Job Description

• Bengaluru, Karnataka, India

Company Overview

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).

What you'll do

Docusign is seeking a passionate and experienced Senior Security Detections and SIEM Engineer to join our Analytics & Automation Security Team, a critical part of our world-class Information Security function. This is a highly technical, hands-on role that requires knowledge of a variety of security tools, technologies and experience protecting enterprise and production environments. Integrating various solutions for automation purposes or to gather and enrich security data will be a key responsibility of the role. You will have scope to shape and improve Docusign's comprehensive threat-detection stack. Our goal is to build a fully automated detection and response system. This is a fantastic opportunity to join a team who are wholly committed to Cyber Security, and to work for a company with security in its DNA.

This position is an individual contributor role reporting to the head of Automation & Analytics.

Responsibility

• Ingest data sources, design, develop, and implement detection rules, alerts, and correlation logic within the SIEM platform to identify anomalous behavior and potential security threats, aligning with the MITRE ATT&CK framework
• Perform investigations on a wide variety of events to discover new detection capabilities and logging sources
• Develop analytical rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline
• Handle on-premise solutions, running on VMs, containers, patching of all
• Design, develop, implement and maintain new innovative approaches and solutions for Docusign's security infrastructure

Job Designation

Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

Positions at DocuSign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within DocuSign. DocuSign reserves the right to change a position's job designation depending on business needs and as permitted by local law.

What you bring

Basic

• Bachelor's degree in Computer Science or a related technical field, or equivalent in experience
• 5+ years of experience in cyber security
• 3+ years in Cloud Engineering: 2+ years in Azure Sentinel and Log Analytics or other logging and SIEM / SOAR platforms
• Strong expertise in writing complex queries such as in: Kusto Query Language (KQL) or SPL
• Experience integrating various systems for configuration or data enrichment, leveraging and interfacing common APIs (REST)
• Working experience of scripting languages (such as Python, Ruby, Perl, or other)
• Implemented automated testing, continuous integration, and continuous deployment (CI/CD) using tools and technologies such as Azure DevOps or Git
• Great communication skills and ability to work in teams

Preferred

• Able to multitask based on priority and write documentation
• Strong background in malware analysis, intrusion detection and/or threat intelligence
• Experience with threat hunting or security investigations
• Experience in host intrusion detections on Windows, OSX and/or Linux
• Prior experience with Microsoft Graph Explorer
• Solid understanding of security operations and experience working with incident response and threat analysis teams
• Strongly driven by learning new technologies
• In-depth knowledge of the latest attack trends, tools and the threat landscape
• Ability to research, architect and drive complex technical solutions, consisting of multiple technologies
• Excellent communications skills, capable of working with cross functional technical and business teams and varying levels of management in a professional manner
• Strong background in both Windows and Linux/Unix systems
• Working with Powershell is a plus
• Background in infrastructure as code development such as Terraform Security certifications are a plus such as SC200, AZ500