Senior Application Security Engineer - San Francisco, United States - Webflow

    Webflow
    Webflow San Francisco, United States

    Found in: Lensa US 4 C2 - 1 week ago

    Default job background
    Description
    At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code.

    By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background.

    From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative.

    It's the web, made better.


    We're looking for a Senior Application Security Engineer to help us level up Webflow's secure development practices ranging from secure coding, tooling, and improving procedures.

    About the role

    Location:
    Remote-first (United States; BC & ON, Canada)

    Full-time

    Exempt


    Our cash compensation amount for this role ranges from $130,000 - $178,000 for most US locations and $144,000 - $198,000 for US locations with a higher cost of labor.

    All figures cited above are in $USD and pertain to workers located in the United States.

    Pay is based on several factors including market location, and may vary depending on job related experience, knowledge, qualifications, and skills.

    Reporting to the Director of Security

    As a Senior Application Security Engineer, you'll ...

    Collaborate with the Webflow engineering team to secure Webflow's web application platform and ecosystem.

    Bring security best practices to the software development lifecycle.

    Work as part of a team to champion security standards while balancing business strategies and requirements.

    Support Webflow's security current and future compliance frameworks


    Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.

    Contribute code and architecture improvements to enable security within Webflow's application for engineers.

    Cross-train entry and mid-level application security engineers


    In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

    About you
    You'll thrive as a

    Senior

    Application

    Security Engineer


    if you:
    Have 2+ years of software development experience in security

    Are passionate about security in general, and always hungry to learn


    Have expertise in evaluating application/software with an eye to improve security design, continuous commitment to risk reduction and sustainable security.


    Have experience fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation including planning, communication, and deployment of such tools.

    Have solid experience penetration testing, finding and developing medium complexity application vulnerabilities

    Have experience supporting software supply chain risks

    Have experience with Threat Modeling

    Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.

    Have a solid understanding of web application security, secure software design, and secure coding, and insecure engineering practices.

    Have set-up or supported bug bounty programs.

    Even if you don't meet 100% of the above qualifications, you should still seriously consider applying. Research shows that you may still be considered for a role if you meet just half of the requirements.


    Our Core Behaviors:
    Obsess over customer experience.

    We deeply understand

    what

    we're building and

    who

    we're building for and serving. We define the leading edge of what's possible in our industry and deliver the future for our customers.

    Move with heartfelt urgency.


    We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other.

    Time is the most limited thing we have, and we make the most of every moment.

    Say the hard thing with care.

    Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don't sugarcoat things — and we do so with respect, maturity, and care.

    Make your mark.

    We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as a

    team


    to get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

    Benefits & wellness

    Equity ownership (RSUs) in a growing, privately-owned company


    100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (US; full-time Canadian workers working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent on insurance plan selection.

    Employees also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness


    12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave.

    Employees also have access to family planning care and reimbursement

    Flexible PTO with an mandatory annual minimum of 10 days paid time off, and sabbatical program

    Access to mental wellness coaching, therapy, and Employee Assistance Program

    Monthly stipends to support health and wellness, as well as smart work, and annual stipends to support professional growth

    Professional career coaching, internal learning & development programs

    401k plan and financial wellness benefits, like CPA or financial advisor coverage

    Commuter benefits for in-office workers


    Temporary employees are not eligible for paid holiday time off, accrued paid time off, paid leaves of absence, or company-sponsored perks.

    Be you, with us
    At Webflow, equality is a core tenet of our culture. We are

    committed

    to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences.

    Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law.

    Stay connected

    Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, Twitter, and/or Glassdoor.


    Please note:
    To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.


    If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws.

    We may obtain one or more background screening reports about you, solely for employment purposes.

    Protecting your privacy and the security of your data is a longstanding top priority for Webflow. Please consult our

    Applicant Privacy Notice

    to know more about how we collect, use and transfer the personal data of our candidates.

    #J-18808-Ljbffr