Role Description We are seeking a Sr. Product Security Engineer to manage the day-to-day execution of the organization's vulnerability management program and provide hands-on support for secure software development lifecycle (SSDLC) and CI/CD security initiatives. This role works closely with the DevSecOps Lead, Engineering, Platform Team, and Security to ensure vulnerabilities are tracked from discovery through remediation, security controls are functioning as intended, and findings are reported with clear accountability. The Security Operations Engineer translates security requirements into operational workflows, managing intake queues, enforcing SLAs, coordinating remediation with engineering teams, and producing the dashboards and reports that give leadership visibility into security posture. This is a remote-friendly opportunity that can sit in NYC, one of our office hubs in Austin, Miami, Los Angeles (CA), and Cupertino (CA), or anywhere else in the US. However, depending upon where the remote work is performed, income could be subject to New York State tax withholding. We expect U.S. based working hours with the majority of the team working East and Central Time Zones. Responsibilities - Vulnerability Management Operations - Own the end-to-end vulnerability lifecycle: intake, triage, assignment, remediation coordination, verification, and closure across all finding sources. - Enforce severity-based SLAs, escalation paths, and ownership expectations. - Track remediation timelines and follow up with engineering teams to ensure findings are resolved within policy requirements. - Aggregate findings centrally from all scanning tools and sources into a unified tracking system. - Manage exception and risk acceptance workflows. - Produce vulnerability posture reports and dashboards. - Coordinate with engineering teams on remediation prioritization. - Drive reduction of aging findings through proactive follow-up, workflow automation, and escalation when remediation stalls. - CI/CD Security Control Support - Assist the DevSecOps Lead with implementation of baseline security controls. - Help integrate controls into repositories, CI/CD pipelines, registries, and deployment workflows. - Validate that controls are functioning as intended. - Assist with onboarding new teams to the secure pipeline. - SSDLC Support - Support the DevSecOps Lead in maintaining and socializing the Secure Software Development Lifecycle policy. - Help maintain templates, configuration standards, and setup guidance for teams adopting SSDLC controls. - Assist with reference repository maintenance. - Participate in office hours, reviews, and implementation support sessions. - Reporting, Metrics, and Audit Support - Own vulnerability management metrics and reporting. - Contribute to broader security metrics. - Prepare audit-ready evidence related to vulnerability management. - Support the DevSecOps Lead in preparing leadership updates and cross-functional communications. Qualifications - 3–6 years of experience in security operations, vulnerability management, application security, DevSecOps, or a related security engineering role. - Hands-on experience with vulnerability management workflows. - Working knowledge of common scanning tools and finding types. - Familiarity with Git-based workflows, CI/CD systems, and cloud-native development environments. - Experience producing security metrics, dashboards, and reports for technical and leadership audiences. - Strong organizational and follow-through skills. - Clear written and verbal communication skills. Preferred Qualifications - Experience with vulnerability aggregation platforms or security finding management tools. - Familiarity with GitHub Enterprise, GitHub Actions, or similar CI/CD platforms. - Experience supporting SOC 2 or similar audit and compliance requirements. - Exposure to ticketing system integrations for vulnerability assignment and tracking workflows. - Familiarity with supply chain security concepts. - Relevant Certifications (preferred, not required): GSEC, Certified DevSecOps Professional (CDP), CISSP, CSSLP, or SSCP. Benefits - Flexible work hours. - Flexible vacation. - Generous 401K match. - Parental leave. - Team events. - Wellness budget. - Learning reimbursement. - Equity in the compensation package.

• You'll handle day-to-day IT operations for our clients and contribute to internal security projects: • Provision and manage users, groups, and licences in Microsoft 365 or Google Workspace • Onboard laptops (Windows/macOS) into MDM and coordinate remote device handovers • Triage first-line support tickets (password resets, access requests) and escalate complex issues • Run weekly maintenance checks: patch status, backup logs, security alerts • Document fixes and runbooks so processes are repeatable • Contribute to security projects (~20% of your time): CVE research and briefings, laptop hardening scripts, incident-response playbook drafts, ISO 27001 checklist development

• Define and maintain the north-star vision for an AI-first cyber operations ecosystem. • Own the product vision and outcomes for a mature Security Operations Data Plane. • Establish tooling readiness posture, defining when and how security-relevant tooling is operated or absorbed to uphold ecosystem standards. • Own portfolio strategy, roadmap, and outcome-based prioritization (OKRs/KPIs). • Drive adoption of ecosystem capabilities across Cyber Operations job roles. • Resolve tensions between local optimization and ecosystem integrity. • Partner with engineering, platform, and governance stakeholders to ensure defensible, scalable delivery.

• Provide expert legal advice to our teams as it relates to managing cybersecurity risks and compliance with global cybersecurity laws and regulations • Provide legal guidance on regulatory, third-party, and internal security audits, and work with teams to scope and perform periodic security hygiene assessments, mitigation, and remediation • Help enhance Docusign’s data governance posture, including data governance operations and documentation, employee training on data governance and security obligations, promoting a culture of awareness and compliance throughout the organization, policy enforcement, data compliance program monitoring and auditing, and third-party risk assessment • Collaborate with the global legal team to align security and data practices across the company, ensuring a unified approach to data protection • Support building and improving incident detection and response processes • Provide support and counsel during cybersecurity-related investigations and the response to data incidents, including breach notification and mitigation strategies, to minimize impact and maintain trust • Remain up-to-date on relevant data security laws and regulations, industry approaches to data governance program management, and on data compliance and security technological developments, threat vectors, and evolving industry standards to provide solutions to complex issues • Help prepare board and executive presentations, regulatory filings, and other legal disclosures to ensure accuracy and completeness of cybersecurity representations • Support global AI governance, helping the business teams continue innovating responsibly