Staff Application Security Engineer, Webflow

• Have 7+ years of experience in application security, including 2+ years of software development focused on security
• Are passionate about security, eager to learn, and enjoy sharing knowledge by explaining complex security concepts to colleagues
• Have expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices
• Have experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities
• Have worked on software supply chain security and led bug bounty programs and security tooling initiatives
• Have successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation
• Have led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams
• Have experience mentoring other application security engineers and fostering security best practices across organizations

• We’re looking for a Staff Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures
• Reporting to the Manager, Application Security
• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
• Bring security best practices to the software development lifecycle
• Work as part of a team to champion security standards while balancing business strategies and requirements
• Support Webflow’s security current and future compliance frameworks
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers
• Cross-train entry and mid-level application security engineers
• In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role

• 100% insurance coverage
• 401K and financial planning
• Paid time off
• Annual retreat and offsites
• 10% time - Take up to 4 hours per week to focus on building skills, working on projects, or learning new Webflow-related things outside of your daily to-do’s.
• Commuter benefits
• Vacation bonus
• Office setup budget
• Health and wellness stipend
• Remote work reimbursements
• Continued education coverage
• Choose your own adventure
• Webflow subscription discount

Total funding: $334.9m

No-code development systems allow users to create and publish the kind of output that was once only possible with the help of a team of developers. Webflow is one such platform that allows non-developers to create professional websites without knowing any code. It joins others such as Pantheon, Weebly, Squarespace, and Wix in a hotly-contested low-code development market. While competition is high, so too is demand, with low-code platforms accounting for more than 65% of application development activity in 2024.