Sr. Manager, CSIRT
DocuSign
Sr. Manager, CSIRT
- Location
- US-Remote
- Category
- Security
- Position Type
- Regular
Company Overview
Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).
What you'll do
We are seeking an experienced and proactive CSIRT Manager to join our global security team in India. This pivotal role will be responsible for leading security incident response efforts, ensuring efficient and contextualized alerting, and performing both SOC alert triage and in-depth incident investigations. You will play a critical role in protecting our organization by proactively identifying, investigating, and mitigating threats, and driving continuous improvement in our security posture. This role demands deep expertise in cybersecurity principles, incident response processes, and strong leadership capabilities.
This position is a people manager role reporting to the Sr. Director of Security Operations.
Responsibility
Act as Incident Commander for all security issues across the enterprise
Lead the incident response team in identifying, analyzing, and resolving cybersecurity incidents
Coordinate with stakeholders for timely and effective resolution
Develop and maintain incident response plans, playbooks, and SOPs
Manage on-call rotation.
Communicate clearly with senior management and external stakeholders during and post-incident
Prepare detailed incident reports with post-incident analysis and recommendations
Collaborate with other cybersecurity teams to improve detection rules, refine security policies, and enhance overall security posture
Maintain working relationships with law enforcement when required.
Analyze security monitoring alerts and respond to cybersecurity incidents
Serve as a subject matter expert who defines visibility and response requirements
Perform forensic analysis on data and endpoints
Lead complex investigations into advanced cyber threats, including malware outbreaks, targeted attacks, and persistent threats
Conduct thorough investigations to determine root cause and impact of incidents.
Use threat intelligence and advanced analytics to identify and address potential threats
Implement and oversee remediation measures to prevent recurrence
Hunt for hidden threats within enterprise networks proactively using threat intelligence and behavioral analytics
Partner with Detection Engineering to refine threat detection rules to improve SOC visibility
Create automation solutions for expedient response and effective detection
Automate incident and remediation reports, leveraging AI where possible
Drive a culture of continuous improvement
Perform root cause analysis on security incidents and recommend improvements to security controls
Stay updated on industry best practices and evolving attack techniques to ensure effective defenses
Job Designation
Remote: Employee is not required to be in or near an office frequently and works from a designated remote work location for the majority of the time.
Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.
What you bring
Basic
Minimum of 8 years of experience in cybersecurity with at least 5 years in incident response (IR)
3+ years of proven experience in an IR management role, with a track record of building, mentoring, and scaling security teams
Background in Security Operations Center (SOC) operations, including incident response, and security monitoring
Experience with leveraging threat intelligence to anticipate and mitigate cyber threats, and extensive experience in digital forensics, covering evidence collection, analysis, and reporting
Experience leading global, cross-functional, and complex security incidents
Experience with data and SIEM tools (e.g., Splunk, Databricks, Sentinel)
Experience working with security automation and orchestration tools (SOAR), including how to prioritize efforts, forecast, and show cost savings
Experience with cyber threat landscape, attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATT&CK
Experience with security tools and technologies such as SIEM/SOAR platforms (e.g., Splunk, Sentinel), EDR, IDS/IPS, network traffic analysis tools (e.g., Zeek, Suricata, Yara), and cloud security solutions, with an understanding of their architecture and integration
Experience managing a balance of operational and project workloads
Preferred
Bachelor's or Master's degree in Computer Science, Information Security, or Cybersecurity
Exceptional communication (written and verbal) and presentation skills, with the ability to convey technical findings and recommendations to diverse audiences, including explaining complex engineering concepts
Passion for continuous learning, operational excellence, and a proactive, adversarial mindset, with a commitment to improving response processes and outcomes
Proven ability to collaborate effectively across cross-functional teams, influence stakeholders, and drive consensus, fostering a collaborative engineering environment
Ability to work under pressure and handle multiple priorities
Strong analytical and problem-solving skills, with meticulous attention to detail and an engineering approach to root cause analysis
Industry certifications such as GCIH, GCFA, CISSP, CISM, CEH, or OSCP
Experience with cloud security (AWS, Azure, GCP)
Wage Transparency
Pay for this position is based on a number of factors including geographic location and may vary depending on job-related knowledge, skills, and experience.
Based on applicable legislation, the below details pay ranges in the following locations:
California: $157,500.00 - $254,350.00 base salary
Illinois, Colorado, Massachusetts and Minnesota: $151,200.00 - $213,600.00 base salary
Washington, Maryland, New Jersey and New York (including NYC metro area): $151,200.00 - $222,450.00 base salary
Washington DC: $157,500.00 - $222,450.00 base salary
Ohio: $131,900.00 - $186,275.00 base salary
This role is also eligible for the following:
- Bonus: Sales personnel are eligible for variable incentive pay dependent on their achievement of pre-established sales goals. Non-Sales roles are eligible for a company bonus plan, which is calculated as a percentage of eligible wages and dependent on company performance.
- Stock: This role is eligible to receive Restricted Stock Units (RSUs).
Global benefits provide options for the following:
- Paid Time Off: earned time off, as well as paid company holidays based on region
- Paid Parental Leave: take up to six months off with your child after birth, adoption or foster care placement
- Full Health Benefits Plans: options for 100% employer paid and minimum employee contribution health plans from day one of employment
- Retirement Plans: select retirement and pension programs with potential for employer contributions
- Learning and Development: options for coaching, online courses and education reimbursements
- Compassionate Care Leave: paid time off following the loss of a loved one and other life-changing events
Life at DocuSign
Working here
Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At Docusign, everything is equal.
We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.
Accommodation
Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at accommodations@docusign.com.
If you experience any issues, concerns, or technical difficulties during the application process please get in touch with our Talent organization at taops@docusign.com for assistance.
States Not Eligible for Employment
This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming.
EEO Statement
It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. Docusign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.