Webflow is hiring a
Senior Application Security Engineer

Summary

Webflow is seeking a Senior Application Security Engineer to help secure its web application platform and ecosystem. The role involves collaborating with the engineering team, improving security practices, finding vulnerabilities, and contributing code improvements. The position is remote-first, full-time, permanent, and exempt. Compensation varies based on geographic location within the United States or Canada.

Requirements

• Have 2+ years of software development experience in security
• Are passionate about security in general, and always hungry to learn
• Have expertise in evaluating application/software with an eye to improve security design, continuous commitment to risk reduction and sustainable security
• Have experience fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation including planning, communication, and deployment of such tools
• Have solid experience penetration testing, finding and developing medium complexity application vulnerabilities
• Have experience supporting software supply chain risks
• Have experience with Threat Modeling
• Love to share knowledge, and the gift of explaining complex security concepts with your colleagues
• Have a solid understanding of web application security, secure software design, and secure coding, and insecure engineering practices
• Have set-up or supported bug bounty programs

Responsibilities

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
• Bring security best practices to the software development lifecycle
• Work as part of a team to champion security standards while balancing business strategies and requirements
• Support Webflow’s security current and future compliance frameworks
• Find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers
• Cross-train entry and mid-level application security engineers

Benefits

• Equity ownership (RSUs) in a growing, privately-owned company
• 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week)
• 12 weeks of paid parental leave for both birthing and non-birthing caregivers
• Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
• Monthly stipends to support health and wellness, smart work, and professional growth
• Professional career coaching, internal learning & development programs
• 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage