Lead Offensive Security Engineer

Location: United States

Department: Security

Work Mode: Remote

About the Role

DocuSign brings agreements to life, empowering over 1.5 million customers and a billion people across 180 countries with intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), we unleash business-critical data trapped in documents, accelerating business processes and simplifying lives. Join our innovative security team as a Lead Offensive Security Engineer, where you'll protect our cutting-edge SaaS platform by leading offensive security initiatives in a dynamic, trust-first culture that values bold ideas and collaboration. In this individual contributor role reporting to the Director of Offensive Security, you'll drive penetration tests, red team exercises, and security research tailored to DocuSign's e-signature and CLM solutions. Provide technical leadership by mentoring team members, overseeing project execution, and identifying high-risk areas for investigation. As a subject matter expert, collaborate with PSIRT, engineering, and Threat Intelligence to analyze vulnerabilities, define remediations, and communicate threats to leadership using frameworks like CVSS, MITRE ATT&CK, and CWE. You'll thrive in our remote-friendly environment (no frequent office requirement) with strong analytical skills, exploit development expertise, and a passion for securing cloud-native SaaS innovations, including AI-driven features. At DocuSign, we're committed to diversity, equal opportunity, and making the world more agreeable—your contributions will safeguard our customers while fostering a culture of continuous security improvement and professional growth.

Key Responsibilities

• Spearhead offensive security testing initiatives, including penetration tests and red team exercises, to protect DocuSign’s e-signature and Intelligent Agreement Management platforms
• Provide clear technical guidance and direction to the offensive security team as a senior individual contributor
• Mentor team members, sharing advanced offensive security skills, exploit development techniques, and best practices
• Oversee planning and execution of offensive security projects, prioritizing high-impact areas for DocuSign products
• Identify and direct security investigation areas in coordination with the Director of Offensive Security and other leads
• Serve as a key subject matter expert for stakeholders, conducting vulnerability impact analysis and defining remediation strategies
• Collaborate with PSIRT and engineering teams to analyze and resolve product security issues in e-signature workflows
• Maintain professional communication with stakeholders throughout the security evaluation lifecycle
• Message key business threats and risks to leadership, leveraging MITRE ATT&CK and CVSS frameworks
• Partner with cross-functional teams like Threat Intelligence to strengthen DocuSign’s overall product security posture
• Conduct security research on emerging threats to intelligent agreement management and SaaS innovations

Required Qualifications

• 12+ years of experience (10+ with a Master’s degree) in security research, red teaming, or penetration testing, with a focus on web application security
• Proven experience in exploit development for identifying and demonstrating critical vulnerabilities
• Deep knowledge of cybersecurity principles, incident response lifecycles, and security best practices
• Hands-on experience with CVSS for vulnerability scoring, MITRE ATT&CK for adversary tactics, and CWE for software weakness categorization
• Demonstrated experience leading teams effectively and communicating complex offensive security findings to executive leadership
• Strong track record in conducting penetration tests and red team exercises in enterprise environments
• Familiarity with securing cloud-native applications and SaaS platforms like DocuSign's Intelligent Agreement Management

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Industry certifications such as OSCP, GXPN, OSEP, OSWA, OSWE, or OSDA
• Experience with cloud, container, or network security testing
• Experience with AI/ML security testing and emerging threats
• Excellent written and verbal communication skills for explaining technical concepts to non-technical stakeholders
• Strong analytical and problem-solving skills with meticulous attention to detail

Required Skills

• Web application penetration testing
• Exploit development
• Red teaming operations
• CVSS vulnerability scoring
• MITRE ATT&CK framework
• CWE weakness enumeration
• Incident response lifecycles
• Team leadership and mentoring
• Stakeholder communication
• Vulnerability impact analysis
• Cloud security testing (AWS, Azure, GCP)
• Container security (Docker, Kubernetes)
• AI/ML security assessment
• Analytical problem-solving
• Technical writing and presentation
• Cross-functional collaboration
• SaaS security best practices
• Threat modeling for e-signature platforms

Benefits

• Competitive base salary with location-based ranges (e.g., California: $177,900 - $287,425)
• Company bonus plan based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off including company holidays
• Paid Parental Leave up to six months
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with employer contributions
• Learning and Development programs including coaching and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.