Sr Manager, CSIRT

Company Overview

What You'll Do

We are seeking an experienced and proactive CSIRT Manager to join our global security team in India. This pivotal role will be responsible for leading security incident response efforts, ensuring efficient and contextualized alerting, and performing both SOC alert triage and in-depth incident investigations. You will play a critical role in protecting our organization by proactively identifying, investigating, and mitigating threats, and driving continuous improvement in our security posture. This role demands deep expertise in cybersecurity principles, incident response processes, and strong leadership capabilities.

This position is a people manager role reporting to the Sr. Director of Security Operations.

• Act as Incident Commander for all security issues across the enterprise

• Lead the incident response team in identifying, analyzing, and resolving cybersecurity incidents

• Coordinate with stakeholders for timely and effective resolution

• Develop and maintain incident response plans, playbooks, and SOPs

• Manage on-call rotation

• Communicate clearly with senior management and external stakeholders during and post-incident

• Prepare detailed incident reports with post-incident analysis and recommendations

• Collaborate with other cybersecurity teams to improve detection rules, refine security policies, and enhance overall security posture

• Maintain working relationships with law enforcement when required

• Analyze security monitoring alerts and respond to cybersecurity incidents

• Serve as a subject matter expert who defines visibility and response requirements

• Perform forensic analysis on data and endpoints

• Lead complex investigations into advanced cyber threats, including malware outbreaks, targeted attacks, and persistent threats

• Conduct thorough investigations to determine root cause and impact of incidents

• Use threat intelligence and advanced analytics to identify and address potential threats

• Implement and oversee remediation measures to prevent recurrence

• Hunt for hidden threats within enterprise networks using threat intelligence and behavioral analytics proactively

• Partner with Detection Engineering to refine threat detection rules to improve SOC visibility

• Create automation solutions for expedient response and effective detection

• Automate incident and remediation reports, leveraging AI where possible

• Drive a culture of continuous improvement

• Perform root cause analysis on security incidents and recommend improvements to security controls

• Stay updated on industry best practices and evolving attack techniques to ensure effective defenses

Job Designation

What You Bring

• 10+ years of experience in cybersecurity with at least 5 years in incident response (IR)
• 3+ years of proven experience in an IR management role, with a track record of building, mentoring, and scaling security teams
• Possess an expert-level background in Security Operations Center (SOC) operations, including incident response, and security monitoring
• Demonstrate deep proficiency in leveraging threat intelligence to anticipate and mitigate cyber threats, and extensive experience in digital forensics, covering evidence collection, analysis, and reporting
• Proven experience leading global, cross-functional, and complex security incidents
• Proficiency in data and SIEM tools (e.g., Splunk, Databricks, Sentinel)
• Experience working with security automation and orchestration tools (SOAR), including how to prioritize efforts, forecast, and show cost savings
• Deep understanding of the cyber threat landscape, attacker tactics, techniques, and procedures (TTPs), and frameworks such as MITRE ATTCK
• Proficiency with security tools and technologies such as SIEM/SOAR platforms (e.g., Splunk, Sentinel), EDR, IDS/IPS, network traffic analysis tools (e.g., Zeek, Suricata, Yara), and cloud security solutions, with an understanding of their architecture and integration
• Proven experience managing a balance of operational and project workloads

• Bachelor's or Master's degree in Computer Science, Information Security, or Cybersecurity
• Industry certifications such as GCIH, GCFA, CISSP, CISM, CEH, or OSCP
• Hands-on experience with cloud security (AWS, Azure, GCP)
• Strong analytical and problem-solving skills, with meticulous attention to detail and an engineering approach to root cause analysis
• Ability to work under pressure and handle multiple priorities
• Exceptional communication (written and verbal) and presentation skills, with the ability to convey technical findings and recommendations to diverse audiences, including explaining complex engineering concepts
• Proven ability to collaborate effectively across cross-functional teams, influence stakeholders, and drive consensus, fostering a collaborative engineering environment
• Passion for continuous learning, operational excellence, and a proactive, adversarial mindset, with a commitment to improving response processes and outcomes

Life At Docusign

Our global benefits