Senior Application Security Engineer
At Webflow, our mission is to bring development superpowers to everyone. As the pioneer of the Website Experience Platform (WXP), we’re redefining how teams Build, Manage, and Optimize for the web — combining visual development, powerful content management systems, AI-driven personalization, seamless hosting, and end-to-end analytics in a single, unified platform. With AI at the core, Webflow helps teams move faster, create more performant digital experiences, and scale without heavy engineering support. From independent designers and creative agencies to global enterprises, hundreds of thousands of organizations use Webflow to turn ideas into reality — and to power what’s possible on the web.
About the Role:
Job Title: Senior Application Security Engineer
Company Name: Webflow, Inc.
Job Site Address: San Francisco, California (Telecommuting from anywhere in the US is permitted)
No travel required
Salary Range: $185,994 to $218,000/year
Job Duties:
Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
Bring security best practices to the software development lifecycle
Work as part of a team to champion security standards while balancing business strategies and requirements
Support Webflow’s security current and future compliance frameworks
Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
Contribute code and architecture improvements to enable security within Webflow’s application for engineers
Cross-train entry and mid-level application security engineers
Coordinate documentation of computer security or emergency measure policies, procedures, or tests
Coordinate monitoring of networks or systems for security breaches or intrusions and write reports regarding investigations of information security breaches or network evaluations
Develop or implement software tools to assist in the detection, prevention, and analysis of security threats
Conduct risk assessment or execution of system tests to ensure the functioning of data processing activities or security measures
Job Requirements:
Master’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees. In lieu of a Master’s degree, a Bachelor’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees, and 5 years of experience in a related Application Security Engineer role is acceptable.
3 years of experience in the following skills:
Combined experience that includes any of the following: Threat Modeling, architecture reviews, secure code reviews and penetration testing
Combined experience deploying and managing SAST, DAST, SCA and API Security tool; deploying and maintaining SDLC tools in CI/CD pipelines
C, C++, Python, SQL, JavaScript and Java
AWS & Cloud Security, Azure, or GitHub
2 years of experience in the following skills:
Software development experience in security
Developing automated workflows and end-to-end processes to prioritize, report, and remediate vulnerabilities discovered through Application Security Posture Management Tool
creating reporting dashboards to aggregate and track all vulnerability findings
1 year of experience in the following skills:
Managing a bug bounty program
Handling security incidents, and related response and future improvements
To Apply:
Send resumes to: catherine.flynn-baksi@webflow.com w/ Ref#VB0825
Our Core Behaviors:
Build lasting customer trust. We build trust by taking action that puts customer trust first.
Win together. We play to win, and we win as one team. Success at Webflow isn't a solo act.
Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar.
Benefits & wellness
Equity ownership (RSUs) in a growing, privately-owned company
100% employer-paid healthcare, vision, and dental insurance coverage for full-time employees (working 30+ hours per week) and their dependents. Full-time employees may also be eligible for voluntary insurance options where applicable in the respective country of employment
12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability leave for birthing parents to be used before child bonding leave (note: where local requirements are more generous, employees receive the greater benefit); full-time employees also have access to family planning care and reimbursement
Flexible PTO for all locations and sabbatical program
Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
Monthly stipends to support work and wellness
401k plan or pension schemes (in countries where statutorily required), and other financial wellness benefits, like CPA and financial advisor coverage
Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.
Remote, together
At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.
Stay connected
Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.
Please note:
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.
To join Webflow, you'll need a valid right to work authorization depending on the country of employment.
If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.
For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.
#BI-DNI
About the job
Apply for this position
Senior Application Security Engineer
At Webflow, our mission is to bring development superpowers to everyone. As the pioneer of the Website Experience Platform (WXP), we’re redefining how teams Build, Manage, and Optimize for the web — combining visual development, powerful content management systems, AI-driven personalization, seamless hosting, and end-to-end analytics in a single, unified platform. With AI at the core, Webflow helps teams move faster, create more performant digital experiences, and scale without heavy engineering support. From independent designers and creative agencies to global enterprises, hundreds of thousands of organizations use Webflow to turn ideas into reality — and to power what’s possible on the web.
About the Role:
Job Title: Senior Application Security Engineer
Company Name: Webflow, Inc.
Job Site Address: San Francisco, California (Telecommuting from anywhere in the US is permitted)
No travel required
Salary Range: $185,994 to $218,000/year
Job Duties:
Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
Bring security best practices to the software development lifecycle
Work as part of a team to champion security standards while balancing business strategies and requirements
Support Webflow’s security current and future compliance frameworks
Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
Contribute code and architecture improvements to enable security within Webflow’s application for engineers
Cross-train entry and mid-level application security engineers
Coordinate documentation of computer security or emergency measure policies, procedures, or tests
Coordinate monitoring of networks or systems for security breaches or intrusions and write reports regarding investigations of information security breaches or network evaluations
Develop or implement software tools to assist in the detection, prevention, and analysis of security threats
Conduct risk assessment or execution of system tests to ensure the functioning of data processing activities or security measures
Job Requirements:
Master’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees. In lieu of a Master’s degree, a Bachelor’s degree or foreign equivalent in Information Security, Computer Science, Computer Engineering, Information Technology, and other closely related degrees, and 5 years of experience in a related Application Security Engineer role is acceptable.
3 years of experience in the following skills:
Combined experience that includes any of the following: Threat Modeling, architecture reviews, secure code reviews and penetration testing
Combined experience deploying and managing SAST, DAST, SCA and API Security tool; deploying and maintaining SDLC tools in CI/CD pipelines
C, C++, Python, SQL, JavaScript and Java
AWS & Cloud Security, Azure, or GitHub
2 years of experience in the following skills:
Software development experience in security
Developing automated workflows and end-to-end processes to prioritize, report, and remediate vulnerabilities discovered through Application Security Posture Management Tool
creating reporting dashboards to aggregate and track all vulnerability findings
1 year of experience in the following skills:
Managing a bug bounty program
Handling security incidents, and related response and future improvements
To Apply:
Send resumes to: catherine.flynn-baksi@webflow.com w/ Ref#VB0825
Our Core Behaviors:
Build lasting customer trust. We build trust by taking action that puts customer trust first.
Win together. We play to win, and we win as one team. Success at Webflow isn't a solo act.
Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar.
Benefits & wellness
Equity ownership (RSUs) in a growing, privately-owned company
100% employer-paid healthcare, vision, and dental insurance coverage for full-time employees (working 30+ hours per week) and their dependents. Full-time employees may also be eligible for voluntary insurance options where applicable in the respective country of employment
12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability leave for birthing parents to be used before child bonding leave (note: where local requirements are more generous, employees receive the greater benefit); full-time employees also have access to family planning care and reimbursement
Flexible PTO for all locations and sabbatical program
Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
Monthly stipends to support work and wellness
401k plan or pension schemes (in countries where statutorily required), and other financial wellness benefits, like CPA and financial advisor coverage
Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.
Remote, together
At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.
Stay connected
Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.
Please note:
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.
To join Webflow, you'll need a valid right to work authorization depending on the country of employment.
If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.
For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.
#BI-DNI