Sr. Incident Responder

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As the #1 company in e-signature and CLM, we unleash business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. Join our innovative security team in India as a Sr. Incident Responder, where you'll safeguard our platform against evolving threats in a dynamic, trust-first culture. Reporting to the CSIRT Manager, this individual contributor role is pivotal to our 'Detect & Respond' function. You'll triage SOC alerts, investigate incidents like malware and phishing targeting our e-signature ecosystem, and drive continuous improvement in response capabilities. With a strong technical foundation, on-call readiness, and proactive mindset, you'll protect customer agreements and data using cutting-edge tools, ensuring Docusign remains a secure leader in SaaS innovation. This hybrid role (minimum 2 days/week in-office) demands sharp analytical skills to correlate logs, apply MITRE ATT&CK, and automate workflows via SIEM, EDR, and SOAR. Collaborate across teams, hunt threats, and contribute to post-incident learnings that fortify our global operations. At Docusign, we foster an equal, inclusive environment where your work builds trust worldwide—be part of making the world more agreeable. #LI-Hybrid #LI-SA4

Key Responsibilities

• Perform initial triage and in-depth analysis of security alerts from SIEM and monitoring tools
• Correlate events from various log sources to identify and scope potential security incidents
• Conduct technical investigations into incidents including malware, phishing, web compromises, and insider threats
• Utilize digital forensics on data and endpoints to gather evidence and reconstruct incident timelines
• Support containment, eradication, and recovery efforts under CSIRT Manager guidance
• Document findings, lessons learned, and contribute to post-incident reports
• Develop and refine threat detection rules and participate in proactive threat hunting
• Optimize SIEM/SOAR workflows, create automation scripts, and streamline security operations
• Collaborate with security, IT, and business teams; provide status updates to CSIRT Manager
• Stay current on threat intelligence, emerging techniques, and maintain law enforcement relationships

Required Qualifications

• 8+ years of hands-on experience in cybersecurity, with a focus on Security Operations (SOC) and/or Incident Response
• Solid understanding of cybersecurity principles, incident response lifecycles, and security best practices
• Experience with SIEM tools (e.g., Splunk, QRadar, Sentinel) for alert analysis and log correlation
• Familiarity with EDR solutions and their role in incident investigation
• Strong familiarity with digital forensics principles, techniques, and enterprise forensic solutions
• Knowledge of scripting languages (e.g., Python, PowerShell, Bash) for automation and data analysis
• Deep understanding of the MITRE ATT&CK framework and cyber kill chain
• Ability to work on-call, independently under pressure, and protect against emerging AI threats

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Industry certifications such as CompTIA Security+, CySA+, GCIH, GCFA, or CEH
• Hands-on experience with SOAR platforms
• Exposure to cloud security concepts (AWS, Azure, GCP)
• Experience in high-stakes environments protecting SaaS platforms and customer data

Required Skills

• SIEM alert triage and log correlation
• EDR tool proficiency for incident investigation
• Digital forensics and evidence collection
• Scripting in Python, PowerShell, or Bash
• MITRE ATT&CK framework application
• Cyber kill chain analysis
• Threat hunting and intelligence analysis
• SOAR platform optimization
• Cloud security (AWS, Azure, GCP)
• Analytical problem-solving
• Technical communication (written/verbal)
• Team collaboration under pressure
• Automation and process improvement
• AI threat mitigation
• Incident documentation and reporting
• Cross-functional stakeholder engagement

Benefits

• Competitive salary and equity in a leading SaaS innovator
• Comprehensive health, dental, and vision insurance
• 401(k) matching and employee stock purchase program
• Flexible hybrid work model with minimum 2 days in-office
• Generous paid time off, parental leave, and wellness programs
• Professional development stipend and certification reimbursement
• On-call compensation and rotation support
• Global team events and innovation-focused culture
• Volunteer time off to support communities

DocuSign is an Equal Opportunity Employer.