Key skills
AIAgenticCollaborationPenetration Testing
About this role
Webflow is a pioneer of the Website Experience Platform (WXP), aiming to empower teams in web development. As a Senior Application Security Engineer, you will enhance secure development practices, collaborate with engineering teams, and support compliance frameworks to safeguard Webflow's web application platform.
Responsibilities:
- Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
- Bring security best practices to the software development lifecycle
- Work as part of a team to champion security standards while balancing business strategies and requirements
- Support Webflow’s security current and future compliance frameworks
- Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
- Contribute code and architecture improvements to enable security within Webflow’s application for engineers
- Cross-train entry level application security engineers
Requirements:
- BA/BS degree or equivalent experience
- 5+ years of application security experience, including hands-on software development, and have worked on securing high-complexity, large-scale applications
- Experience in secure software design, secure coding, and modern web application security, with ability to identify security design flaws and business-logic vulnerabilities, and to drive risk-based remediation with engineering teams
- Led threat modeling efforts, and/or conducted penetration testing, or manage third-party pentests, ensuring findings are clearly documented, communicated, and remediated to completion
- Managed one or more of application security programs or tooling initiatives such as SCA Supply Chain, SAST, DAST and/or led bug bounty programs
- Contributed to security controls within large-scale solutions, including designing and/or delivering security features directly into applications (e.g., authorization models, security controls, or admin-level protections) in close collaboration with engineering and partner orgs
- Experience using and building automation that leverage agentic AI, including applying AI coding agents to scale security reviews, detection, and automation responsibly
- Participated in response efforts for application security incidents, from triage and containment through remediation and post-incident improvements
- Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact