Senior Application Security Engineer
Webflow
full-time
Posted on:
Location Type: Remote
Location: California • United States
Visit company websiteExplore more
Salary
💰 $139,000 - $250,000 per year
Job Level
About the role
- Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
- Bring security best practices to the software development lifecycle.
- Work as part of a team to champion security standards while balancing business strategies and requirements.
- Support Webflow’s security current and future compliance frameworks
- Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
- Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
- Cross-train entry level application security engineers
Requirements
- BA/BS degree or equivalent experience
- You bring 5+ years of application security experience, including hands-on software development, and have worked on securing high-complexity, large-scale applications.
- You have experience in secure software design, secure coding, and modern web application security, with ability to identify security design flaws and business-logic vulnerabilities, and to drive risk-based remediation with engineering teams.
- You have led threat modeling efforts, and/or conducted penetration testing, or manage third-party pentests, ensuring findings are clearly documented, communicated, and remediated to completion.
- You have managed one or more of application security programs or tooling initiatives such as SCA Supply Chain, SAST, DAST and /or led bug bounty programs
- You have contributed to security controls within large-scale solutions, including designing and/or delivering security features directly into applications (e.g., authorization models, security controls, or admin-level protections) in close collaboration with engineering and partner orgs.
- You have experience using and building automation that leverage agentic AI, including applying AI coding agents to scale security reviews, detection, and automation responsibly.
- You have participated in response efforts for application security incidents, from triage and containment through remediation and post-incident improvements
- Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact.
Benefits
- Equity ownership (RSUs) in a growing, privately-owned company
- 100% employer-paid healthcare, vision, and dental insurance coverage for full-time employees (working 30+ hours per week) and their dependents. Full-time employees may also be eligible for voluntary insurance options where applicable in the respective country of employment
- 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability leave for birthing parents to be used before child bonding leave (note: where local requirements are more generous, employees receive the greater benefit); full-time employees also have access to family planning care and reimbursement
- Flexible PTO for all locations and sabbatical program
- Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
- Monthly stipends to support work and wellness
- 401k plan or pension schemes (in countries where statutorily required), and other financial wellness benefits, like CPA and financial advisor coverage
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
application securitysecure software designsecure codingthreat modelingpenetration testingSCA Supply ChainSASTDASTautomationAI coding agents
Soft Skills
collaborationcommunicationleadershipproblem-solvingcuriosityadaptabilityteamworkrisk managementcritical thinkinggrowth mindset
Certifications
BA/BS degreeequivalent experience