Key skills
Application SecuritySecure Software DesignThreat ModelingC#.NETCommon Security VulnerabilitiesStaticDynamic AnalysisCloud SecurityAnalytical SkillsCollaboration SkillsJavaScriptPythonJavaCAWSAzureGCPSDLCCommunicationCollaborationOWASP
About this role
Docusign is a leading company in e-signature and contract lifecycle management solutions. They are seeking a Product Security Engineer to embed security practices within their software development lifecycle, ensuring secure application design and coding practices across product teams.
Responsibilities:
- Collaborate with product engineers and product teams to gather requirements, provide expert consultation on securing the entire SDLC process within numerous environments, including those complying with DoD IL5
- Identify architectural flaws and security concerns in application designs early in the SDLC process
- Threat Model and design security controls and mitigations in collaboration with product engineering teams
- Verify/validate secure code interactions with other dependent and integrated services/systems
- Ensure testing automation addresses security goals and concerns
- Review and verify identified/reported vulnerabilities, perform root cause analysis, and partner with developers to drive corrections
- Stay up-to-date with emerging security threats, trends, and new technologies to continuously improve the security posture of our code and shared development resources
- Contribute to technical requirements, architecture, and interface design documents and educational resources
Requirements:
- BS/BA degree or equivalent in relevant coding experience
- 5+ years of overall experience in Application Development, with at least 2 years focused in the Product Application Security discipline
- Experience in designing, implementing, and maintaining secure software system
- Experience with C# and .NET Framework/Core
- Fluent in one or more other programming languages relevant to the organization (e.g., Python, Java, JavaScript) and the ability to quickly learn new languages
- Experience with common security vulnerabilities (e.g. OWASP Top 10 and API Security Top 10) and their mitigations/remediations
- Experience with development and build pipelines and associate best practices
- Experience performing threat modeling and security analysis of application components to identify and mitigate potential vulnerabilities
- Experience in secure source code audit/analysis and reporting
- Experience with static and dynamic analysis tools, including vulnerability scanning suites
- Experience in application security within cloud environments (e.g. AWS, Azure, GCP)
- Experience developing and implementing security APIs and associated tooling against threats, such as unauthorized access and data breaches
- Experience operating within and discovering the security implications of pre-existing code environments
- The individual must be a U.S. Citizen, U.S. National or U.S. Person
- Excellent analytical, problem-solving, and communication skills
- Ability to work collaboratively across multiple teams