Director, Application and Product Security
San Francisco or Seattle
DocuSignDocuSign ensures the security, mobility, reliability, and ease of use you need to digitally transform your business. Electronically sign for free!
Director, Application and Product Security
IT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA
This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming
Our agreement with employees
DocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.
Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers. We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.
The Director of Application and Product Security leads a team of technical application security professionals to secure the trust of the DocuSign product. The ideal candidate for this role strives to ensure that the development of our products and applications occurs in a secure and scalable manner.
This role drives thought leadership, partnering with product and engineering teams in secure software development, deployment pipelines, testing practices, and product vulnerability management. They prioritize and enable large scopes of work across multiple teams.
This position will develop and be engaged with the Product Security (PSIRT) process to respond to product incidents and responsible disclosure findings.
Additionally, this role partners with our Vulnerability Management and Trust Services teams to interface directly with DocuSign clients on cyber security topics.
The right candidate has an established record of accomplishment, demonstrates subject area mastery, and experience leading a functional team in application security. They drive clarity of mission and have a strong drive for coaching talent.
This position is a people manager role reporting to the Sr. Director, Security Architecture and is designated Flex.
- Own and execute the vision for Application Security across the company.
- Evolve and maintain a secure software development lifecycle, partnering with engineering to drive initiatives and bug fixes in the development groups.
- Expand and evolve a team of application and product security professionals.
- Partner closely with engineering and product teams, driving long term application security program alignment.
- Provide review and oversight of CI/CD pipelines, and build and release systems.
- Develop a rigorous threat modeling program, in conjunction with Security Architecture, to be used as a foundation for risk management, development priorities, PSIRT telemetry
- Bachelor's Degree in technology or other related fields from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management
- Minimum of 8 years of experience working in Cyber Security, Information Security, and/or Application Security and Architecture.
- Minimum of 12 years experience in people management
- Demonstrated success in leading technical teams in a diverse environment
- Demonstrated ability to communicate clearly and professionally with all levels of an organization as well as with clients.
- Demonstrated strong commitment to talent development, training, and coaching to expand and retain security talent
- Experience developing SaaS product security capabilities
- Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as; OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
- Experience in securing applications in cloud architectures
- Professionalism, sensitivity, discretion, and sound decision-making skills aligned with interacting at the senior executive level are essential
- Demonstrated experience guiding prioritization of work and long term program growth
- Excellent written and oral communication skills
- Proven leadership capabilities of integrity, self-discipline, building an environment of trust
- Strong experience managing a team in a fast-paced environment and leading as an individual contributor
- Demonstrated ability to drive clarity and consensus among broad organizations
- Ability to interpret and translate customer requirements into operational actions
- Experience working in development environments with .NET Core, Java or NodeJS
DocuSign may require all employees to be fully vaccinated against COVID-19 and provide proof of vaccination to visit a DocuSign office, to meet with potential or actual customers or business partners, or for other business-related purposes, in accordance with local law. Please note that DocuSign has contracts with different governments globally which may require compliance with local and federal laws.
DocuSign helps organizations connect and automate how they prepare, sign, act on and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature, the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and more than a billion users in over 180 countries use the DocuSign Agreement Cloud to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability.
It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.
DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at email@example.com.
Other jobs like this
Director of Application and Product Security (Remote)Application security CCPA NIST Penetration testing Privacy Product security Risk management SDLC Strategy Vulnerability management
Career development Flex vacation Health care Medical leave
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs