Director, Application and Product Security

Director, Application and Product SecurityIT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA 

This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and WyomingOur agreement with employeesDocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.The teamOur IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers. We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business.This positionThe Director of Application and Product Security leads a team of technical application security professionals to secure the trust of the DocuSign product. The ideal candidate for this role strives to ensure that the development of our products and applications occurs in a secure and scalable manner. 

This role drives thought leadership, partnering with product and engineering teams in secure software development, deployment pipelines, testing practices, and product vulnerability management. They prioritize and enable large scopes of work across multiple teams. 

This position will develop and be engaged with the Product Security (PSIRT) process to respond to product incidents and responsible disclosure findings.

Additionally, this role partners with our Vulnerability Management and Trust Services teams to interface directly with DocuSign clients on cyber security topics.

The right candidate has an established record of accomplishment, demonstrates subject area mastery, and experience leading a functional team in application security. They drive clarity of mission and have a strong drive for coaching talent. 

This position is a people manager role reporting to the Sr. Director, Security Architecture and is designated Flex.

Responsibilities

• Own and execute the vision for Application Security across the company.
• Evolve and maintain a secure software development lifecycle, partnering with engineering  to drive initiatives and bug fixes in the development groups.
• Expand and evolve a team of application and product security professionals.
• Partner closely with engineering and product teams, driving long term application security program alignment.
• Provide review and oversight of CI/CD pipelines, and build and release systems.
• Develop a rigorous threat modeling program, in conjunction with Security Architecture, to be used as a foundation for risk management, development priorities, PSIRT telemetry

Basic qualifications

• Bachelor's Degree in technology or other related fields from an accredited university or college; or equivalent work experience in Information Security and Business/Risk Management
• Minimum of 8 years of experience working in Cyber Security, Information Security, and/or Application Security and Architecture.
• Minimum of 12 years experience in people management
• Demonstrated success in leading technical teams in a diverse environment
• Demonstrated ability to communicate clearly and professionally with all levels of an organization as well as with clients.

Preferred qualifications

• Demonstrated strong commitment to talent development, training, and coaching to expand and retain security talent
• Experience developing SaaS product security capabilities
• Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as; OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
• Experience in securing applications in cloud architectures
• Professionalism, sensitivity, discretion, and sound decision-making skills aligned with interacting at the senior executive level are essential
• Demonstrated experience guiding prioritization of work and long term program growth
• Excellent written and oral communication skills
• Proven leadership capabilities of integrity, self-discipline, building an environment of trust
• Strong experience managing a team in a fast-paced environment and leading as an individual contributor
• Demonstrated ability to drive clarity and consensus among broad organizations
• Ability to interpret and translate customer requirements into operational actions
• Experience working in development environments with .NET Core, Java or NodeJS

Vaccination requirement DocuSign may require all employees to be fully vaccinated against COVID-19 and provide proof of vaccination to visit a DocuSign office, to meet with potential or actual customers or business partners, or for other business-related purposes, in accordance with local law. Please note that DocuSign has contracts with different governments globally which may require compliance with local and federal laws.About usDocuSign helps organizations connect and automate how they prepare, sign, act on and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature, the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and more than a billion users in over 180 countries use the DocuSign Agreement Cloud to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability.

It's important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign is an Equal Opportunity Employer and makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.Accommodations DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected].

#LI-Hybrid