At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.

We’re looking for a Staff Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

About the role:

• Location: Remote-first (United States; BC & ON, Canada)
• Full-time
• Permanent
• Exempt
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States  (all figures cited below are in USD and pertain to workers in the United States)
    
    • Zone A: $175,000 - $247,000
    • Zone B: $164,000 - $232,000
    • Zone C: $154,000 - $217,000
  • Canada (figures cited below are in CAD and pertain to workers in ON & BC, Canada)
    • CAD 199,000 - CAD 280,000

This role is also eligible to participate in Webflow's company-wide bonus program. Target amounts are a percentage of base salary and vary by career level. Payouts are based on company performance against established financial and operational goals. 

Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Application Information:
  • Application deadline: applications accepted on an ongoing basis until position is closed and filled
  • This posting is for an existing vacancy
• Reporting to the Manager, Application Security

As a Staff Application Security Engineer, you’ll… 

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
• Bring security best practices to the software development lifecycle.
• Work as part of a team to champion security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future compliance frameworks
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
• Cross-train entry and mid-level application security engineers

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

About you:

Requirements:

• BA/BS degree or equivalent experience

You’ll thrive as a Staff Application Security Engineer if you:

• You bring 7+ years of application security experience, including hands-on software development, and have operated as a technical authority in securing high-complexity, large-scale applications.
• You have deep expertise in secure software design, secure coding, and modern web application security, with a proven ability to identify security design flaws and complex business-logic vulnerabilities, and to drive risk-based remediation