Senior Application Security Engineer

As a Senior Application Security Engineer, you’ll … 

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
• Bring security best practices to the software development lifecycle.
• Work as part of a team to champion security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future compliance frameworks
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
• Cross-train entry and mid-level application security engineers

 About you 

You’ll thrive as a Senior Application Security Engineer  if you:

• Have 2+ years of software development experience in security
• Are passionate about security in general, and always hungry to learn
• Have expertise in evaluating application/software with an eye to improve security design, continuous commitment to risk reduction and sustainable security.
• Have experience fully rolling out secure code development lifecycle (SDLC) processes improvements, tools, and automation including planning, communication, and deployment of such tools.
• Have solid experience penetration testing, finding and developing medium complexity application vulnerabilities
• Have experience supporting software supply chain risks
• Have experience with Threat Modeling 
• Love to share knowledge, and the gift of explaining complex security concepts with your colleagues.
• Have a solid understanding of web application security, secure software design, and secure coding, and insecure engineering practices.
• Have set-up or supported bug bounty programs.