship, security, availability, resilience, and scalability of solutions developed by the teams or third party providers
• Set risk management guidelines and partner with stakeholders to implement and automate key risk initiatives
• Lead implementation of projects and encourage engineering innovation and continuous learning
• Manage allocation of people and financial resources for Technology Strategic Leadership
• Manage strategic functional areas across application security, including but not limited to capabilities in the SDLC, security champion, Bug Bounty, Penetration Testing and Product Security Reporting
• Deliver on Secure Product Strategy to improve customer experience
• Oversee security tools for improving usability, customer satisfaction and balancing needs of application security
• Develop and refine strategies for implementing application security controls within Lines of Business for improving developer experience and simplification of controls
• Set risk management guidelines and partner with stakeholders to implement key risk initiatives
• Contribute to other practices areas of Product and Application security programs by offering guidance on service execution, developer enablement, and remediation strategies

Job Designation

Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

Positions at DocuSign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within DocuSign. DocuSign reserves the right to change a position's job designation depending on business needs and as permitted by local law.

What you bring

Basic

• Bachelor's Degree in technology or other related fields or equivalent work experience in Information Security and Business or Risk Management
• 8+ years of experience working in Cyber Security, Information Security, and/or Application Security and Architecture
• 3+ years of experience in people management
• Experience leading technical teams
• Experience developing and deploying product security capabilities for the SDLC with usability, developer delight and risk reduction outcomes
• Due to government contract requirements:
• Candidate must be a US Person
• US Persons are defined here
• Candidate must be able to clear a government agency-specific background investigation and may be required to undergo additional background checks

Preferred

• Proven ability to communicate clearly and professionally with all levels of an organization as well as with clients
• Demonstrated strong commitment to talent development, training, and coaching to expand and retain security talent
• Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
• Experience in securing applications in cloud architectures
• Professionalism, sensitivity, discretion, and sound decision-making skills aligned with interacting at the senior executive level
• Demonstrated experience guiding prioritization, tradeoffs of work and long term program growth
• Excellent written and oral communication skills
• Proven leadership capabilities of integrity, self-discipline, and building an environment of trust
• Strong experience leading a technical team in a fast-paced environment
• Demonstrated ability to drive clarity and consensus among broad organizations
• Ability to interpret and translate customer requirements into operational actions
• Experience working in development environments with .NET Core, Java or NodeJS

Wage Transparency

Based on applicable legislation, the below details pay ranges in the following locations:

California: $188,200 - $302,825 base salary

Washington and New York (including NYC metro area): $178,400 - $265,900 base salary

This role is also eligible for bonus, equity and benefits.

Global benefits provide options for the following:

• Paid Time Off: earned time off, as well as paid company holidays based on region
• Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
• Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
• Retirement Plans: select retirement and pension programs with potential for employer contributions
• Learning and Development: options for coaching, online courses and education reimbursements
• Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events

Life at DocuSign

Working here

DocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal.

We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.

Accommodation

DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures. If you need such an accommodation, including if you need accommodation to properly utilize our online system, you may contact us at accommodations@docusign.com. 

If you experience any technical difficulties or issues during the application process, or with our interview tools, please reach out to us at taops@docusign.com for assistance.

Applicant and Candidate Privacy Notice

States Not Eligible for Employment

This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.

EEO Statement

It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

EEO Know Your Rights poster

We can recommend jobs specifically for you! Click here to get started.

Read Full Description