Senior Application Security Engineer

Who you are

• BA/BS degree or equivalent experience
• You bring 5+ years of application security experience, including hands-on software development, and have worked on securing high-complexity, large-scale applications
• You have experience in secure software design, secure coding, and modern web application security, with ability to identify security design flaws and business-logic vulnerabilities, and to drive risk-based remediation with engineering teams
• You have led threat modeling efforts, and/or conducted penetration testing, or manage third-party pentests, ensuring findings are clearly documented, communicated, and remediated to completion
• You have managed one or more of application security programs or tooling initiatives such as SCA Supply Chain, SAST, DAST and /or led bug bounty programs
• You have contributed to security controls within large-scale solutions, including designing and/or delivering security features directly into applications (e.g., authorization models, security controls, or admin-level protections) in close collaboration with engineering and partner orgs
• You have experience using and building automation that leverage agentic AI, including applying AI coding agents to scale security reviews, detection, and automation responsibly
• You have participated in response efforts for application security incidents, from triage and containment through remediation and post-incident improvements
• Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact

What the job involves

• We’re looking for a Senior Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures
• Reporting to the Sr. Manager, Application Security
• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
• Bring security best practices to the software development lifecycle
• Work as part of a team to champion security standards while balancing business strategies and requirements
• Support Webflow’s security current and future compliance frameworks
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers
• Cross-train entry level application security engineers
• In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role

Benefits

• Modern & inclusive healthcare coverage
• Retirement saving matches and financial planning
• Flexible paid time off
• Annual retreat and offsites
• WFH Office setup budget
• Health and wellness stipend
• Remote work reimbursements for phone & wifi
• Webflow subscription discount
• Remote-first flexibility