Director, Medical Device Security - San Francisco, CA, United States - DocuSign, Inc.

    DocuSign, Inc.
    DocuSign, Inc. San Francisco, CA, United States

    1 month ago

    Default job background
    Full time
    Description
    DocuSign helps organizations connect and automate how they agree.

    The Director of Product Security leads a team of technical security professionals to secure the trust of the DocuSign products.

    The ideal candidate for this role strives to ensure that the development of our products and applications occurs in a secure and scalable manner.

    This role drives thought leadership, partnering with Product and Engineering teams to lead secure Product Life Cycle, secure Software Development, deployment pipelines, testing practices, product vulnerability management, Bug Bounty, and Penetration testing at scale.

    This role partners with our Vulnerability Management, Incident Response, and Trust Services teams to interface directly with DocuSign clients on cyber security topics.

    The right candidate has an established record of accomplishment, demonstrates subject area mastery, and experience leading a functional team in product and application security.

    This position is a people manager role reporting to the Vice President of Security Assurance.
    Own and implement the vision for Product Security capabilities for the software development lifecycle (SDLC) across the company, guiding development of actionable roadmaps and plans
    Evolve and maintain a secure SDLC, partnering with Engineering to shift-left, drive initiatives and reduce risk in the development lifecycle
    Find opportunities and strategies for continuous improvement, efficiency and efficacy of Product Security and shift-left strategies
    Expand and evolve a team of application and product security professionals
    Partner closely with Engineering and Product teams, driving long term application security program alignment
    Provide review and oversight of CI/CD pipelines, build, and release systems
    Develop a rigorous threat modeling program, in conjunction with Security Architecture, to be used as a foundation for risk management, development priorities, and PSIRT telemetry
    Develop Application Security scorecards to drive action and reduce risk for the organization
    Provide oversight to software craftsmanship, security, availability, resilience, and scalability of solutions developed by the teams or third party providers
    Set risk management guidelines and partner with stakeholders to implement and automate key risk initiatives
    Lead implementation of projects and encourage engineering innovation and continuous learning
    Manage allocation of people and financial resources for Technology Strategic Leadership
    Manage strategic functional areas across application security, including but not limited to capabilities in the SDLC, security champion, Bug Bounty, Penetration Testing and Product Security Reporting
    Oversee security tools for improving usability, customer satisfaction and balancing needs of application security
    Develop and refine strategies for implementing application security controls within Lines of Business for improving developer experience and simplification of controls
    Set risk management guidelines and partner with stakeholders to implement key risk initiatives
    Contribute to other practices areas of Product and Application security programs by offering guidance on service execution, developer enablement, and remediation strategies

    Employee divides their time between in-office and remote work. Access to an office location is required. (Minimum 2 days per week; may vary by team but will be weekly in-office expectation)

    Positions at DocuSign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job.

    DocuSign reserves the right to change a position's job designation depending on business needs and as permitted by local law.


    Bachelor's Degree in technology or other related fields or equivalent work experience in Information Security and Business or Risk Management
    ~8+ years of experience working in Cyber Security, Information Security, and/or Application Security and Architecture
    ~3+ years of experience in people management
    ~ Experience developing and deploying product security capabilities for the SDLC with usability, developer delight and risk reduction outcomes
    ~ Due to government contract requirements:
    ~ Demonstrated strong commitment to talent development, training, and coaching to expand and retain security talent
    Working knowledge of standard industry cybersecurity requirements and regulatory requirements such as OWASP, HIPAA, HITRUST, ISO 27001, NIST 800-53, and PCI-DSS
    Experience in securing applications in cloud architectures Professionalism, sensitivity, discretion, and sound decision-making skills aligned with interacting at the senior executive level
    Proven leadership capabilities of integrity, self-discipline, and building an environment of trust
    NET Core, Java or NodeJS


    Paid Time Off:
    earned time off, as well as paid company holidays based on region

    Paid Parental Leave:
    take up to six months off with your child after birth, adoption or foster care placement

    Retirement Plans:
    select retirement and pension programs with potential for employer contributions

    Learning and Development:
    options for coaching, online courses and education reimbursements

    DocuSign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work.

    Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it.

    DocuSign provides reasonable accommodations for qualified individuals with disabilities in job application procedures.

    If you need such an accommodation, including if you need accommodation to properly utilize our online system, you may contact us at .If you experience any technical difficulties or issues during the application process, or with our interview tools, please reach out to us at for assistance.


    We will not discriminate based on race, ethnicity, color, age, sex, religion, national origin, ancestry, pregnancy, sexual orientation, gender identity, gender expression, genetic information, physical or mental disability, registered domestic partner status, caregiver status, marital status, veteran or military status, or any other legally protected category.

    #