Senior Application Security Engineer

WebflowWebflow·Remote(CA Remote (BC & ON only); U.S. Remote)
Cybersecurity

WFA Digital Insight

The demand for skilled application security engineers has skyrocketed, with a 28% increase in job postings over the last year. Webflow, a pioneer in the Website Experience Platform, is at the forefront of this trend. As a Senior Application Security Engineer, you'll collaborate with the engineering team to secure Webflow's platform and ecosystem, bringing security best practices to the software development lifecycle. With the rise of remote work, companies like Webflow are looking for talent who can balance business strategies with security requirements. Before applying, candidates should be aware of the evolving security landscape and the need for continuous learning in this field.

Job Description

About the Role

As a Senior Application Security Engineer at Webflow, you will play a critical role in securing the company's web application platform and ecosystem. You will collaborate with the engineering team to develop and implement secure coding practices, identify security vulnerabilities, and propose solutions to mitigate these findings. Your expertise will help Webflow maintain the trust of its users and protect its platform from potential threats. Webflow is a remote-first company, offering a unique opportunity to work with a talented team of engineers and security experts from the comfort of your own home. You will report to the Sr. Manager, Application Security, and work closely with cross-functional teams to champion security standards and balance business strategies with security requirements.

What You Will Do

  • Collaborate with the Webflow engineering team to secure the web application platform and ecosystem
  • Bring security best practices to the software development lifecycle
  • Work as part of a team to champion security standards while balancing business strategies and requirements
  • Support Webflow's security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
  • Contribute code and architecture improvements to enable security within Webflow's application for engineers
  • Cross-train entry-level application security engineers
  • Develop and maintain documentation of security procedures and standards
  • Participate in code reviews and ensure that security is integrated into the development process

What We Are Looking For

  • BA/BS degree or equivalent experience
  • 5+ years of application security experience, including hands-on software development
  • Experience in secure software design, secure coding, and modern web application security
  • Ability to identify security design flaws and business-logic vulnerabilities
  • Strong understanding of security threats and vulnerabilities in web applications
  • Experience with security testing and vulnerability assessment tools
  • Knowledge of compliance frameworks and regulations, such as HIPAA and PCI-DSS
  • Excellent communication and collaboration skills

Nice to Have

  • Experience with cloud-based security solutions and technologies
  • Knowledge of containerization and orchestration using Docker and Kubernetes
  • Familiarity with security information and event management (SIEM) systems
  • Certification in security, such as CISSP or CEH

Benefits and Perks

  • Competitive salary and bonus structure
  • Opportunity to work with a talented team of engineers and security experts
  • Remote work arrangement with flexible hours
  • Comprehensive benefits package, including health, dental, and vision insurance
  • 401(k) matching program
  • Paid time off and holidays
  • Professional development opportunities and conferences

How to Stand Out

  • Ensure you have a strong understanding of secure coding practices and security vulnerabilities in web applications
  • Be prepared to provide examples of your experience in secure software design and security testing
  • Highlight your ability to communicate complex security concepts to non-technical stakeholders
  • Showcase your knowledge of compliance frameworks and regulations, such as HIPAA and PCI-DSS
  • Be prepared to discuss your experience with security testing and vulnerability assessment tools
  • Consider earning a security certification, such as CISSP or CEH, to demonstrate your expertise

This is a remote position listed on WFA Digital, the platform for professionals who work from anywhere. Browse more remote jobs across all categories.