Security GRC Automation Engineer at Docusign

Bengaluru, karnataka, India -

Full Time

Start Date

Immediate

Expiry Date

15 Mar, 26

Salary

0.0

Posted On

15 Dec, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Security Engineering, Automation, GRC, Python, Go, Azure, GCP, AWS, CI/CD, IaC, Terraform, Ansible, ServiceNow GRC, Compliance, ISO 27001, NIST CSF, PCI-DSS

Industry

Software Development

Description

Company Overview Docusign brings agreements to life. Over 1.5 million customers and more than a billion people in over 180 countries use Docusign solutions to accelerate the process of doing business and simplify people’s lives. With intelligent agreement management, Docusign unleashes business-critical data that is trapped inside of documents. Until now, these were disconnected from business systems of record, costing businesses time, money, and opportunity. Using Docusign’s Intelligent Agreement Management platform, companies can create, commit, and manage agreements with solutions created by the #1 company in e-signature and contract lifecycle management (CLM). What you'll do We are hiring a Security Governance, Risk and Compliance (GRC) Automation Engineer to join our GRC Engineering team. This is a highly technical, hands-on engineering role responsible for building automation systems that deliver continuous security assurance and verifiable compliance at scale. This is an individual contributor role reporting to the Senior Manager of GRC Engineering. Responsibility Design, build, and maintain automation tooling and policy-as-code controls to enforce real-time security requirements across multi-cloud and on-prem environments Engineer and operate scalable data ingestion pipelines (Python/Go, cloud APIs) to collect, normalize, secure, and prove the integrity of compliance evidence Integrate compliance validation directly into CI/CD and IaC pipelines (e.g., Terraform, Ansible) to prevent drift and ensure continuously auditable control states Configure and extend GRC platforms (e.g., ServiceNow GRC) to support real-time control visibility and automatic evidence mapping Translate security, regulatory and compliance requirements into actionable, specific and testable technical controls Perform automated and targeted configuration audits to verify alignment against frameworks such as ISO 27001, NIST CSF, and PCI-DSS Partner closely with Cloud, Platform, and Security Engineering teams to drive consistent, scalable control implementations Job Designation Hybrid: Employee divides their time between in-office and remote work. Access to an office location is required. (Frequency: Minimum 2 days per week; may vary by team but will be weekly in-office expectation) Positions at Docusign are assigned a job designation of either In Office, Hybrid or Remote and are specific to the role/job. Preferred job designations are not guaranteed when changing positions within Docusign. Docusign reserves the right to change a position's job designation depending on business needs and as permitted by local law. What you bring Basic 5+ years in Security Engineering, Automation, or highly technical GRC roles Bachelor’s or Master's degree in a relevant technical field (Computer Science, IT, Security, Software/Computer Engineering) Expert programming skills in Python or Go for developing production-level security and automation tools Deep experience using Azure, GCP, AWS SDKs and APIs for automated evidence and configuration retrieval Proven success building continuous monitoring, compliance drift detection, and automated evidence collection pipelines Practical experience integrating security validation and compliance checks into CI/CD pipelines and IaC tooling (Terraform, Ansible, etc.) Experience configuring or integrating with enterprise GRC platforms (e.g., ServiceNow GRC, AuditBoard) Strong ability to analyze complex data, communicate findings clearly, and produce high-quality technical documentation Preferred Familiarity with Policy-as-Code and declarative enforcement (e.g., Rego/OPA, Sentinel) Relevant industry certifications (e.g., CISSP, AWS Security Specialty) Experience with emerging AI-driven automation (LLM APIs, autonomous agents, workflow orchestration) Working knowledge of major frameworks: PCI-DSS, ISO 27001, OWASP, NIST CSF 2 / 800-53 Life at Docusign Working here Docusign is committed to building trust and making the world more agreeable for our employees, customers and the communities in which we live and work. You can count on us to listen, be honest, and try our best to do what’s right, every day. At Docusign, everything is equal. We each have a responsibility to ensure every team member has an equal opportunity to succeed, to be heard, to exchange ideas openly, to build lasting relationships, and to do the work of their life. Best of all, you will be able to feel deep pride in the work you do, because your contribution helps us make the world better than we found it. And for that, you’ll be loved by us, our customers, and the world in which we live. Accommodation Docusign is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need such an accommodation, or a religious accommodation, during the application process, please contact us at accommodations@docusign.com. If you experience any issues, concerns, or technical difficulties during the application process please get in touch with our Talent organization at taops@docusign.com for assistance. Applicant and Candidate Privacy Notice #LI-Hybrid #LI-SA1

Responsibilities

The Security GRC Automation Engineer will design, build, and maintain automation tooling and policy-as-code controls to enforce real-time security requirements. They will also engineer scalable data ingestion pipelines and integrate compliance validation into CI/CD and IaC pipelines.