Security Engineer - Vulnerability & Config Management

Company OverviewDocusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM).What you'll doJoin our vulnerability management team to drive digital surface coverage at Docusign. In this technical role, you will independently operate and optimize discovery tools, analyze complex findings, validate results, and drive remediation efforts. You will design and develop automation scripts to improve efficiency and accuracy. You will partner closely with infrastructure, platform, and security operations teams to identify and mitigate potential exposure risks to Docusign.This position is an individual contributor role reporting to the Sr. Manager, Vulnerability & Config Management.ResponsibilityExecute vulnerability and configuration management scans and manage the health of scanning infrastructure, ensuring scope accuracy and data freshnessInvestigate, triage, and prioritize discovered issues, assessing the technical details and potential impact on Docusign's infrastructureDevelop and maintain scripts and code (Python, Go, etc.) for ETL, enrichment, evidence capture, and automation of scanning processesAnalyze results to identify false positives and drive valid findings to remediation, collaborating with engineering teams to ensure timely closureMaintain and improve dashboards for tracking unknown assets, exposure MTTR, and high-risk issuesContribute to and maintain runbooks, playbooks, and technical documentationParticipate in surge response for high-risk exposures and assist in maintaining a continuous security postureMentor junior team members and assist in their technical developmentJob DesignationHybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation)Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law.What you bringBasicBachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience.5+ years of industry experience in cybersecurity, with a focus on vulnerability and configuration management, or related areasExperience in scripting and programming (Python, Go, or TypeScript) and SQLExperience with cloud platforms (Azure, AWS, GCP), specifically regarding public endpoints and security groupsExperience with asset inventory and vulnerability management tools (e.g., ServiceNow, Qualys, Tenable)Experience with security controls as it pertains to infrastructure assets, i.e. configuration hardening standardsKnowledge of internet protocols (DNS, HTTP, TLS), IP/ports, and cloud security conceptsAbility to work with technical partners and stakeholdersPreferredExperience with External Surface Coverage or EASM tools (e.g., Microsoft Defender EASM, VirusTotal, Wiz EASM)Experience with data aggregation and visualization platforms (e.g., PowerBI) to vis

Created: 2026-01-29