Lead Offensive Security Engineer
Docusign
full-time
Posted on:
Location Type: Remote
Location: Remote • California, Colorado, District of Columbia, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Ohio, Washington • 🇺🇸 United States
Visit company websiteSalary
💰 $150,300 - $287,425 per year
Job Level
Senior
Tech Stack
CloudCyber Security
About the role
- Play a critical role in protecting Docusign’s products and customers by spearheading offensive security testing initiatives.
- Drive penetration tests, conduct red team exercises, mentor team members, and perform security research.
- Provide clear technical guidance and direction to the team.
- Mentor team members, imparting advanced offensive security skills and knowledge.
- Oversee the planning and execution of offensive security projects.
- Identify and direct areas for security investigation in coordination with the director and other leads.
- Serve as a key subject matter expert and point of contact for stakeholders, assisting with vulnerability impact analysis and defining remediation strategies.
- Work closely with the Product Security Incident Response Team (PSIRT) and engineering teams to analyze and drive the resolution of product security issues.
- Maintain professional and responsive communication with all stakeholders throughout the security evaluation lifecycle.
- Message key threats to the business to relevant stakeholders.
- Collaborate effectively with cross-functional groups, including Threat Intelligence and PSIRT, to continuously strengthen the overall product security posture.
Requirements
- 12+ years experience (10+ with a Master’s degree) in security research, red teaming or penetration testing experience including on web application security
- Experience in exploit development
- Experience with cybersecurity principles, incident response lifecycles, and security best practices
- Experience with CVSS (Common Vulnerability Scoring System) for rating vulnerabilities, MITRE ATT&CK for adversary tactics and techniques, and CWE (Common Weakness Enumeration) for identifying and categorizing software weaknesses
- Experience leading a team effectively and communicating offensive security findings to leadership
- Bachelor's degree in Computer Science, Information Security, or a related field
- Industry certifications such as OSCP, GXPN, OSEP, OSWA, OSWE, OSDA
- Experience with cloud, container, or network security testing
- Experience with AI security testing.
Benefits
- Paid Time Off: earned time off, as well as paid company holidays based on region
- Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
- Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
- Retirement Plans: select retirement and pension programs with potential for employer contributions
- Learning and Development: options for coaching, online courses and education reimbursements
- Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
penetration testingred teamingexploit developmentweb application securitycybersecurity principlesincident responseCVSSMITRE ATT&CKCWEcloud security
Soft skills
mentoringcommunicationleadershipcollaborationtechnical guidancestakeholder managementplanningexecutionproblem-solvingresponsiveness
Certifications
OSCPGXPNOSEPOSWAOSWEOSDA