Sr. Technical Program Manager, Product Security

Location: San Francisco, California; Seattle, Washington

Department: Security

Work Mode: Hybrid

About the Role

Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate business processes and simplify lives through intelligent agreement management, e-signature, and contract lifecycle management (CLM). As a Sr. Technical Program Manager, Product Security in Platform Security, you will shape and execute the long-term strategy for embedding security into our innovative products. You’ll spearhead the shift-left movement, ensuring secure development practices are integrated early and consistently across all teams, enabling engineering to innovate rapidly without compromising the trust our customers rely on for their most critical agreements. In this individual contributor role reporting to the Sr. Manager, Technical Program Management, you will own and scale product security initiatives spanning engineering organizations, balancing risk reduction with business innovation. Drive adoption of secure coding, automated tooling, and threat modeling across the SDLC while partnering with senior leaders to embed security into roadmaps and design principles. Establish a global Security Champions network to empower engineers, translate risks into business terms for executives, and foster a developer-first security culture that scales across teams and geographies, all while ensuring compliance with standards like ISO 27001, GDPR, and FedRAMP. This hybrid role requires a minimum of 2 days per week in-office. You will define success metrics like secure coding adoption and vulnerability SLAs, lead coordinated remediation efforts, and continuously improve processes, tools, and automation. Join Docusign’s commitment to trust, equality, and innovation, where your work helps make the world more agreeable by securing the agreements that power global business.

Key Responsibilities

• Own and scale product security initiatives across DocuSign's engineering organizations, balancing risk reduction with innovation in intelligent agreement management
• Drive adoption of secure coding practices, automated security tooling, and early threat modeling throughout the SDLC for e-signature and CLM platforms
• Partner with senior engineering and product leaders to embed security into roadmaps, design principles, and decision-making processes
• Establish and expand a global network of Security Champions, empowering engineers to advocate for security in DocuSign's fast-paced innovation culture
• Translate technical security risks into business impact, delivering clear updates and recommendations to executives
• Lead organizational change to foster a developer-first security culture that scales across teams and geographies
• Ensure DocuSign products meet internal security standards, industry frameworks, and regulatory requirements like GDPR and FedRAMP
• Define measurable success criteria such as secure coding adoption rates and vulnerability SLAs, reporting outcomes to leadership
• Coordinate vulnerability response and remediation, leveraging learnings to continuously improve processes
• Improve security processes, tools, and automation including DevSecOps practices and CI/CD pipeline integrations to scale security organization-wide

Required Qualifications

• Minimum of 8 years related experience with a Bachelor’s degree or 6 years with a Master’s degree
• Bachelor’s or Master’s degree in Technology, Computer Science, or Cybersecurity
• Experience with product security practices including secure SDLC, threat modeling, vulnerability management, and cloud/application security
• Experience with security frameworks and standards (e.g., OWASP, NIST, ISO 27001)
• Experience leading large, cross-functional security or engineering programs
• Proven experience with threat modeling, risk management, and vulnerability management
• Hands-on experience working with product and engineering teams in an Agile environment

Preferred Qualifications

• Excellent executive communication and stakeholder management skills
• Experience with cloud security platforms (AWS, Azure, GCP)
• Relevant certifications such as CISSP, CISM, or equivalent
• Proven ability to build and scale Security Champions or developer enablement programs
• Familiarity with regulatory frameworks including SOC 2, GDPR, FedRAMP
• Track record of leading cultural change to foster security-first engineering practices

Required Skills

• Secure SDLC implementation
• Threat modeling and risk assessment
• Vulnerability management
• Cloud security (AWS, Azure, GCP)
• Security frameworks (OWASP, NIST, ISO 27001)
• Program management and prioritization
• Cross-functional leadership
• Executive communication and stakeholder management
• Agile methodologies
• DevSecOps practices
• Security automation in CI/CD pipelines
• Regulatory compliance (SOC 2, GDPR, FedRAMP)
• Shift-left security enablement
• Building Security Champions programs
• Cultural change leadership
• Data-driven metrics and reporting

Benefits

• Competitive base salary with location-specific ranges (e.g., CA: $140,000-$225,075; WA/NY/NJ/MD: $133,800-$197,750)
• Company bonus plan based on performance
• Restricted Stock Units (RSUs) eligibility
• Paid Time Off including company holidays
• Paid Parental Leave up to six months
• Comprehensive health benefits with 100% employer-paid options from day one
• Retirement plans with potential employer contributions
• Learning and Development including coaching, online courses, and education reimbursements
• Compassionate Care Leave for life-changing events

DocuSign is an Equal Opportunity Employer.