Technical Program Manager, Application Security

Technical Program Manager, Application SecurityIT, InfoSec, Cyber Risk & Business Operations | San Francisco, CA or Seattle, WA or Remote - US This position is not eligible for employment in the following states: Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia and Wyoming. Our agreement with employeesDocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At DocuSign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live.

The team Our IT, InfoSec, Cyber Risk & Business Ops team - is in the business of trust and reliability. We create, maintain and operate scalable technology and data solutions that deliver an exceptional experience for our internal & external customers.  We embrace Agile principles and values, favor DevOps practices, and view infrastructure as code, all while we create an infrastructure that scales and supports our growth and ambitious vision. This requires a smart, highly collaborative team who can identify, investigate, and implement new technologies to continue securely scaling our global business. This positionAs part of the Application Security team, you will be part of developing secure products at DocuSign. You will own the processes that identify security vulnerabilities, drive remediation of vulnerabilities, and build trust with our customers. The right candidate will have a deep interest in application security and a passion for organizational excellence. This role will have a high degree of impact in securing the world’s most used suite of agreement products. This position is an individual contributor role reporting to the Manager of Application Security team and is designated Flex. Responsibilities

• Design and manage application penetration tests
• Track, manage, and drive remediation of application security vulnerabilities
• Establish trust with developer teams that address application security vulnerabilities
• Drive partnership with our customer facing trust organization, providing vulnerability reports and facilitating customer penetration tests
• Manage penetration test vendor relationships and drive scope of work in agreements
• Streamline work processes to improve efficiency and consistency
• Define and track metrics for penetration test and remediation programs

Basic qualifications

• 2+ years of experience in security or program management
• Bachelor’s Degree in Computer Science, Information Systems, Cybersecurity, or related field
• Exposure to penetration testing practices
• Familiarity with issue tracking systems like Jira
• Experience writing application security penetration test statements of work and penetration test result reports
• Knowledge of regulations and standards such as OWASP, PCI-DSS, or NIST Cybersecurity Frameworks
• Experience with one of the following programming languages: Python, C#, JavaScript, Java
• Experience building workflows in issue tracking software like Jira

Preferred qualifications

• Ability to navigate cross-functional relationships
• Good organizational skills with attention to detail
• Clear communication both verbal and written
• Demonstrated analytical thinking in cybersecurity or software development
• Experience communicating technical concepts to a variety of audiences and experience levels 

Based on Colorado law, the following details are for Colorado individuals only: Colorado base salary range: $85,000 - $113,725 and eligible for bonus, equity and benefits at https://www.docusign.com/company/benefits.

Vaccination requirement DocuSign may require all employees to be fully vaccinated against COVID-19 and provide proof of vaccination to visit a DocuSign office, to meet with potential or actual customers or business partners, or for other business-related purposes, in accordance with local law. Please note that DocuSign has contracts with different governments globally which may require compliance with local and federal laws.

About usDocuSign helps organizations connect and automate how they prepare, sign, act on, and manage agreements. As part of the DocuSign Agreement Cloud, DocuSign offers eSignature: the world's #1 way to sign electronically on practically any device, from almost anywhere, at any time. Today, over a million customers and hundreds of millions of users in over 180 countries use DocuSign to accelerate the process of doing business and simplify people's lives. And we help save the world’s forests and embrace environmental sustainability. It’s important to us that we build a talented team that is as diverse as our customers and where all employees feel a deep sense of belonging and thrive. We encourage great talent who bring a range of perspectives to apply for our open positions. DocuSign makes hiring decisions based on experience, skill, aptitude and a can-do approach. We will not discriminate with regards to any legally protected characteristics. Accommodations DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures, including if you have any difficulty using our online system. If you need such an accommodation, you may contact us at [email protected].

#LI-Remote