Forensic Investigator

Location: Dublin, Ireland

Department: IT Infrastructure & Operations

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through our Intelligent Agreement Management platform, the #1 in e-signature and contract lifecycle management (CLM). We're seeking a highly motivated Forensic Investigator to join our dynamic security team in the IT Infrastructure & Operations department, reporting to the CSIRT Senior Manager. This individual contributor role is pivotal to our Detect & Respond function, safeguarding the integrity of our e-signature and CLM services against advanced cyber threats in a fast-paced, innovation-driven culture. In this role, you will conduct in-depth digital forensic analyses of security incidents, acquiring, preserving, and examining evidence from endpoints, servers, cloud environments, and network devices. You'll identify root causes, support threat containment and eradication, participate in on-call rotations for global incident response, and lead proactive threat hunting using SIEM, EDR, and forensic tools like Magnet Axiom, Velociraptor, and Splunk. Processing massive datasets, tracing malicious activity such as file manipulations and cloud interactions, and automating workflows with Python pipelines will be key to protecting DocuSign's critical agreement data. You'll collaborate across CSIRT, security leadership, and IT teams, delivering precise reports and metrics while developing SOPs and innovative tools to enhance our forensic capabilities. With a hybrid work model (minimum 2 days/week in-office), strong analytical skills, and a proactive mindset, you'll contribute to making the world more agreeable by securing the agreements that power global business. Join our inclusive culture where trust, equality, and innovation empower you to do the work of your life.

Key Responsibilities

• Lead and participate in the investigation, coordination, and resolution of security incidents impacting DocuSign's Intelligent Agreement Management platform
• Perform comprehensive digital forensic analysis on end-user systems, servers, cloud environments, and network devices to identify IOCs and malicious activity
• Conduct proactive threat hunting within SIEM, EDR, and other security tools to detect threats to e-signature and CLM services
• Acquire, preserve, and analyze digital evidence while maintaining chain of custody for forensic integrity
• Analyze artifacts to trace user activity including file manipulation, USB usage, browser history, chat logs, and cloud interactions
• Process massive datasets using tools like FTK, EnCase, Autopsy, Magnet Forensics Axiom, and Cellebrite for filtering, de-duplication, and analysis
• Support containment, eradication, and remediation efforts, identifying root causes to prevent recurrence
• Develop and maintain SOPs for incident response and forensics, and research new tools to enhance capabilities
• Build and maintain data pipelines to automate forensic data ingestion and processing in the security ecosystem
• Provide clear reporting, metrics, and fact-based forensic analysis to CSIRT leadership and stakeholders
• Collaborate with IT teams, system owners, and internal stakeholders for incident response and best practices in evidence handling

Required Qualifications

• 5+ years of hands-on experience in cybersecurity, with a focus on incident response and computer forensics analysis
• Experience with cybersecurity principles, incident response lifecycles, and security best practices
• Proficiency with forensic tool suites such as Sumuri, Magnet Forensics Axiom, Velociraptor, and X-ways
• Expertise in digital evidence handling and forensic analysis across Windows, Unix/Linux operating systems, and environments including endpoints, servers, and cloud
• Hands-on experience with SIEM tools (e.g., Splunk, QRadar, Sentinel) and EDR technologies for alert analysis, log correlation, threat hunting, and incident identification
• Programming experience in Python for scripting, automating forensic tasks, and building security data pipelines
• Proven ability to communicate technical information clearly to technical and non-technical audiences
• Experience managing multiple complex investigations simultaneously with strong attention to detail and accuracy

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Security, or related field
• Relevant certifications such as GCFE, GCFA, GREM, GCIH, EnCE, or CISSP
• Experience with big data frameworks like Apache Spark and Kafka for processing large-scale security data
• Programming skills in PowerShell and/or C/C++
• Hands-on experience with SOAR platforms and knowledge of protecting against AI-generated threats
• Ability to participate in global on-call rotation for incident response

Required Skills

• Digital forensics and incident response
• SIEM and EDR tool proficiency (Splunk, QRadar, Sentinel)
• Forensic tool expertise (Sumuri, Magnet Axiom, Velociraptor, X-ways, FTK, EnCase)
• Python scripting and automation
• Multi-OS forensics (Windows, Linux/Unix)
• Cloud environment analysis (AWS, Azure, GCP)
• Threat hunting and IOC identification
• Chain of custody and evidence preservation
• Data pipeline development
• Big data processing (Spark, Kafka)
• Technical communication and reporting
• Stakeholder collaboration and consultation
• Analytical problem-solving
• Attention to detail in high-pressure scenarios
• PowerShell scripting
• SOAR platform experience
• AI threat mitigation knowledge

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Unlimited PTO and flexible work arrangements
• Professional development stipend and tuition reimbursement
• Stock purchase program and employee stock purchase plan
• Wellness programs including gym memberships and mental health support
• Parental leave and family planning benefits
• Volunteer time off and charitable matching programs
• Hybrid work model with modern office spaces worldwide

DocuSign is an Equal Opportunity Employer.