[Remote] Senior Application Security Engineer at Webflow

United States

Apply Now

$185,994 – $218,000Compensation

Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level

Full TimeJob Type

UnknownVisa

Software Development, Biotechnology, SaaSIndustries

Requirements

Candidates must possess a Master's degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, or a closely related field. Alternatively, a Bachelor's degree or foreign equivalent in a related field plus 5 years of experience as an Application Security Engineer is acceptable. The role requires 3 years of combined experience in threat modeling, architecture reviews, secure code reviews, and penetration testing, as well as experience deploying and managing SAST, DAST, SCA, and API Security tools within CI/CD pipelines. Proficiency in C, C++, Python, SQL, JavaScript, and Java, along with experience in AWS & Cloud Security, Azure, or GitHub, is necessary. Additionally, 2 years of software development experience in security and experience developing automated workflows for vulnerability management are required. One year of experience managing a bug bounty program and handling security incidents is also needed.

Responsibilities

The Senior Application Security Engineer will collaborate with the engineering team to secure Webflow's web application platform and ecosystem, integrating security best practices into the software development lifecycle. They will champion security standards while balancing business needs, and support current and future compliance frameworks. Responsibilities include identifying security vulnerabilities through grey-box techniques, proposing architectural and code-level solutions, and contributing code and architecture improvements to enhance application security. The engineer will also cross-train junior application security engineers, coordinate documentation of computer security policies and emergency measures, and monitor networks for security breaches. Developing and implementing software tools for threat detection, prevention, and analysis, as well as conducting risk assessments and system tests, are also key duties.

Skills

Application Security

Web Application Security

Security Best Practices

Software Development Lifecycle (SDLC)

Vulnerability Assessment

Grey-box Testing

Code Review

Architecture Design

Security Standards

Compliance Frameworks

Network Security

Security Monitoring

Incident Response

Security Tool Development

Webflow

Visual web design and development platform

About Webflow

Webflow provides a platform for designing, building, and launching responsive websites without the need for coding. Users can create websites visually, making it accessible to those without technical skills. The platform caters to a wide range of clients, including freelancers, small businesses, and large enterprises, and is particularly favored by designers and marketers. Webflow operates on a subscription-based model, offering various pricing plans that accommodate different needs, from personal websites to advanced e-commerce solutions. Additionally, it provides hosting services and a marketplace for templates and design assets. Unlike traditional web development tools, Webflow's user-friendly interface and comprehensive features set it apart, aiming to simplify web design for everyone.

San Francisco, CaliforniaHeadquarters

2012Year Founded

$325.8MTotal Funding

SERIES_CCompany Stage

Consumer Software, Enterprise SoftwareIndustries

1,001-5,000Employees