Sr. Manager, Threat Detection Engineering

Location: Colorado, United States

Department: Security

Work Mode: Remote

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). DocuSign is seeking an experienced and visionary Sr. Manager of Threat Detection Engineering to lead our team of talented detection engineers. In this critical role, you will define, implement, and optimize threat detection and data pipeline capabilities, ensuring robust protection across cloud, on-premise, and corporate environments that power our global e-signature platform. You will lead a high-performing team focused on scalable, automated detection and response solutions that anticipate sophisticated cyber threats targeting intelligent agreement workflows. With a strong engineering-focused mindset, technical bench strength, and leadership acumen, you will enhance our security posture, enable rapid incident response, and leverage AI/advanced techniques while owning the underlying data infrastructure and SIEM platform. Reporting to the Sr. Director, Security Operations, this people manager role demands strategic vision to safeguard DocuSign's innovation-driven culture and mission-critical services. Key responsibilities include recruiting and mentoring engineers, owning security data pipelines/SIEM optimization, leading Detection-as-Code lifecycles, collaborating across teams to reduce MTTD/MTTR, and driving KPIs for detection effectiveness. You will architect systems using SIEM/SOAR, EDR, cloud-native tools, and foster engineering best practices throughout the SDLC. This remote position offers the chance to innovate at the forefront of cybersecurity for a SaaS leader, protecting agreements that power global business in an inclusive, high-growth environment.

Key Responsibilities

• Recruit, mentor, and grow a high-performing team of threat detection engineers, fostering an engineering culture of excellence and innovation at DocuSign
• Develop and champion a strategic vision and technical roadmap for threat detection across DocuSign's cloud, on-premise, and corporate environments supporting intelligent agreement management
• Own the security data pipeline and SIEM platform, overseeing telemetry collection, ingestion, processing, and optimization for scalability and reliability
• Lead the full lifecycle of detections—from telemetry design to deploying rule-based, behavioral, and ML-based solutions using Detection-as-Code and fullstack SDLC
• Collaborate with Incident Response to translate threat intelligence into detections, automate workflows, and reduce MTTD/MTTR for e-signature platform protection
• Partner with engineering, product, Threat Intelligence, and Red Team to ensure comprehensive coverage and instill security best practices in DocuSign's SDLC
• Drive adoption of new technologies like AI-enhanced detections and architect scalable systems using SIEM/SOAR, EDR, and cloud-native tools
• Establish scalable processes for detection engineering, CI/CD for detections, and track KPIs to measure team and capability effectiveness
• Participate in post-incident reviews with engineering rigor and communicate complex security concepts to stakeholders including senior leadership
• Stay ahead of emerging threats and TTPs to proactively safeguard DocuSign's global platform serving 1.5M+ customers

Required Qualifications

• 8+ years of progressive experience in cybersecurity, with at least 3 years in a dedicated threat detection engineering role
• 3+ years of proven experience in an engineering management role, with a track record of building, mentoring, and scaling security teams with an engineering-focused culture
• Experience building detection programs at scale in large, complex, cloud-inclusive environments (e.g., AWS, Azure, GCP), applying sound engineering principles
• Experience in the design, implementation, and management of security data pipelines and SIEM platforms, including administration, configuration, and optimization
• Expertise with detection rule languages (e.g., SPL, KQL), advanced query development, diverse security telemetry, and frameworks like MITRE ATT&CK
• Hands-on experience with security tools including SIEM/SOAR (e.g., Splunk, Sentinel), EDR, IDS/IPS, network analysis (e.g., Zeek, Suricata), and cloud security solutions
• Proficiency in programming (e.g., Python, Go, PowerShell) for automation, API integrations, and Detection-as-Code practices with CI/CD pipelines

Preferred Qualifications

• Experience with AI/ML applications in threat detection, anomaly detection, and securing AI/ML systems
• Background in security-focused software engineering, offensive security, or publishing security research
• Bachelor's degree in Computer Science, Cybersecurity, or related field; advanced degree or certifications (e.g., GIAC, CISSP)
• Demonstrated strategic thinking to balance long-term goals with operational needs in high-growth environments
• History of speaking at security conferences or contributing to the cybersecurity community

Required Skills

• Threat detection engineering and SIEM platform management
• Detection rule development (SPL, KQL) and query optimization
• Security data pipelines and telemetry processing
• Programming in Python, Go, PowerShell for automation and integrations
• Detection-as-Code, CI/CD, and software development lifecycle
• MITRE ATT&CK framework and adversary TTPs analysis
• Cloud environments (AWS, Azure, GCP) security monitoring
• AI/ML for threat detection and anomaly analysis
• SIEM/SOAR (Splunk, Sentinel), EDR, IDS/IPS, Zeek/Suricata
• Engineering leadership and team scaling
• Cross-functional collaboration and stakeholder influence
• Strategic roadmap development and KPI tracking
• Root cause analysis and post-incident engineering
• Technical communication to diverse audiences
• Adversarial mindset and continuous learning

Benefits

• Competitive base salary, bonus, and equity in a high-growth SaaS leader
• Comprehensive health, dental, and vision insurance with multiple plan options
• 401(k) matching and employee stock purchase program
• Unlimited PTO and flexible remote work policy
• Professional development stipend and tuition reimbursement
• Wellness programs including mental health support and fitness reimbursements
• Parental leave and family planning benefits
• Volunteer time off and community impact programs
• Global employee assistance program and commuter benefits

DocuSign is an Equal Opportunity Employer.