Security Engineer, Vulnerability Management

San Francisco or Seattle or Remote US

Applications have closed

DocuSign

DocuSign ensures the security & mobility to digitally transform businesses. Sign docs for free.

View company page

Security Engineer, Vulnerability Management
IT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA or Remote - US

This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.

Our agreement with employees
DocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.

The team 
Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers.  We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.

This position
As a Security Engineer for Vulnerability Management (VM), you will be focused on executing and maturing our VM program. You will partner with a wide range of functional groups including Compliance, Legal, Security Architecture, Product Security and Engineering teams. You are a highly motivated individual with strong emotional intelligence and demonstrated experience in high growth, fast-paced organizations. You are experienced with Cloud platforms and able to automate tasks using Python creating integrations between our security tooling. You take data from various tools and sources and are adept at establishing lifecycle workflows and processes to simplify and automate the process for our stakeholders.

You have the ability to lead through conflict, take input from multiple stakeholders and deliver solutions required to address complex security issues. 

This position is an individual contributor role reporting to the Director of Vulnerability Management and is designated Flex.

Responsibilities

  • Evaluate control effectiveness and provide input to establish plans of actions for remediation of risk
  • Coordinate vulnerability remediation activities (VM scans, container scans, application assessments, pen test findings, configuration scans)
  • Integrate telemetry from various source systems (technical assessment tools, inventory and configuration management systems) to measure Vulnerability Management program effectiveness and control gaps
  • Break down problems to re-engineer processes and work with other teams to design solutions to automate capabilities
  • Maintain expert knowledge of DocuSign products and services, industry and regulatory standards, Vulnerability Management requirements and assessments
  • Align with the Trust & Security initiatives that drive scale and operational excellence
  • Maintain strong relationships based on trust and transparency with primary stakeholders
  • Establish automated audit policies (CIS/STIG) based on defined baselines, including custom STIG policies
  • Negotiate appropriate trade-offs and ensure clear accountability, targets, timelines and deliverables for each major initiative
  • Automate workflow and reporting for vulnerabilities and centralize evidence collection to support audits

Basic qualifications 

  • CyberSecurity or IT BS degree or equivalent work experience 
  • 5+ years of industry experience 
  • Experience with automation and scripting using Python
  • Experience leading technical teams
  • Experience of industry scan tools to provide assessment evidence related to control requirements (Nessus, Rapid7, NMAP)
  • Demonstrated knowledge of technical security controls and how they apply to on-premise, segmented, and cloud environments
  • Understanding of network and operational processes to drive scalable architecture and workflow solutions
  • Experience performing risk assessments using a variety of tools and processes (Threat Intelligence, Exploit Analysis, Threat Modeling, Nessus Scanners, Container Security Tools, Cloud telemetry)
  • Experience with cloud solutions (i.e. AWS, Azure, GCP) 
  • Experience in alignment of Vulnerability Management processes with cloud platforms 

Preferred qualifications 

  • Experience in establishing and managing Continuous Monitoring programs for FedRamp, IL4
  • Experience in establishing and managing PCI compliance technical assessments (ASV, Pen Tests, Segmentation testing) and coordinating remediation efforts to demonstrate compliance
  • Experience mapping compliance requirements to technical controls
  • BS in Computer Science or CISM/CISSP
  • 5+ years of CyberSecurity industry experience at enterprise scale
  • Comfortable with ambiguity and fast change with an ability to adapt as needed
  • Familiarity with Google suite

Based on Colorado law, the following details are for Colorado individuals only: Colorado base salary range: $118,600 - $145,000 and eligible for bonus, equity and benefits at https://www.docusign.com/company/benefits.

Vaccination requirement 
DocuSign may require all employees to be fully vaccinated against COVID-19 and provide proof of vaccination to visit a DocuSign office, to meet with potential or actual customers or business partners, or for other business-related purposes, in accordance with local law. Please note that DocuSign has contracts with different governments globally which may require compliance with local and federal laws.

About us
DocuSign helps organizations connect and automate how they prepare, sign, act on, and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature: the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and hundreds of millions of users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability.

It’s important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate with regards to any legally protected characteristics.

Accommodations 
DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at accommodations@docusign.com.

#LI-Remote

Tags: Agile Audits Automation AWS Azure CISM CISSP Cloud Compliance Computer Science DevOps Exploit FedRAMP GCP Monitoring Nessus Nmap Product security Python Scripting Threat intelligence Vulnerabilities Vulnerability management

Perks/benefits: Equity Flex vacation Salary bonus Signing bonus Startup environment Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  13  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.