Webflow · 22 hours ago
Staff Application Security Engineer
United States
Full-time
Remote
Senior Level, Lead/Staff
$175K/yr - $220K/yr
7+ years expWebflow is building the world’s leading AI-native Digital Experience Platform, and they are seeking a Staff Application Security Engineer to enhance their secure development practices. The role involves collaborating with the engineering team to secure the application platform, implementing security best practices, and supporting compliance frameworks.
CMSWeb DesignWeb Hosting
Responsibilities
Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
Bring security best practices to the software development lifecycle
Work as part of a team to champion security standards while balancing business strategies and requirements
Support Webflow’s security current and future compliance frameworks
Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
Contribute code and architecture improvements to enable security within Webflow’s application for engineers
Cross-train entry and mid-level application security engineers
Qualification
Required
BA/BS degree or equivalent experience
7+ years of application security experience, including hands-on software development, and have operated as a technical authority in securing high-complexity, large-scale applications
Deep expertise in secure software design, secure coding, and modern web application security, with a proven ability to identify security design flaws and complex business-logic vulnerabilities, and to drive risk-based remediation with engineering teams
Regularly lead threat modeling efforts, conduct and oversee advanced penetration testing, and manage third-party pentests, ensuring findings are clearly documented, communicated, and remediated to completion
Designed, implemented, and evolved software supply chain security programs, and have owned or led bug bounty programs and major security tooling initiatives, shaping strategy rather than acting solely as a contributor
Implemented and improved Secure Development Lifecycle (SDLC) processes at scale, including planning, automation, and cross-org communication, influencing how multiple teams build and ship software securely
Driven multi-quarter application security roadmaps and complex security programs, partnering with engineering, product, and platform teams to deliver durable security outcomes
Led security initiatives within large-scale solutions, including designing and delivering security features directly into applications (e.g., authorization models, security controls, or admin-level protections) in close collaboration with engineering and partner orgs
Experience using and building security solutions that leverage agentic AI, including applying AI coding agents to scale security reviews, detection, and automation responsibly
Participated in and led response efforts for application security incidents, from triage and containment through remediation and post-incident improvements
Actively mentor and elevate other application security engineers, and help foster strong security practices and judgment across engineering organizations
Passionate about security, continuously learning, and able to clearly explain complex security concepts to technical and non-technical partners to drive alignment and action
Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact
Benefits
Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
Wellness for the whole you. Access to mental health resources, therapy and coaching.
Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.
Company
Webflow
Webflow is a visual web design platform, CMS, and hosting provider for building production websites and prototypes. It is a sub-organization of Gitshock Finance.
501-1000 employees
H1B Sponsorship
Webflow has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (7)
2024 (10)
2023 (4)
2022 (8)
2021 (5)
Funding
Current Stage
Late StageTotal Funding
$334.9MKey Investors
Y Combinator Continuity FundAccel
2022-03-16Series C· $120M
2021-01-13Series B· $140M
2019-08-06Series A· $72M
Leadership Team
Linda Tong
Chief Executive Officer
Priya Kothari
Chief of Staff to the CEO
Recent News
TechAfrica News
2026-01-16
2026-01-09
Company data provided by crunchbase