Sr. AI Product Security Engineer

Location: Seattle, Washington

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. As a Sr. AI Product Security Engineer in the Security team, you will lead the implementation of AI and data security practices within the product Software Development Lifecycle (SDL). Reporting to the Sr. Director of AI & Data Security, this individual contributor role involves close collaboration with cross-functional teams to embed secure-by-design principles into AI systems and data platforms powering Docusign's e-signature and agreement innovations. You will drive measurable security outcomes, mitigate AI-specific risks like adversarial attacks and data poisoning, and support our digital transformation in a hybrid work model (minimum 2 days/week in-office). Your impact will span designing security controls for AI/ML products, conducting threat modeling for data pipelines and APIs, integrating AI-powered vulnerability detection tools, and educating teams on emerging threats. By ensuring security is foundational to Docusign's intelligent agreement platform, you'll protect customer trust while fostering innovation in a culture that values diversity, open idea exchange, and making the world more agreeable. Docusign is committed to equal opportunity, building diverse teams where everyone thrives, and providing accommodations as needed. This position is not eligible for employment in Alaska, Hawaii, Maine, Mississippi, North Dakota, South Dakota, Vermont, West Virginia, or Wyoming.

Key Responsibilities

• Design, implement, and maintain security controls for DocuSign's AI/ML products, platforms, and intelligent agreement management systems
• Collaborate with AI/ML teams to embed secure model development practices, including secure training pipelines, data governance, and continuous model monitoring
• Conduct threat modeling, risk assessments, and security reviews for AI/ML systems, data pipelines, APIs, and e-signature workflows
• Integrate or build AI-powered tools to enhance vulnerability detection, code review, and threat modeling within DocuSign's innovation ecosystem
• Identify and mitigate AI/ML-specific vulnerabilities such as adversarial attacks, data poisoning, model inversion, and extraction risks
• Partner with product, engineering, and data science teams to integrate security best practices into the AI/ML development lifecycle and SDL
• Develop and enforce secure coding guidelines, perform code reviews, and ensure compliance with DocuSign's security standards
• Monitor, detect, and respond to security incidents related to AI/ML products and e-signature platforms
• Stay current with AI/ML security research, emerging threats, and tools to protect DocuSign's agreement automation innovations
• Educate and train cross-functional teams on AI/ML security risks, mitigation strategies, and secure-by-design principles

Required Qualifications

• 8+ years of experience in application or product security, with at least 1 year focused on AI/ML systems
• Hands-on experience with AI/ML concepts, architectures, frameworks, and securing cloud-based deployments on AWS, Azure, or GCP
• Proficiency in programming languages such as Python, Java, or C++ for developing secure AI/ML solutions
• Deep knowledge of secure software development practices, AI/ML model security, common threats (e.g., adversarial attacks, data poisoning), and mitigation techniques
• Experience with data governance, secure training pipelines, and operationalizing security compliance in complex environments
• Demonstrated ability to conduct threat modeling, risk assessments, and translate technical security risks into business context for DocuSign's intelligent agreement management platform
• Experience integrating security into product SDLC, including APIs, data pipelines, and e-signature workflows

Preferred Qualifications

• Bachelor’s or Master’s degree in Computer Science, Information Security, or related field
• Certifications such as CAIP, CISM, CRISC, CISSP, CCSP, or equivalent
• Knowledge of security frameworks including NIST AI RMF, ISO 42001, NIST CSF, SOC 2, and FedRAMP
• Experience with attack surface monitoring, supply chain security, automation strategies, and AI-powered security tools
• Strong track record of cross-functional collaboration with Product, Engineering, Data, Privacy, and executive teams
• Familiarity with exploiting vulnerabilities and common exploit mitigations

Required Skills

• AI/ML security expertise (adversarial attacks, data poisoning, model inversion)
• Secure software development lifecycle (SDL) practices
• Threat modeling and risk assessment
• Python, Java, or C++ programming
• Cloud security on AWS, Azure, GCP
• Data governance and secure AI pipelines
• Code review and vulnerability analysis
• Cross-functional collaboration and stakeholder management
• Communication across technical and business audiences
• Knowledge of NIST AI RMF, ISO 42001, SOC 2
• Automation and AI-powered security tools
• Incident monitoring and response
• Secure coding guidelines enforcement
• Business risk translation
• Continuous learning in AI security research

Benefits

• Competitive base salary: $151,200 - $222,450 (Washington, Maryland, New Jersey, New York metro)
• Eligibility for company bonus plan based on performance
• Restricted Stock Units (RSUs) as part of compensation
• Comprehensive health benefits with 100% employer-paid options from day one
• Generous Paid Time Off, paid company holidays, and up to 6 months Paid Parental Leave
• Retirement plans with employer contributions
• Learning and Development programs including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events
• Hybrid work model with minimum 2 days in-office per week

DocuSign is an Equal Opportunity Employer.