Company Overview Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). What you'll do Docusign is seeking a passionate and experienced Senior Security Detections and SIEM Engineer to join our Analytics & Automation Security Team, a critical part of our world-class Information Security function. This is a highly technical, hands-on role that requires knowledge of a variety of security tools, technologies and experience protecting enterprise and production environments. Integrating various solutions for automation purposes or to gather and enrich security data will be a key responsibility of the role. You will have scope to shape and improve Docusign's comprehensive threat-detection stack. Our goal is to build a fully automated detection and response system. This is a fantastic opportunity to join a team who are wholly committed to Cyber Security, and to work for a company with security in its DNA. This position is an individual contributor role reporting to the head of Automation & Analytics. Responsibility Ingest data sources, design, develop, and implement detection rules, alerts, and correlation logic within the SIEM platform to identify anomalous behavior and potential security threats, aligning with the MITRE ATT&CK framework Perform investigations on a wide variety of events to discover new detection capabilities and logging sources Develop analytical rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline Handle on-premise solutions, running on VMs, containers, patching of all Design, develop, implement and maintain new innovative approaches and solutions for Docusign's security infrastructure Job Designation Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation) Positions at DocuSign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within DocuSign. DocuSign reserves the right to change a position's job designation depending on business needs and as permitted by local law. What you bring Basic Bachelor's degree in Computer Science or a related technical field, or equivalent in experience 5+ years of experience in cyber security 3+ years in Cloud Engineering: 2+ years in Azure Sentinel and Log Analytics or other logging and SIEM / SOAR platforms Strong expertise in writing complex queries such as in: Kusto Query Language (KQL) or SPL Experience integrating various systems for configuration or data enrichment, leveraging and interfacing common APIs (REST) Working experience of scripting languages (such as Python, Ruby, Perl, or other) Implemented automated testing, continuous integration, and continuous deployment (CI/CD) using tools and technologies such as Azure DevOps or Git Great communication skills and ability to work in teams Preferred Able to multitask based on priority and write documentation Strong background in malware analysis, intrusion detection and/or threat intelligence Experience with threat hunting or security investigations Experience in host intrusion detections on Windows, OSX and/or Linux Prior experience with Microsoft Graph Explorer Solid understanding of security operations and experience working with incident response and threat analysis teams Strongly driven by learning new technologies In-depth knowledge of the latest attack trends, tools and the threat landscape Ability to research, architect and drive complex technical solutions, consisting of multiple technologies Excellent communications skills, capable of working with cross functional technical and business teams and varying levels of management in a professional manner Strong background in both Windows and Linux/Unix systems Working with Powershell is a plus Background in infrastructure as code development such as Terraform Security certifications are a plus such as SC200, AZ500 Life at Docusign Working here Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At Docusign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live. Accommodation Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at accommodations@docusign.com. If you experience any issues, concerns, or technical difficulties during the application process please get in touch with our Talent organization at taops@docusign.com for assistance. Applicant and Candidate Privacy Notice #LI-HYBRID #LI-BP1