Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web.
We’re looking for a Platform Security Engineer to join the Systems and Infrastructure team to help us secure our next-generation web publishing platform. Work with our team of talented engineers to protect our customers and ensure best security practices are being followed. As the first security engineer hire, you will help define what security looks like at Webflow and will be able to have a very large impact in a growing team by providing technical guidance on software design from a security perspective. You will support our cloud infrastructure by developing tools, building services, and providing consultative services to our engineering teams. You will also work closely with developers to diagnose, document, and remediate application security vulnerabilities as well as educate and mentor engineers as they build and maintain existing services. This is a full-time position located in San Francisco or remote within the US.
As a Platform Security Engineer, you’ll …
- Work on new product security features to help make our platform more secure and support our customer’s security needs
- Help us achieve and maintain security compliance and certification
- Help build, manage, and maintain an AWS architecture that meets accepted best practices for security, reliability, and maintainability
- Conduct threat modeling tied to security services
- Take a leadership role in driving security initiatives at Webflow
- Establish, advocate, and enforce security policies and best practices among our team members.
- Lead efforts to keep our customers’ data and company assets safe.
- Collaborate with colleagues across a variety of teams to architect & ship projects securely
- Investigate security-related reports from customers and security researchers, own our bug bounty program, and help prioritize remediation efforts
- Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly.
- Work on a highly technical platform that empowers hundreds of thousands of people, and serves millions of page views an hour
That said, these role responsibilities are just the start! At Webflow, we encouraged you to contribute wherever your interests take you — and shape your role accordingly.
And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to tackle passion projects directly related to Webflow.
You’ll thrive as Security Engineer if you:
- are an experienced software engineer, preferably a generalist or a specialist with an interest in all aspects of security
- have a solid understanding of OSI model, TCP/IP, HTTP and TLS
- experience supporting and maintaining Node.js applications and APIs
- prefer automating work over manual processes – we love automation and would love you to build your own tools for automating processes
- have extensive experience working in an AWS environment
- have some familiarity with many of the tools we use: Kubernetes, Docker, Terraform, node.js, mongodb
- are able to make pragmatic security decisions, understanding the tradeoffs between alternative approaches.
- are very comfortable behind a linux terminal
- comfortable with using Git
However, even if you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that meeting just 50% of a role’s requirements puts you in the running.
At Webflow, we believe that our success will not only be defined by what we do — but by how and why we do it. So, here is the Webflow “why” and our “how”:
Our dual missions — one for the world, one for us
- For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
- For ourselves: Lead fulfilling, impactful lives.
Our core behaviors (how we act)
- Start with customers
- Practice extraordinary kindness
- Be radically candid
- Move uncomfortably fast
- Just fix it
- Lead by serving others
- Dream big
Our commitments to you
- We’ll pay you! This is a full-time, salaried position that includes equity
- We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses
- We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days
- We offer flexible parental leave for moms and dads
- We provide remote employees with the equipment they need to create a great remote work environment
- We will offer you the support you need to help you grow as an impactful Platform Security Engineer and a healthy human being
Ready to apply?
If you share our values and our enthusiasm for empowering the world, we’d love to hear from you!
Note: You’ll need valid U.S. work authorization to join us.