Sr. ProdSec Developer

Location: Bengaluru, India

Department: Security

Work Mode: Hybrid

About the Role

DocuSign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use DocuSign solutions to accelerate business processes and simplify lives through intelligent agreement management. As the #1 company in e-signature and contract lifecycle management (CLM), DocuSign unleashes business-critical data trapped in documents, connecting it to systems of record to save time, money, and opportunity. Join our innovative culture where security is paramount to protecting customer trust in our global platform. As a Sr. ProdSec Developer on our Product Security team, you will design, develop, integrate, and maintain a repository of secure, reusable code components within DocuSign’s SSDLC frameworks. Your work will empower product teams to build secure e-signature and CLM applications from the ground up, acting as a subject matter expert on secure coding practices, architectures, and build patterns. This individual contributor role reports to the Director, Product Security, driving a secure-by-design mindset across the organization in our hybrid work model (minimum 2 days per week in-office). You will collaborate with development teams to integrate authentication, authorization, encryption, and other controls into shared libraries, review vulnerabilities, and stay ahead of threats to enhance our security posture. By mentoring juniors, documenting best practices aligned with OWASP, BSIMM, and NIST SSDF, and fostering adoption, you'll contribute to DocuSign's mission of making the world more agreeable through trusted, innovative technology. At DocuSign, we value equality, open idea exchange, and pride in impactful work—join us to help secure the future of agreements.

Key Responsibilities

• Design, develop, and maintain a centralized repository of secure, reusable code components and tools for DocuSign development teams
• Support cross-organizational adoption of secure code libraries by engaging development teams and demonstrating business value in intelligent agreement management
• Serve as subject matter expert on secure coding best practices, following OWASP, BSIMM, and NIST SSDF frameworks
• Integrate security protocols (authentication, authorization, encryption) into libraries to enable secure-by-design e-signature and CLM solutions
• Collaborate with product security engineers and teams to gather requirements, provide consultation, and educate on secure library usage
• Review and verify vulnerabilities, perform root cause analysis, and partner with developers to implement corrections
• Stay current with emerging security threats and technologies to enhance shared code security posture
• Create and maintain detailed technical documentation and deployment guides for secure components
• Mentor junior team members in day-to-day secure development tasks within DocuSign's SSDLC frameworks
• Drive a secure-by-design mindset across product teams building innovative agreement management platforms

Required Qualifications

• 8+ years of experience in Product Application Security roles, designing, implementing, and maintaining secure software systems
• High proficiency in programming languages relevant to DocuSign (e.g., C#/.NET, Python, Java, JavaScript) with ability to quickly learn new languages
• Deep technical understanding of common security vulnerabilities (e.g., OWASP Top 10) and their mitigations/remediations
• BS/BA degree or equivalent in relevant coding experience
• Experience with development and build pipelines, static/dynamic analysis tools, and vulnerability scanning suites
• Demonstrated experience in application security within cloud environments (e.g., AWS, Azure, GCP)
• Experience developing and implementing security APIs and tooling against threats like unauthorized access and data breaches

Preferred Qualifications

• Experience in penetration testing practices and threat modeling for library components
• Expertise in secure source code audit/analysis, reverse engineering foreign code bases, and security testing automation for supply chain components
• Proven ability to identify security implications in pre-existing code environments and evolve security standards
• Excellent analytical, problem-solving, communication skills, and ability to collaborate across multiple teams
• Experience mentoring junior team members in secure coding practices

Required Skills

• Secure software design and implementation
• Proficiency in C#/.NET, Python, Java, JavaScript
• OWASP Top 10 vulnerability expertise
• CI/CD pipeline and build best practices
• Static and dynamic analysis tools
• Cloud security (AWS, Azure, GCP)
• Security API development
• Threat modeling and penetration testing
• Secure code review and auditing
• Reverse engineering
• Automation for security testing
• Analytical problem-solving
• Cross-team collaboration
• Technical communication and documentation
• Mentoring and knowledge sharing
• SSDLC framework integration
• Emerging threat awareness

Benefits

• Comprehensive health, dental, and vision insurance plans
• 401(k) retirement savings plan with company match
• Unlimited PTO and flexible work arrangements including hybrid model
• Professional development stipend and learning opportunities
• Stock purchase plan and employee stock purchase program
• Parental leave and family planning benefits
• Wellness programs including mental health support
• Volunteer time off and community impact initiatives
• Catered meals, snacks, and ergonomic home office stipends

DocuSign is an Equal Opportunity Employer.