Senior Director, Product Security

DocuSign DocuSign · Enterprise · San Francisco, CA +2 · Security

Lead the Docusign Product Security program, focusing on secure software development lifecycle (SDLC) and CI/CD for customer-facing and internal products. Integrate security practices into all development phases, manage security engineers and architects, and leverage emerging tools like AI guardrails for risk mitigation. Ensure products meet security standards and regulatory requirements.

What you'd actually do

  1. The Senior Director, Product Security leads all aspects of the Docusign Product Security program.
  2. The Senior Director will integrate leading security practices into all phases of product development – including planning, design, implementation, testing, deployment and maintenance – to proactively reduce vulnerabilities and broader risks.
  3. The role will oversee developer technical designs (e.g., secure coding criteria, architectural designs, developer libraries, code reviews, etc.), as well as SDLC and CI/CD processes, gating, and execution.
  4. In particular, the Senior Director will implement leading security practices directly into the software delivery pipeline, ensuring code integrity from development to production, and mitigate risks while performing automated scanning, testing, and compliance checks at every stage and remediation as required.
  5. The Senior Director will implement contemporary, cost-effective tools and practices to maximize efficiencies while providing appropriate technical security rigor.

Skills

Required

  • Product Security leadership
  • Secure SDLC
  • CI/CD security
  • Risk management
  • Security architecture
  • Vulnerability management
  • Threat modeling
  • Cloud security
  • Container security
  • AI security tools (guardrails, code context reasoning)
  • People management

Nice to have

  • Experience with regulated environments (e.g., SOC2, HIPAA)
  • Experience with e-signature and CLM platforms
  • Experience with Terraform
  • Experience with Red Team and PSIRT collaboration

What the JD emphasized

  • secure software development lifecycle (SDLC)
  • continuous integration/continuous deployment (CI/CD)
  • security by design
  • security by default
  • OWASP Top 10 for Agentic Applications