Senior Application Security Engineer
Webflow
full-time
Posted on:
Location: California • 🇺🇸 United States
Visit company websiteSalary
💰 $185,994 - $218,000 per year
Job Level
Senior
Tech Stack
AWSAzureCloudJavaJavaScriptPythonSDLCSQL
About the role
- Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
- Bring security best practices to the software development lifecycle
- Work as part of a team to champion security standards while balancing business strategies and requirements
- Support Webflow’s security current and future compliance frameworks
- Find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
- Contribute code and architecture improvements to enable security within Webflow’s application for engineers
- Cross-train entry and mid-level application security engineers
- Coordinate documentation of computer security or emergency measure policies, procedures, or tests
- Coordinate monitoring of networks or systems for security breaches or intrusions and write reports regarding investigations of information security breaches or network evaluations
- Develop or implement software tools to assist in the detection, prevention, and analysis of security threats
- Conduct risk assessment or execution of system tests to ensure the functioning of data processing activities or security measures
Requirements
- Master’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees
- In lieu of a Master’s degree, a Bachelor’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees, and 5 years of experience in a related Application Security Engineer role is acceptable
- 3 years of experience in: combined experience that includes any of the following: Threat Modeling, architecture reviews, secure code reviews and penetration testing; combined experience deploying and managing SAST, DAST, SCA and API Security tool; deploying and maintaining SDLC tools in CI/CD pipelines; C, C++, Python, SQL, JavaScript and Java; AWS & Cloud Security, Azure, or GitHub
- 2 years of experience in: software development experience in security; developing automated workflows and end-to-end processes to prioritize, report, and remediate vulnerabilities discovered through Application Security Posture Management Tool; creating reporting dashboards to aggregate and track all vulnerability findings
- 1 year of experience in: managing a bug bounty program; handling security incidents, and related response and future improvements
- Valid right to work authorization depending on the country of employment
- Offer may be contingent upon successful completion of a background check