Sr Manager, CSIRT

Company Overview Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). What you'll do We are seeking an experienced and proactive CSIRT Manager to join our global security team in India. This pivotal role will be responsible for leading security incident response efforts, ensuring efficient and contextualized alerting, and performing both SOC alert triage and in-depth incident investigations. You will play a critical role in protecting our organization by proactively identifying, investigating, and mitigating threats, and driving continuous improvement in our security posture. This role demands deep expertise in cybersecurity principles, incident response processes, and strong leadership capabilities. This position is a people manager role reporting to the Sr. Director of Security Operations. Responsibility Act as Incident Commander for all security issues across the enterprise Lead the incident response team in identifying, analyzing, and resolving cybersecurity incidents Coordinate with stakeholders for timely and effective resolution Develop and maintain incident response plans, playbooks, and SOPs Manage on-call rotation Communicate clearly with senior management and external stakeholders during and post-incident Prepare detailed incident reports with post-incident analysis and recommendations Collaborate with other cybersecurity teams to improve detection rules, refine security policies, and enhance overall security posture Maintain working relationships with law enforcement when required Analyze security monitoring alerts and respond to cybersecurity incidents Serve as a subject matter expert who defines visibility and response requirements Perform forensic analysis on data and endpoints Lead complex investigations into advanced cyber threats, including malware outbreaks, targeted attacks, and persistent threats Conduct thorough investigations to determine root cause and impact of incidents Use threat intelligence and advanced analytics to identify and address potential threats Implement and oversee remediation measures to prevent recurrence Hunt for hidden threats within enterprise networks using threat intelligence and behavioral analytics proactively Partner with Detection Engineering to refine threat detection rules to improve SOC visibility Create automation solutions for expedient response and effective detection Automate incident and remediation reports, leveraging AI where possible Drive a culture of continuous improvement Perform root cause analysis on security incidents and recommend improvements to security controls Stay updated on industry best practices and evolving attack techniques to ensure effective defenses Job Designation Hybrid : Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency : Minimum 2 days per week; may vary by team but will be weekly in-office expectation) Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role / job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law. What you bring Basic 10+ years of experience in cybersecurity with at least 5 years in incident response (IR) 3+ years of proven experience in an IR management role, with a track record of building, mentoring, and scaling security teams Possess an expert-level background in Security Operations Center (SOC) operations, including incident response, and security monitoring Demonstrate deep proficiency in leveraging threat intelligence to anticipate and mitigate cyber threats, and extensive experience in digital forensics, covering evidence collection, analysis, and reporting Proven experience leading global, cross-functional, and complex security incidents Proficiency in data and SIEM tools (e.g., Splunk, Databricks, Sentinel) Experience working with security automation and orchestration tools (SOAR), including how to prioritize efforts, forecast, and show cost savings Deep understanding of the cyber threat landscape, attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATTCK Proficiency with security tools and technologies such as SIEM / SOAR platforms (e.g., Splunk, Sentinel), EDR, IDS / IPS, network traffic analysis tools (e.g., Zeek, Suricata, Yara), and cloud security solutions, with an understanding of their architecture and integration Proven experience managing a balance of operational and project workloads Preferred Bachelor's or Master's degree in Computer Science, Information Security, or Cybersecurity Industry certifications such as GCIH, GCFA, CISSP, CISM, CEH, or OSCP Hands-on experience with cloud security (AWS, Azure, GCP) Strong analytical and problem-solving skills, with meticulous attention to detail and an engineering approach to root cause analysis Ability to work under pressure and handle multiple priorities Exceptional communication (written and verbal) and presentation skills, with the ability to convey technical findings and recommendations to diverse audiences, including explaining complex engineering concepts Proven ability to collaborate effectively across cross-functional teams, influence stakeholders, and drive consensus, fostering a collaborative engineering environment Passion for continuous learning, operational excellence, and a proactive, adversarial mindset, with a commitment to improving response processes and outcomes Life at Docusign Working here Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At Docusign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live. Accommodation Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at If you experience any issues, concerns, or technical difficulties during the application process please get in touch with our Talent organization at for assistance. Applicant and Candidate Privacy Notice #LI-Hybrid #LI-SA4Basic 10+ years of experience in cybersecurity with at least 5 years in incident response (IR) 3+ years of proven experience in an IR management role, with a track record of building, mentoring, and scaling security teams Possess an expert-level background in Security Operations Center (SOC) operations, including incident response, and security monitoring Demonstrate deep proficiency in leveraging threat intelligence to anticipate and mitigate cyber threats, and extensive experience in digital forensics, covering evidence collection, analysis, and reporting Proven experience leading global, cross-functional, and complex security incidents Proficiency in data and SIEM tools (e.g., Splunk, Databricks, Sentinel) Experience working with security automation and orchestration tools (SOAR), including how to prioritize efforts, forecast, and show cost savings Deep understanding of the cyber threat landscape, attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATTCK Proficiency with security tools and technologies such as SIEM / SOAR platforms (e.g., Splunk, Sentinel), EDR, IDS / IPS, network traffic analysis tools (e.g., Zeek, Suricata, Yara), and cloud security solutions, with an understanding of their architecture and integration Proven experience managing a balance of operational and project workloads Preferred Bachelor's or Master's degree in Computer Science, Information Security, or Cybersecurity Industry certifications such as GCIH, GCFA, CISSP, CISM, CEH, or OSCP Hands-on experience with cloud security (AWS, Azure, GCP) Strong analytical and problem-solving skills, with meticulous attention to detail and an engineering approach to root cause analysis Ability to work under pressure and handle multiple priorities Exceptional communication (written and verbal) and presentation skills, with the ability to convey technical findings and recommendations to diverse audiences, including explaining complex engineering concepts Proven ability to collaborate effectively across cross-functional teams, influence stakeholders, and drive consensus, fostering a collaborative engineering environment Passion for continuous learning, operational excellence, and a proactive, adversarial mindset, with a commitment to improving response processes and outcomesWe are seeking an experienced and proactive CSIRT Manager to join our global security team in India. This pivotal role will be responsible for leading security incident response efforts, ensuring efficient and contextualized alerting, and performing both SOC alert triage and in-depth incident investigations. You will play a critical role in protecting our organization by proactively identifying, investigating, and mitigating threats, and driving continuous improvement in our security posture. This role demands deep expertise in cybersecurity principles, incident response processes, and strong leadership capabilities. This position is a people manager role reporting to the Sr. Director of Security Operations. Responsibility Act as Incident Commander for all security issues across the enterprise Lead the incident response team in identifying, analyzing, and resolving cybersecurity incidents Coordinate with stakeholders for timely and effective resolution Develop and maintain incident response plans, playbooks, and SOPs Manage on-call rotation Communicate clearly with senior management and external stakeholders during and post-incident Prepare detailed incident reports with post-incident analysis and recommendations Collaborate with other cybersecurity teams to improve detection rules, refine security policies, and enhance overall security posture Maintain working relationships with law enforcement when required Analyze security monitoring alerts and respond to cybersecurity incidents Serve as a subject matter expert who defines visibility and response requirements Perform forensic analysis on data and endpoints Lead complex investigations into advanced cyber threats, including malware outbreaks, targeted attacks, and persistent threats Conduct thorough investigations to determine root cause and impact of incidents Use threat intelligence and advanced analytics to identify and address potential threats Implement and oversee remediation measures to prevent recurrence Hunt for hidden threats within enterprise networks using threat intelligence and behavioral analytics proactively Partner with Detection Engineering to refine threat detection rules to improve SOC visibility Create automation solutions for expedient response and effective detection Automate incident and remediation reports, leveraging AI where possible Drive a culture of continuous improvement Perform root cause analysis on security incidents and recommend improvements to security controls Stay updated on industry best practices and evolving attack techniques to ensure effective defenses