Sr. AI Detect & Respond Engineer

Location: Seattle, Washington; Chicago, Illinois

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As the #1 company in these spaces, we unleash business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. Join our innovative culture where trust and security drive everything we do, protecting the integrity of digital agreements worldwide. We are seeking a talented Sr. AI Detect & Respond Engineer in our Security team—an individual contributor reporting to the Sr. Director of AI & Data Security. In this hybrid role (minimum 2 days/week in-office), you will defend Docusign against AI-enabled threats like enhanced phishing, deepfakes, and automated exploits targeting our e-signature platform, while leveraging AI to supercharge our defenses. Act as the vital bridge between AI security and operational teams (CSIRT, Detection & Response, Threat Intelligence), analyzing adversary AI TTPs, designing mitigations, and implementing AI tools to boost SOC efficiency and threat response speed. Key responsibilities include monitoring adversarial AI landscapes via MITRE ATLAS/ATT&CK, developing playbooks for AI attacks on agreement workflows, conducting resilience simulations, mitigating Shadow AI risks, and tracking LLM misuse by threat actors. You will evaluate AI security tools, counter adversarial ML attacks, define measurable outcomes, and communicate risks in business terms to leadership—ensuring Docusign's platform remains the most secure in intelligent agreement management. Bring 8+ years in infosec (IR, Threat Intel, SOC), expertise in offensive AI/ML, scripting (Python/Go/PowerShell), SIEM/SOAR/EDR with AI integration, and adversarial ML concepts. Preferred: degrees in CS/InfoSec, certs like GCIH/CISSP, deepfake experience, NIST frameworks, and automation leadership. Thrive in our equal opportunity culture fostering diverse perspectives, innovation, and deep pride in securing the world's agreements. This position is not eligible in AK, HI, ME, MS, ND, SD, VT, WV, WY.

Key Responsibilities

• Monitor the evolving threat landscape for adversarial AI TTPs targeting enterprises, including those impacting intelligent agreement management and e-signature platforms
• Collaborate with Detection & Response teams to create playbooks and detection logic for AI-enabled attacks like deepfakes, voice cloning, and AI-generated social engineering
• Conduct threat modeling and adversarial simulations to strengthen DocuSign's resilience against AI-driven attacks on agreement workflows
• Evaluate and deploy AI-powered security tools to automate SOC operations, enhance anomaly detection, and accelerate incident triage
• Analyze and mitigate Shadow AI risks from unauthorized external AI tools that could compromise e-signature integrity and customer data
• Partner with Threat Intelligence to track actors using LLMs for code generation, exploit development, or reconnaissance against DocuSign systems
• Develop countermeasures against adversarial ML attacks such as evasion, extraction, and poisoning in AI security models
• Define KPIs for AI threat defense outcomes, track progress, and report to leadership on innovations protecting DocuSign's platform
• Translate AI security risks into business impacts, providing recommendations to operational and executive stakeholders
• Bridge AI security with CSIRT, Detection & Response, and Threat Intelligence to foster DocuSign's culture of proactive innovation

Required Qualifications

• 8+ years of experience in information security, with a focus on Incident Response, Threat Intelligence, or Security Operations (SOC)
• Strong understanding of how AI/ML is used in offensive cyber operations, such as automated phishing, exploit generation, and deepfakes
• Hands-on experience with MITRE ATLAS framework and MITRE ATT&CK for mapping AI threats to enterprise risks
• Proficiency in scripting languages like Python, Go, or PowerShell for building security automation tools
• Experience with SIEM, SOAR, and EDR platforms, including integration of AI/ML models into detection and response workflows
• Deep knowledge of adversarial machine learning concepts, including data poisoning, model inversion, and evasion attacks
• Proven ability to translate complex technical security risks into business context and actionable recommendations for stakeholders

Preferred Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field
• Relevant certifications such as GCIH, GCTI, CISSP, or AI-specific security certifications
• Experience with deepfake detection technologies, media authentication standards, and Red Teaming AI systems
• Knowledge of frameworks including NIST AI RMF, ISO 42001, and NIST CSF
• Track record of driving automation strategies, predictive analytics, and data-driven security insights

Required Skills

• AI/ML in offensive cybersecurity (phishing, exploits, deepfakes)
• MITRE ATLAS and ATT&CK frameworks
• Python, Go, or PowerShell scripting for automation
• SIEM, SOAR, EDR integration with AI models
• Adversarial ML (poisoning, inversion, evasion)
• Threat modeling and simulation for AI systems
• Deepfake detection and media authentication
• Risk translation to business impact
• SOC automation and anomaly detection
• Collaboration across security teams (CSIRT, SOC, Threat Intel)
• Excellent communication for technical/non-technical audiences
• Knowledge of NIST AI RMF, ISO 42001, NIST CSF
• Red Teaming and adversarial simulations
• Predictive analytics and data-driven insights
• Shadow AI risk mitigation
• LLM threat actor tracking

Benefits

• Competitive base salary range: $151,200 - $222,450 (Washington, Maryland, New Jersey, New York including NYC metro)
• Eligibility for company bonus plan based on performance
• Restricted Stock Units (RSUs) as part of compensation
• Comprehensive health benefits with 100% employer-paid options from day one
• Generous Paid Time Off, paid company holidays, and up to six months Paid Parental Leave
• Retirement plans with potential employer contributions
• Learning and Development programs including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.