Sr. Manager, Threat Detection EngineeringCompany OverviewDocuSign brings agreements to life. 1.5 million customers and more than a billion people in over 180 countries use DocuSign solutions to accelerate the process of doing business and simplify people’s lives. DocuSign’s Intelligent Agreement Management platform helps unlock business-critical data in documents, enabling companies to create, commit, and manage agreements with the #1 company in e-signature and contract lifecycle management (CLM).What you’ll doDocuSign is seeking an experienced and visionary Sr. Manager of Threat Detection Engineering to lead our team of detection engineers. You will be responsible for defining, implementing, and optimizing DocuSign’s threat detection and data pipeline capabilities across cloud, on-premise, and corporate environments. You will lead a high-performing team focused on scalable, effective, and automated detection and response solutions that anticipate and mitigate sophisticated cyber threats. This role requires a strong blend of technical expertise, an engineering mindset, leadership acumen, and a strategic approach to enhance our security posture with a focus on AI and advanced techniques, data infrastructure, and the SIEM platform. This position is a people manager role reporting to the Sr. Director of Security Operations.ResponsibilitiesRecruit, mentor, and grow a team of skilled threat detection engineers, fostering a culture of excellence, innovation, and continuous learning with emphasis on software development and engineering principlesPlan team strategy, resource allocation, and hiring to support DocuSign's growth and evolving security needsDevelop and champion a comprehensive strategic vision and technical roadmap for threat detection capabilities across DocuSign’s technology stackStay abreast of emerging threats, attacker TTPs, and industry standards to inform detection priorities with a focus on engineering efficiency and scalabilityTake direct ownership of the security data pipeline and SIEM platform, overseeing collection, ingestion, processing, and storage of security telemetry to support threat detection needsWork closely with infrastructure teams to maintain and uplift the underlying data infrastructureLead the full lifecycle of threat detection from designing instrumentation and telemetry systems to creating, testing, deploying, and enhancing behavioral, rule-based, and machine learning detectionsEmphasize an engineering approach to ensure high fidelity, accuracy, and efficiency of detections, including Detection-as-Code principlesCollaborate with the Incident Response team to translate threat intelligence into actionable detections, automate response workflows, and reduce mean time to detect and mean time to respondParticipate in post-incident reviews to drive continuous improvement with engineering rigorDrive the adoption and integration of new detection technologies, frameworks, and processesArchitect and maintain scalable, automated security discovery and containment systems leveraging SIEM/SOAR, EDR, network traffic analysis tools, and cloud-native security solutionsPartner with engineering, product, and security teams to ensure comprehensive coverage and promote security monitoring best practices across the software development lifecycleEstablish repeatable and scalable processes around detection and automation engineering, including Detection-as-Code and CI/CD for detectionsDefine and track KPIs to measure the effectiveness of detection capabilities and team engineering outputTranslate complex technical security concepts into clear communications for technical and non-technical audiences, including senior leadershipJob DesignationHybrid: Employee divides time between in-office and remote work. Access to an office location is required (Minimum 2 days per week; may vary by team).Positions at DocuSign are assigned a job designation of In Office, Hybrid, or Remote and are role-specific. Preferred designations are not guaranteed when changing positions. DocuSign reserves the right to change a designation as needed by business needs and local law.What you bringBasic8+ years of progressive experience in cybersecurity, with at least 3 years in a dedicated threat detection engineering role3+ years in engineering management, with a track record of building, mentoring, and scaling security teams with an engineering-focused cultureExperience building detection programs at scale in large, complex, cloud-inclusive environments (e.g., AWS, Azure, GCP)Experience in the design, implementation, and management of security data pipelines and SIEM platformsExperience with cyber threat landscape, attacker TTPs, and frameworks such as MITRE ATT&CKExperience in detection rule languages (e.g., SPL, KQL) and advanced query developmentExperience with signals/telemetry such as network traffic, endpoint logs, and cloud logsExperience with SIEM/SOAR, EDR, IDS/IPS, network traffic analysis tools, and cloud security solutionsExperience with scripting/programming (e.g., Python, Go, Bash, PowerShell) for security tooling and automationExperience analyzing large datasets and logs to identify security risksExperience with CI/CD pipelines and Detection-as-Code practicesExperience with AI and ML applications in threat detection and secure AI/ML systemsExperience with data pipelines and data storage for security dataExperience with SIEM platform administration, configuration, and optimizationDemonstrated ability to think strategically and drive high-impact engineering workPreferredAbility to collaborate across cross-functional teams, influence stakeholders, and foster a collaborative engineering environmentPassion for continuous learning, operational excellence, and proactive security mindsetStrong analytical and problem-solving skills with attention to detailExcellent written and verbal communication and ability to explain technical concepts to diverse audiencesBachelor’s degree in Computer Science, Cybersecurity, or related field; advanced degree or security certifications (e.g., GIAC, CISSP) are a plusExperience with anomaly detection, ML, and statistical analysis of user behavior for securityBackground in security-focused software engineering or offensive securityHistory of speaking at security conferences or publishing researchLife at DocuSignWorking hereDocuSign is committed to building trust and making the world more agreeable for our employees, customers, and the communities in which we live and work. We strive for equality and inclusion, ensuring every team member has an equal opportunity to succeed.AccommodationDocuSign provides reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need an accommodation or a religious accommodation during the application process, please contact accommodations@docusign.com. For issues during the application process, contact taops@docusign.com for assistance.Applicant and Candidate Privacy NoticeSeniority levelMid-Senior levelEmployment typeFull-timeJob functionEngineering and Information TechnologyIndustries: Software DevelopmentReferrals increase your chances of interviewing at DocuSign by 2xSign in to set job alerts for “Senior Engineering Manager” roles.Location: Dublin, County Dublin, Ireland
#J-18808-Ljbffr