Senior Information Security Engineer in San Francisco, CA

$150K - $200K(Ladders Estimates)

DocuSign   •  

San Francisco, CA 94102

Industry: Enterprise Technology

  •  

8 - 10 years

Posted 55 days ago

This position

We are looking for a Systems Security Engineer with a strong background in networking and infrastructure and a passion for security. You will own our continuously growing security infrastructure, streamline operations, increase scanning coverage and visibility while working closely with partner teams. Our team manages vulnerabilities across DocuSign including our core product, corporate networks, workstation management and SaaS platforms. This includes ongoing security scanning using a variety of tools in addition to regular penetration testing, tracking findings from discovery all the way through remediation. Environments utilize a variety of hosting solutions including managing our own datacenters and servers along with cloud services such as AWS and Azure.

Join a team of talented security professionals continuously innovating and securing DocuSign platforms for both customers and employees.

Responsibilities

  • Design, implement, and execute industry-leading vulnerability management services, remediation and patch management oversight
  • Maintain security scanning operations and configurations within complex and continuously evolving environments
  • Partner closely with system owners to triage, troubleshoot and improve scanning coverage
  • Interpret data from the scanners and provide guidance on mitigations prioritizing by risk
  • Automate and streamline security scanning operations, alerting and reporting
  • Support self-service capabilities and provide a collaborative environment by building solid working relationships with various partner teams
  • Generate reporting to measure compliance and overall effectiveness

Basic Qualifications

  • 8+ years of systems engineering experience and a solid understanding of networking fundamentals
  • Experience with vulnerability scanning tools (Nessus, Qualys, Nexpose, etc.)
  • Ability to triage vulnerabilities and prioritize based on risk and impact
  • Familiarity with web related technologies and of network/web related protocols
  • Ability to think creatively and come up with solutions when tools don't work
  • Strong sense of ownership, urgency and drive
  • Passion for keeping up with the security industry and threat landscape

Preferred Qualifications

  • Proficiency in at least one scripting language (PowerShell, Python, Ruby, etc.)
  • Experience building and integrating automation into existing platforms and procedures
  • Experience working with large data sets and manipulating them in SQL databases
  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Arachni, HP Fortify or similar
  • Experience in performing or facilitating vulnerability assessments and penetration tests


Valid Through: 2019-10-17