Offensive Security Engineer

Location: Bengaluru, India

Department: Engineering

Work Mode: Hybrid

About the Role

DocuSign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use DocuSign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), DocuSign unleashes business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. Join our innovative culture where trust, equality, and security drive everything we do, protecting the agreements that power global commerce. As an Offensive Security Engineer in our Engineering team, you will play a critical role in safeguarding DocuSign’s products and customers. This individual contributor role, reporting to the Director of Offensive Security, involves leading penetration testing, red team exercises, and vulnerability research on our e-signature platform, CLM solutions, and AI-enhanced features. You will conduct in-depth assessments of web applications, APIs, cloud infrastructure, and emerging technologies, identifying weaknesses, developing exploits, and proposing remediation strategies to maintain our leadership in secure agreement management. You will collaborate closely with PSIRT, engineering, Threat Intelligence, and product teams to analyze security issues, perform root cause analysis, and drive resolutions. Ensuring timely incident management, clear communication of findings using CVSS, MITRE ATT&CK, and CWE, and fostering security best practices will be key to enhancing our security posture. Thrive in our hybrid work model (minimum 2 days/week in-office) within a culture that values innovation, open idea exchange, and making the world more agreeable. DocuSign is committed to equal opportunity, building trust, and supporting employee success. We offer competitive benefits, professional growth, and a mission-driven environment where your work protects customer trust in every digital signature.

Key Responsibilities

• Conduct penetration testing, red team exercises, and vulnerability research on DocuSign’s Intelligent Agreement Management platform, e-signature solutions, and related services
• Perform in-depth security assessments to identify weaknesses in web applications, APIs, and product integrations
• Develop and demonstrate exploits to validate vulnerabilities and support remediation efforts
• Collaborate with PSIRT to analyze product security issues, perform root cause analysis, and drive resolutions with engineering teams
• Ensure timely, compliant, and effective incident management from triage through remediation and closure
• Communicate findings professionally to stakeholders, including risk ratings using CVSS and mappings to MITRE ATT&CK and CWE
• Partner with cross-functional teams such as Threat Intelligence, engineering, and product to strengthen DocuSign’s security posture
• Propose and validate remediation strategies to protect customer agreements and data in e-signature workflows
• Contribute to continuous improvement of offensive security practices and security best practices adoption
• Support security innovation by testing emerging features in AI-driven agreement management and CLM solutions

Required Qualifications

• 5+ years of experience (3+ with a Master’s degree) in security research, red teaming, or penetration testing, with a focus on web application security
• Hands-on experience in exploit development for identifying and demonstrating vulnerabilities
• Solid understanding of core cybersecurity principles, incident response lifecycles, and security best practices
• Proficiency in CVSS for vulnerability scoring, MITRE ATT&CK for adversary tactics and techniques, and CWE for software weakness categorization

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Industry certifications such as OSCP, GXPN, OSEP, OSWA, OSWE, or OSDA
• Experience with cloud, container, or network security testing
• Experience with AI security testing
• Strong track record in collaborative security assessments within SaaS environments

Required Skills

• Penetration testing and red teaming methodologies
• Exploit development and proof-of-concept creation
• Web application security assessment (e.g., OWASP Top 10)
• Cloud security testing (AWS, Azure, GCP)
• Container security (Docker, Kubernetes)
• Network security protocols and testing
• AI/ML model security and adversarial testing
• CVSS v3/v4 scoring and vulnerability prioritization
• MITRE ATT&CK framework application
• CWE weakness identification and mapping
• Incident response and triage processes
• Root cause analysis and remediation strategy development
• Technical writing and reporting for non-technical audiences
• Cross-functional collaboration and stakeholder communication
• Analytical problem-solving with attention to detail
• Independent task execution and team contribution
• Scripting and automation (Python, Bash, etc.)
• Familiarity with SaaS security challenges in e-signature and CLM platforms

Benefits

• Comprehensive health, dental, and vision insurance with multiple plan options
• 401(k) retirement savings plan with generous company matching
• Flexible time off including unlimited PTO and paid family leave
• Professional development stipend for certifications, conferences, and training like OSCP or OSWE
• Hybrid work model with collaborative in-office days and remote flexibility
• Stock purchase plan and employee stock purchase program
• Wellness programs including mental health support and fitness reimbursements
• Volunteer time off and community impact programs aligned with DocuSign’s mission
• Global employee assistance program and parental support benefits

DocuSign is an Equal Opportunity Employer.