Sr. Application Security Engineer (Remote)
RulaFull Time
Senior (5 to 8 years)
Candidates should have at least 3 years of application security experience with a strong background in web application security, secure coding, penetration testing, and insecure engineering practices. Proficiency with security tooling such as SCA, SAST, DAST, and API security is required, along with experience writing code for tool development, exploit scripting, or vulnerability remediation. Experience in evaluating applications for security design improvements, conducting threat modeling, and driving risk reduction through secure SDLC processes, tooling, and automation is necessary. Hands-on experience with bug bounty programs, including setup, exploit reproduction, and coordinating remediation, is expected. Familiarity with leveraging AI for security reviews and coding assistance is beneficial. Strong communication skills, a passion for security and continuous learning, and the ability to clearly share knowledge and mentor colleagues are essential. Business-level fluency in English is required.
The Senior Application Security Engineer will collaborate with the engineering team to secure Webflow's web application platform and ecosystem. They will integrate security best practices into the software development lifecycle, champion security standards while balancing business strategies, and support current and future compliance frameworks. The role involves identifying security vulnerabilities through grey-box techniques, proposing architectural and code-level solutions, and contributing code and architecture improvements to enable security within Webflow's application. Additionally, the engineer will cross-train entry and mid-level application security engineers.
Visual web design and development platform
Webflow provides a platform for designing, building, and launching responsive websites without the need for coding. Users can create websites visually, making it accessible to those without technical skills. The platform caters to a wide range of clients, including freelancers, small businesses, and large enterprises, and is particularly favored by designers and marketers. Webflow operates on a subscription-based model, offering various pricing plans that accommodate different needs, from personal websites to advanced e-commerce solutions. Additionally, it provides hosting services and a marketplace for templates and design assets. Unlike traditional web development tools, Webflow's user-friendly interface and comprehensive features set it apart, aiming to simplify web design for everyone.