Sr. IRMP Investigator

Location: United States

Department: IT Infrastructure & Operations

Work Mode: Remote

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), Docusign unleashes business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. Join our innovative culture where trust, integrity, and cutting-edge security protect the world's most vital agreements. As a Sr. IRMP Investigator in IT Infrastructure & Operations, you will lead complex investigations into insider threats, data loss, policy violations, and security incidents affecting employees, contractors, or trusted partners. Combining digital forensics, behavioral analysis, and investigative expertise, you will safeguard DocuSign's e-signature platform and CLM solutions. This individual contributor role reports to the Senior Director, Public Sector Compliance, and collaborates across Legal, HR, IT, and Compliance to deliver actionable insights that protect our assets, reputation, and customers' sensitive agreement data in a remote designation. You will manage end-to-end investigations using advanced forensic tools, analyze telemetry from DLP and SIEM systems, and develop protocols to mitigate risks in our cloud-native environment. Proactively monitoring user behaviors, you will reconstruct incidents, present findings to executives, and mentor teams while staying ahead of emerging threats to digital agreements. Thrive in DocuSign's equal opportunity culture committed to diversity, belonging, and innovation, where your work makes the world more agreeable.

Key Responsibilities

• Lead and manage end-to-end investigations into insider threats, data breaches, IP theft, fraud, and security incidents involving employees, contractors, or partners
• Collect, preserve, and analyze digital evidence from endpoints, servers, cloud environments, and DocuSign's Intelligent Agreement Management platform
• Utilize forensic tools and techniques to reconstruct events, identify root causes, and assess incident scope and impact
• Develop and implement investigative protocols, workflows, and best practices for DocuSign's insider risk program
• Collaborate with Legal, HR, IT, Compliance, and Public Sector teams to ensure legally defensible investigations
• Prepare detailed investigative reports and present findings to executive leadership on risks to e-signature and CLM solutions
• Monitor user behavior analytics, DLP alerts, and security telemetry to proactively detect insider risks
• Maintain expertise in emerging threats, investigative methodologies, and regulations impacting digital agreements
• Mentor and train junior investigators on forensic techniques tailored to DocuSign's innovative environment
• Support continuous improvement of the insider risk program to protect business-critical agreement data

Required Qualifications

• BS/BA degree or equivalent in digital investigation, forensic computing, cybersecurity, or related field
• 8+ years of experience in digital forensics, incident response, or insider threat investigations
• Hands-on experience with forensic tools such as EnCase, FTK, X-Ways, Cellebrite
• Proficiency with SIEM, DLP, endpoint detection platforms, and security telemetry analysis
• Strong experience with behavioral analytics, user activity monitoring, and risk assessment methodologies
• Demonstrated ability to handle investigations in compliance with legal and regulatory standards
• Experience preserving and analyzing digital evidence from endpoints, servers, and cloud environments

Preferred Qualifications

• Master’s Degree in Cybersecurity, Information Systems, or related field
• Exposure to programming, scripting, and query languages such as Python and SQL
• Experience with digital forensics in legal proceedings or courtroom testimony
• Deep understanding of legal, regulatory, and privacy considerations in investigations
• Prior work in SaaS or technology companies handling sensitive agreement data

Required Skills

• Digital forensics and evidence handling
• Incident response and investigation leadership
• Forensic tool proficiency (EnCase, FTK, X-Ways, Cellebrite)
• SIEM, DLP, and endpoint detection expertise
• Behavioral analytics and user activity monitoring
• Risk assessment methodologies
• Python, SQL scripting and querying
• Legal and regulatory compliance knowledge
• Cloud environment forensics (e.g., AWS, Azure)
• Report writing and executive presentations
• Cross-functional collaboration
• Proactive threat hunting
• Mentoring and training
• Analytical problem-solving
• Attention to detail
• Adaptability in fast-paced SaaS environment
• Communication and stakeholder management

Benefits

• Competitive base salary with location-specific ranges (e.g., CA: $140,000-$225,075)
• Company bonus plan based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off and company holidays
• Paid Parental Leave up to six months
• Comprehensive health benefits from day one
• Retirement plans with employer contributions
• Learning and development including coaching and education reimbursements
• Compassionate Care Leave for life events

DocuSign is an Equal Opportunity Employer.