ProdSec Developer

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As a ProdSec Developer in our Security team, you will join a core product security team designing, developing, integrating, and maintaining a repository of secure, reusable code components within Docusign’s SSDLC frameworks. Your work will empower product teams to build secure applications from the ground up for our industry-leading e-signature platform, fostering a secure-by-design mindset in our innovation-driven culture. This individual contributor role reports to the Director, Product Security and is designated as Hybrid, requiring minimum 2 days per week in-office. You will serve as a subject matter expert on secure coding practices, architectures, and build patterns, integrating critical security controls like authentication, authorization, and encryption into libraries. Collaborating across product security engineers and development teams, you’ll gather requirements, provide consultations, educate on secure library usage, review vulnerabilities, perform root cause analysis, and drive remediations. Staying ahead of emerging threats, you’ll continuously enhance our shared code’s security posture, ensuring the integrity of business-critical data in agreements processed worldwide. Ideal candidates bring 5+ years in Product Application Security, deep OWASP knowledge, cloud expertise (AWS, Azure, GCP), and proficiency in languages like C#/.NET, Python, Java, or JavaScript. You thrive in pre-existing code environments, evolve security standards, and excel in analytical problem-solving and collaboration. At Docusign, we’re committed to trust, equality, and making the world more agreeable—join us to protect our platform and feel pride in work that impacts millions.

Key Responsibilities

• Design, develop, and maintain a centralized repository of secure, reusable code components and tools for DocuSign development teams
• Serve as a subject matter expert on secure coding best practices, following frameworks like OWASP, BSIMM, and NIST SSDF
• Integrate security protocols and controls—such as authentication, authorization, and encryption—directly into libraries for secure-by-design behavior in e-signature and agreement management products
• Collaborate with product security engineers and product teams to gather requirements, provide expert consultation, and educate developers on secure use of shared libraries
• Review and verify reported vulnerabilities, perform root cause analysis, and partner with developers to drive corrections within DocuSign’s SSDLC frameworks
• Stay up-to-date with emerging security threats, trends, and technologies to continuously improve the security posture of shared code supporting intelligent agreement management
• Create and maintain detailed technical documentation and deployment guides for all secure components and their usage
• Empower product teams to build secure applications from the ground up, driving a secure-by-design mindset across DocuSign’s innovation culture
• Actively contribute to evolving security standards in pre-existing environments to protect over 1.5 million customers and a billion users worldwide
• Perform threat modeling and security analysis on library components to proactively mitigate potential vulnerabilities in cloud-based e-signature solutions

Required Qualifications

• 5+ years of experience in Product Application Security roles designing, implementing, and maintaining secure software systems
• High proficiency in programming languages relevant to DocuSign such as C#/.NET, Python, Java, JavaScript, with ability to quickly learn new languages
• Deep technical understanding of common security vulnerabilities (e.g., OWASP Top 10) and their mitigations/remediations
• Experience with development and build pipelines, associated best practices, and application security in cloud environments (e.g., AWS, Azure, GCP)
• Experience developing and implementing security APIs and tooling to protect against threats like unauthorized access and data breaches in high-stakes environments
• BS/BA degree or equivalent in relevant coding experience
• Proven experience identifying, iterating, and evolving security standards in pre-existing environments

Preferred Qualifications

• Experience in penetration testing practices and threat modeling of library components
• Expertise in secure source code audit/analysis, reverse engineering foreign code bases, and security testing automation for supply chain components
• Familiarity with static and dynamic analysis tools, including vulnerability scanning suites
• Ability to operate within and discover security implications of pre-existing code environments
• Excellent analytical, problem-solving, and communication skills with proven collaboration across multiple teams

Required Skills

• Secure software design and implementation
• Proficiency in C#/.NET, Python, Java, JavaScript
• OWASP Top 10 vulnerability expertise
• Cloud security (AWS, Azure, GCP)
• Development and CI/CD pipeline best practices
• Security API development
• Threat modeling and root cause analysis
• Static and dynamic analysis tools
• Penetration testing fundamentals
• Secure source code auditing
• Reverse engineering
• Automation scripting for security testing
• Analytical problem-solving
• Cross-team collaboration
• Technical documentation
• Communication and consultation skills
• Adaptability to emerging threats
• SSDLC framework integration

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Flexible time off and paid parental leave
• Professional development stipend and learning opportunities
• Hybrid work model with collaborative in-office experiences (minimum 2 days/week)
• Wellness programs including mental health support and fitness reimbursements
• Stock purchase plan and employee stock purchase program
• Volunteer time off and community impact initiatives
• Catered meals, snacks, and ergonomic home office setup allowances

DocuSign is an Equal Opportunity Employer.