Docusign
Security Engineer - Vulnerability & Config Management
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Docusign
DocuSign, Inc. is a prominent provider of cloud-based electronic signature and digital transaction management solutions. Founded in 2003 in Seattle, the company has transformed the way organizations handle agreements by replacing paper-based processes with secure, legally compliant digital alternatives. Its core offering, the eSignature solution, allows users to sign documents securely from anywhere, while the Intelligent Agreement Management (IAM) platform enhances this by automating and analyzing agreements using data, AI, and machine learning. Headquartered in San Francisco, DocuSign serves over 1.5 million paying customers and more than a billion users across 180+ countries. The company has made significant investments in research and development, totaling over $300 million since its inception. With a focus on sustainability and a commitment to innovation, DocuSign continues to expand its capabilities, including cloud-based document storage and remote online notarization, making it a valuable partner for businesses of all sizes.
Security at Docusign
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“DocuSign's AppSec philosophy emphasizes that "information security is in our DNA"and is led by the CISO who "will lead Docusign security initiatives". The company is "deploying AI-powered security and identity verification tools"while acknowledging that "AI is a double-edged sword, use it wisely". Stated goals include increased "bug bounty investments"and a "multi-layered approach protects users and agreements". Information on developer enablement vs. gatekeeping and explicit risk philosophy beyond AI tools is not publicly available.”
Security Team
DocuSign's AppSec team is led by Michael Adams, Group VP & Chief Information Security Officer, who "will lead Docusign security initiatives". The organizational structure beyond the CISO is not publicly detailed, with no verbatim description of whether AppSec is centralized or embedded. Team size estimates are "Information not publicly available", though a security careers search returned "99 results"for security roles. Evidence suggests roles focused on security tooling, such as "Sr. Director, Security Tools & Engineering", but no consistent list of specific tool names or common skill patterns was found.
Key Initiatives
DocuSign's AppSec initiatives include increased "bug bounty investments"and a HackerOne program where "Testing is only authorized on the targets listed as in scope."There is no public evidence of a Security Champions Program or specific "Shift Left"practices. Vulnerability management intake includes bug bounties. Secure SDLC artifacts involve being "subject to annual independent audits for compliance"and having "product security"resources in their Trust Center. Recent initiatives (since July 2025) include "deploying AI-powered security and identity verification tools", the public launch of their HackerOne program, and "new fraud verification capabilities"supported by a "centralized 'trust and safety team'". Information on triage/remediation SLAs, MTTR, ticket ownership, or explicit "shift-left"tooling integrations is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.