Company Overview Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people's lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign's Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). What you'll do DocuSign is seeking a passionate and experienced Senior Security Detections and SIEM Engineer to join our Analytics & Automation Security Team, a critical part of our world-class Information Security function. This is a highly technical, hands-on role that requires knowledge of a variety of security tools, technologies and experience protecting enterprise and production environments. You will have scope to shape and improve DocuSign's comprehensive threat-detection stack. Our goal is to build a fully automated detection and response system. This is a fantastic opportunity to join a team who are committed to Cyber Security, and to work for a company with security in its DNA. This position is an individual contributor role reporting to the head of Automation & Analytics. Responsibility Ingest data sources, design, develop, and implement detection rules, alerts, and correlation logic within the SIEM platform to identify anomalous behavior and potential security threats, aligning with the MITRE ATT&CK framework Perform investigations on a wide variety of events to discover new detection capabilities and logging sources Develop analytical rules, incidents, playbooks, notebooks, workbooks, threat hunting and KQL queries for data normalization and parsing capabilities within Log Analytics' data ingestion pipeline Integrate various solutions for automation purposes, gather and enrich security data Design, develop, implement and maintain new innovative ways and solutions for DocuSign's security infrastructure Job Designation Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation) Positions at DocuSign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within DocuSign. DocuSign reserves the right to change a position's job designation depending on business needs and as permitted by local law. What you bring Basic Bachelor's degree in Computer Science or a related technical field, or equivalent in experience 8+ years of experience dealing with wide varieties of cyber security incidents 5+ years in Cloud Engineering: 3+ years in Azure , 2+ years in Azure Sentinel and Log Analytics Preferred Experience with threat hunting or malware investigations Experience in host intrusion detections on Windows, OSX and/or Linux Strong expertise in writing complex queries in the Kusto Query Language (KQL) Experience integrating various systems for configuration or data enrichment, utlising and interfacing common APIs (REST) Implemented automated testing, continuous integration, and continuous deployment (CI/CD) using tools and technologies such as Azure DevOps or Git Prior experience with Microsoft Graph Explorer Solid understanding of security operations and experience working with incident response and threat analysis teams Strongly driven by learning new technologies In-depth knowledge of the latest attack trends, tools and the threat landscape Ability to research, architect and drive sophisticated technical solutions, consisting of multiple technologies Excellent communications skills, capable of working with cross functional technical and business teams and varying levels of management in a professional manner Background in both Windows and Linux/Unix systems Background in shell scripting such as bash and experience in programming languages (Python, Ruby) Working with Powershell is a plus Background in infrastructure as code development such as Terraform and ARM Templates Security certifications are a plus Able to multitask based on priority and write documentation Life at Docusign Working here Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what's right, every day. At Docusign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you'll be loved by us, our customers, and the world in which we live. Accommodation Docusign provides reasonable accommodations for qualified individuals with disabilities in job application procedures. If you need such an accommodation, including an accommodation to properly use our online system, you may contact us at [HIDDEN TEXT]. If you experience any technical difficulties or issues during the application process, or with our interview tools, please get in touch with us at [HIDDEN TEXT] for assistance. Applicant and Candidate Privacy Notice