Cloud Security Engineer

Location: Seattle, Washington

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record for unprecedented efficiency and innovation. As a Cloud Security Engineer focused on AI security, you will shape how Docusign safely adopts AI by rigorously testing, hardening, and securely deploying vendor-provided AI and ML solutions. Working closely with engineering and data science teams, you'll go beyond compliance to probe vulnerabilities, validate data handling in e-signature workflows, and build robust controls for third-party AI technologies. Your expertise will enable secure, responsible AI integration, empowering Docusign's innovation culture while upholding our strong security posture for global agreement management. This individual contributor role reports to the Director, Platform Security and is designated as Hybrid (minimum 2 days per week in-office). In this role, you'll inspect vendor AI models for sensitive data handling, design secure cloud integrations like API gateways and sandboxing, implement monitoring for model misuse, and conduct AI-specific threat modeling (e.g., data poisoning, adversarial examples). Collaborating across teams, you'll embed security into AI pipelines supporting DocuSign's e-signature and CLM platforms, document best practices, and stay ahead of emerging threats to foster confident business innovation. Docusign is committed to building trust, equality, and a thriving environment where diverse talent excels. Join us to make the world more agreeable through secure AI-powered agreements.

Key Responsibilities

• Inspect and validate vendor AI/ML models' handling of sensitive data during ingestion and inference, testing for data leakage, memorization, encryption, and tenant isolation in DocuSign's intelligent agreement management platform
• Design and implement secure integration patterns for AI solutions in the cloud, including API gateways, sandboxing, and collaboration with red team to strengthen input/output flows for e-signature and CLM workflows
• Build and maintain monitoring hooks and guardrails to detect model misuse, drift, anomalous output, or data exfiltration in AI-driven agreement processing
• Implement technical safeguards and automation such as filtering layers, rate-limiting, DLP for prompts/responses, and synthetic data pipelines to protect sensitive agreement data
• Collaborate with engineering, data science, and security teams to embed security into AI development and deployment workflows supporting DocuSign's e-signature innovations
• Partner with platform engineers and security architects to develop secure deployment patterns and reusable reference architectures for cloud-based AI in agreement management
• Conduct threat modeling for AI/ML-specific attack surfaces (e.g., model inversion, membership inference, data poisoning, adversarial examples) and drive mitigations
• Support incident response and remediation for security events involving AI systems in DocuSign's global platform
• Document security processes, runbooks, and best practices for AI in the cloud, tailored to e-signature and CLM security
• Stay current with emerging threats and best practices in AI and cloud security to enable DocuSign's innovation culture

Required Qualifications

• 2+ years of experience in cloud security engineering, application security, or related field
• Bachelor’s or Master’s degree in Computer Science, Information Security, or related technical field (or equivalent experience)
• Experience with penetration testing, application security, or offensive security, including applied knowledge of AI/ML attack vectors
• Experience testing APIs, cloud SaaS integrations, and vendor platforms for vulnerabilities
• Experience with AI/ML pipelines and associated risks (e.g., model training vs. inference, adversarial examples, data leakage)
• Experience implementing technical controls for data protection, access management, and monitoring in cloud or high-risk systems
• Proficiency in scripting or programming languages (e.g., Python, Go) for automation and testing
• Demonstrated ability to collaborate with engineering, data science, and security teams

Preferred Qualifications

• Experience securing AI/ML workloads or platforms in cloud environments (e.g., Azure AI, AWS SageMaker, Google AI Platform)
• Familiarity with regulatory compliance frameworks relevant to AI and cloud (e.g., GDPR, HIPAA, SOC 2)
• Experience with cloud security posture management (CSPM), CNAPP, or related solutions (e.g., Wiz, Microsoft Defender)
• Background in threat modeling and risk assessment for AI/ML systems
• Knowledge of data privacy, secrets management, or PKI in cloud-based AI solutions

Required Skills

• Cloud security engineering
• AI/ML security risks and attack vectors
• Penetration testing and offensive security
• API and SaaS vulnerability testing
• Python or Go scripting for automation
• Data protection and access management controls
• Threat modeling for AI systems
• Cloud monitoring and guardrails implementation
• DLP and rate-limiting for AI inputs/outputs
• Cross-functional collaboration with engineering and data science
• Incident response for AI security events
• Regulatory compliance knowledge (GDPR, HIPAA, SOC 2)
• Cloud platforms (AWS, Azure, GCP)
• Problem-solving in high-risk environments
• Documentation and process improvement
• Adaptability to emerging AI threats

Benefits

• Competitive base salary range: $109,600 - $156,950 (Washington, Maryland, New Jersey, New York including NYC metro)
• Company bonus plan based on performance
• Paid Time Off including earned time off and company holidays
• Paid Parental Leave up to six months
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with potential employer contributions
• Learning and Development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.