Senior Technical Program Manager, Security
At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.
About the Role
We’re looking for a Security Technical Program Manager (TPM) to lead Webflow’s Security program and drive collaboration across different teams in Webflow and Security.
This role blends technical understanding with program leadership — ensuring key projects across information security, across the spectrum of security operations, application security, compliance and specifically vulnerability management. You should have experience with vulnerabilities to ensure they are identified, tracked, triaged, prioritized, and remediated efficiently. You’ll build strong relationships with Application Security, Security Operations, Product, Engineering, Trust & Safety and IT teams to strengthen Webflow’s security posture and operational maturity.
- Location: Remote-first (United States; BC & ON, Canada; Argentina)
- Type: Full-time
As the Security TPM, you will own and coordinate initiatives that scale Webflow’s security processes, reduce risk and better manage Webflow’s attack surface. Your responsibilities will span from direct program ownership to broader cross-team enablement.
Your responsibilities include:
- Coordinate security-wide planning across teams — tracking dependencies, aligning on priorities, and maintaining roadmap visibility.
- Lead the end-to-end Vulnerability Management lifecycle, from discovery to remediation.
- Manage stakeholder communication, and cross-functional alignment. Partner with Engineering to ensure vulnerability ownership, ticket quality, and remediation clarity.
- Experience with AI tooling and workflow automation to better drive efficiency.
- Maintain and improve Jira workflows for vulnerability and security ticketing.
- Develop and publish vulnerability metrics and dashboards for visibility and accountability.
- Identify and resolve process bottlenecks; drive continuous improvement in the vulnerability lifecycle.
- Collaborate with SMEs in AppSec and SecDevOps to maintain full scanning and tooling coverage (e.g., Socket, container scanning, SCA).
- Maintain VM documentation, operating procedures, and readiness for audits (SOC 2, ISO 27001, ISO 42001).
- Identify opportunities for automation or reporting enhancements that scale VM effectiveness.
About you
You’ll thrive as a Senior Security TPM if you:
- Have 3-4 years of program or project management experience in technical domains such as security, infrastructure, or DevOps.
- Have experience coordinating cross-functional delivery between engineering, security, and operations teams.
- Are comfortable working with vulnerability management tools and workflows (e.g., Socket, container scanning, SCA, Jira).
Benefits
- Ownership in what you help build: Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
- Health coverage: Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
- Time off: Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process.
