Staff Application Security Engineer

At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers.

About the role:

• Location: Remote-first (United States; BC & ON, Canada)
• Full-time
• Permanent

The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.

• United States:
  • Zone A: $175,000 - $247,000
  • Zone B: $164,000 - $232,000
  • Zone C: $154,000 - $217,000
• Canada: CAD 199,000 - CAD 280,000

This role is also eligible to participate in Webflow's company-wide bonus program. Target amounts are a percentage of base salary and vary by career level. Payouts are based on company performance against established financial and operational goals.

As a Staff Application Security Engineer, you’ll…

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
• Bring security best practices to the software development lifecycle.
• Work as part of a team to champion security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future compliance frameworks.
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
• Cross-train entry and mid-level application security engineers.

About you:

Requirements:

• BA/BS degree or equivalent experience

You’ll thrive as a Staff Application Security Engineer if you:

• You bring 7+ years of application security experience, including hands-on software development.
• You have deep expertise in secure software design, secure coding, and modern web application security.
• You regularly lead threat modeling efforts and conduct advanced penetration testing.
• You have implemented and improved Secure Development Lifecycle (SDLC) processes at scale.
• You have participated in and led response efforts for application security incidents.

Benefits

• Ownership in what you help build. Every permanent Webflower receives equity (RSUs).
• Health coverage for full-time employees and their dependents.
• 12 weeks of paid parental leave for all parents.
• Flexible vacation and paid holidays.
• Access to mental health resources, therapy, and coaching.
• A 401(k) with 100% employer match (up to $6,000/year).
• All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Webflow is an Equal Opportunity (EEO)/Veterans/Disabled Employer.