Insider Risk Forensic Investigator

Location: Connecticut, United States

Department: Security

Work Mode: Remote

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business and simplify lives. With our Intelligent Agreement Management platform, we unleash business-critical data trapped in documents, powering the #1 company in e-signature and contract lifecycle management (CLM). As an Insider Risk Forensic Investigator in our Security team, you'll protect this innovation by leading complex investigations into insider threats, data loss, and policy violations that could impact our e-signature integrity and customer trust. This individual contributor role reports to the Senior Director, US Public Sector Compliance, and is designated as Remote, allowing you to work from your designated location while safeguarding DocuSign's global operations. In this critical role, you'll combine digital forensics, behavioral analysis, and investigative prowess to detect, mitigate, and respond to risks from employees, contractors, or partners. You'll lead end-to-end investigations using tools like EnCase, FTK, and Cellebrite to analyze evidence from endpoints, clouds, and our SaaS platform, reconstructing events around potential IP theft or data exfiltration. Collaborating with Legal, HR, IT, and Compliance, you'll develop defensible strategies, monitor DLP alerts and user analytics, and deliver actionable insights to executives—ensuring DocuSign's reputation as a secure innovator remains uncompromised. You'll thrive at DocuSign's innovation-driven culture by staying ahead of emerging threats, mentoring team members, and enhancing our insider risk program. With 8+ years in forensics or incident response, a BS/BA in a related field, and expertise in SIEM/DLP platforms, you'll bring the technical depth to handle high-stakes cases. Join us to make the world more agreeable, protect cutting-edge agreement technology, and contribute to a diverse team where every voice drives success. Docusign is an Equal Opportunity Employer committed to trust, belonging, and bold impact.

Key Responsibilities

• Lead and manage end-to-end investigations into suspected insider threats, data breaches, IP theft, fraud, and policy violations involving employees, contractors, or partners
• Collect, preserve, and analyze digital evidence from endpoints, servers, cloud environments, and DocuSign's Intelligent Agreement Management platform
• Utilize forensic tools and techniques to reconstruct events, identify root causes, and assess scope/impact of incidents
• Develop and implement investigative protocols, workflows, and best practices for DocuSign's insider risk program
• Collaborate with Legal, HR, IT, Compliance, and executive stakeholders to ensure legally defensible investigations
• Prepare detailed investigative reports and present findings to senior leadership on risks to e-signature and agreement data
• Monitor user behavior analytics, DLP alerts, and security telemetry to proactively detect insider risks
• Maintain expertise in emerging threats, investigative methodologies, and regulations impacting SaaS security
• Mentor junior investigators on forensic techniques tailored to DocuSign's innovative tech stack
• Support continuous improvement of insider risk strategies to safeguard customer trust and business innovation

Required Qualifications

• BS/BA degree or equivalent in digital investigation, forensic computing, cybersecurity, or related field
• 8+ years of experience in digital forensics, incident response, or insider threat investigations
• Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, Cellebrite
• Proficiency with SIEM, DLP, endpoint detection platforms, and security telemetry analysis
• Strong experience with behavioral analytics, user activity monitoring, and risk assessment methodologies
• Demonstrated ability to handle complex investigations involving data exfiltration or IP theft in enterprise environments
• Understanding of chain of custody, evidence preservation, and compliance with legal standards

Preferred Qualifications

• Exposure to programming, scripting, and query languages such as Python and SQL
• Experience with digital forensics in legal proceedings or court-admissible evidence preparation
• Deep knowledge of legal, regulatory, and privacy considerations (e.g., GDPR, CCPA) related to investigations
• Familiarity with cloud forensics in AWS, Azure, or similar environments used by SaaS platforms
• Prior experience in SaaS or technology companies protecting intellectual property and customer data

Required Skills

• Digital forensics expertise (EnCase, FTK, X-Ways, Cellebrite)
• SIEM and endpoint detection platforms
• DLP and user behavior analytics
• Risk assessment methodologies
• Evidence collection and chain of custody
• Incident reconstruction and root cause analysis
• Python scripting and SQL querying
• Cloud forensics (AWS, Azure)
• Legal and regulatory compliance (GDPR, CCPA)
• Cross-functional collaboration
• Investigative report writing
• Executive presentation skills
• Proactive threat monitoring
• Mentoring and training
• Analytical problem-solving
• Attention to detail
• Adaptability to emerging threats

Benefits

• Competitive base salary with location-specific ranges (e.g., CA: $177,900 - $287,425)
• Company bonus plan based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off including company holidays
• Paid Parental Leave up to six months
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with employer contributions
• Learning and Development including coaching and education reimbursements
• Compassionate Care Leave for life events

DocuSign is an Equal Opportunity Employer.