Remote Senior Application Security Engineer - webflow

Description:

• The position is for a Senior Application Security Engineer at Webflow, which is a remote-first role available to candidates in the United States and British Columbia & Ontario, Canada.
• This is a 2-month project that reports to the Manager of Application Security.
• The role involves collaborating with the Webflow engineering team to secure the web application platform and ecosystem.
• The engineer will bring security best practices to the software development lifecycle.
• The position requires working as part of a team to champion security standards while balancing business strategies and requirements.
• The engineer will support Webflow’s current and future compliance frameworks.
• Responsibilities include finding security vulnerabilities through grey-box techniques and proposing solutions at the architecture and code level to mitigate findings.
• The role also involves contributing code and architecture improvements to enable security within Webflow’s application for engineers.
• The engineer will cross-train entry and mid-level application security engineers.

Requirements:

• Candidates must have 2+ years of software development experience in security.
• A passion for security and a continuous desire to learn is essential.
• Expertise in evaluating application/software to improve security design and a commitment to risk reduction and sustainable security is required.
• Experience in fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation is necessary, including planning, communication, and deployment of such tools.
• Solid experience in penetration testing and finding and developing medium complexity application vulnerabilities is required.
• Candidates should have experience supporting software supply chain risks.
• Experience with Threat Modeling is necessary.
• A love for sharing knowledge and the ability to explain complex security concepts to colleagues is essential.
• A solid understanding of web application security, secure software design, secure coding, and insecure engineering practices is required.
• Experience in setting up or supporting bug bounty programs is preferred.

Benefits:

• The position offers the flexibility of remote work.
• Candidates will have the opportunity to work on a project that enhances their skills in application security.
• The role allows for collaboration with a talented engineering team, fostering professional growth and knowledge sharing.
• The engineer will have the chance to contribute to the security posture of a leading web application platform.