Sr Manager, CSIRT

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data trapped inside of documents. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). We are seeking an experienced Sr Manager, CSIRT to join our global security team in India. This pivotal people manager role, reporting to the Sr. Director of Security Operations, will lead security incident response efforts, ensuring efficient alerting, SOC triage, and in-depth investigations to safeguard our e-signature infrastructure and innovative platform against evolving cyber threats. As Incident Commander, you will lead the CSIRT team in proactively identifying, investigating, and mitigating threats across our enterprise, driving continuous improvement in detection, response, and recovery processes. Leverage your expertise in SOC operations, threat intelligence, digital forensics, and advanced tools like Splunk, Sentinel, EDR, and SOAR to conduct complex investigations into malware, targeted attacks, and persistent threats. Partner with Detection Engineering to refine rules, automate responses with AI, and hunt for hidden threats using behavioral analytics—ensuring DocuSign's security posture supports our mission-critical services for millions worldwide. This hybrid role (minimum 2 days in-office weekly) demands a proactive, adversarial mindset, exceptional leadership to build and scale teams, and the ability to communicate technical insights to diverse stakeholders. Thrive in our innovation-driven culture committed to operational excellence, where your contributions protect customer trust and enable the world's most secure agreement management solutions. Join us to make the world more agreeable, one secure signature at a time.

Key Responsibilities

• Act as Incident Commander for all security issues across the enterprise, protecting DocuSign's Intelligent Agreement Management platform and e-signature solutions
• Lead the incident response team in identifying, analyzing, and resolving cybersecurity incidents with speed and precision
• Coordinate with global stakeholders for timely resolution and develop/maintain incident response plans, playbooks, and SOPs
• Manage on-call rotation and communicate clearly with senior management and external stakeholders during and post-incident
• Prepare detailed incident reports with post-incident analysis, recommendations, and lessons learned to enhance security posture
• Perform forensic analysis on data/endpoints, lead complex investigations into advanced threats like malware, targeted attacks, and APTs
• Proactively hunt for hidden threats using threat intelligence, behavioral analytics, and advanced tools within enterprise networks
• Partner with Detection Engineering to refine threat detection rules, improve SOC visibility, and create automation solutions for response and reporting (leveraging AI)
• Drive root cause analysis, recommend improvements to security controls, and foster a culture of continuous improvement and operational excellence
• Stay updated on evolving attack techniques, collaborate with cybersecurity teams to refine policies, and maintain relationships with law enforcement as needed

Required Qualifications

• 10+ years of experience in cybersecurity with at least 5 years in incident response (IR)
• 3+ years of proven experience in an IR management role, with a track record of building, mentoring, and scaling security teams
• Expert-level background in Security Operations Center (SOC) operations, including incident response and security monitoring
• Deep proficiency in leveraging threat intelligence to anticipate and mitigate cyber threats, and extensive experience in digital forensics (evidence collection, analysis, and reporting)
• Proven experience leading global, cross-functional, and complex security incidents
• Proficiency in data and SIEM tools (e.g., Splunk, Databricks, Sentinel) and security automation/orchestration tools (SOAR), including prioritization, forecasting, and demonstrating cost savings
• Deep understanding of the cyber threat landscape, attacker TTPs, and frameworks such as MITRE ATT&CK
• Proficiency with security tools including SIEM/SOAR (Splunk, Sentinel), EDR, IDS/IPS, network traffic analysis (Zeek, Suricata, Yara), and cloud security solutions with architecture and integration knowledge

Preferred Qualifications

• Bachelor's or Master's degree in Computer Science, Information Security, or Cybersecurity
• Industry certifications such as GCIH, GCFA, CISSP, CISM, CEH, or OSCP
• Hands-on experience with cloud security in AWS, Azure, or GCP
• Proven experience managing a balance of operational and project workloads
• Strong analytical and problem-solving skills with an engineering approach to root cause analysis
• Exceptional communication and presentation skills to convey complex technical concepts to diverse audiences

Required Skills

• SIEM tools (Splunk, Databricks, Sentinel)
• SOAR platforms and security automation
• Digital forensics and evidence handling
• Threat intelligence analysis
• MITRE ATT&CK framework
• EDR, IDS/IPS, network traffic analysis (Zeek, Suricata, Yara)
• Cloud security (AWS, Azure, GCP)
• Incident command and leadership
• Root cause analysis with engineering mindset
• Stakeholder communication (written/verbal)
• Cross-functional collaboration and influence
• Proactive threat hunting
• Automation scripting and AI integration
• Analytical problem-solving under pressure
• Team building and mentoring
• On-call management

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Generous paid time off including vacation, sick leave, and holidays
• Flexible hybrid work model with minimum 2 days in-office per week
• Professional development stipend and tuition reimbursement for certifications
• Stock purchase plan and employee stock purchase program
• Wellness programs including gym memberships and mental health support
• Parental leave and family planning benefits
• Volunteer time off and community impact programs

DocuSign is an Equal Opportunity Employer.