Senior Security Engineer
Remote
United States, Canada, United Kingdom, Ireland
$139,000 - $198,000/yearly
Senior Level
Top Benefits
Inclusive healthcare coverage
401K with financial planning
Flexible paid time off
About the role
Who you are
- This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering
- Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP)
- Demonstrate strong knowledge of AWS and GCP services and security controls
- Have hands-on experience securing Kubernetes and containerized workloads
- Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
- Understand network security concepts including firewalls, segmentation, and zero trust
- 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components
- Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve
- Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues
What the job involves
- We’re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow’s Security Operations team
- You’ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices
- You’ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default
- Application deadline: applications accepted on an ongoing basis until position is closed and filled
- Perform infrastructure security reviews across cloud services, network design, IAM, and platform components
- Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring)
- Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments
- Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations
- Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies
- Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation
- Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability
- Conduct threat modeling and risk assessments for cloud architecture and new service deployments
- Translate raw findings into actionable engineering fixes, not just tickets or reports
- Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation
- Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle
- Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves
The application process
- Application deadline: applications accepted on an ongoing basis until position is closed and filled
Benefits
- Modern & inclusive healthcare coverage
- 401K and financial planning
- Flexible paid time off
- Annual retreat and offsites
- WFH Office setup budget
- Health and wellness stipend
- Remote work reimbursements for phone & wifi
- Webflow subscription discount
- Remote-first flexibility
Similar jobs you might like
Senior Security Engineer
Remote
United States, Canada, United Kingdom, Ireland
$139,000 - $198,000/yearly
Senior Level
Top Benefits
Inclusive healthcare coverage
401K with financial planning
Flexible paid time off
About the role
Who you are
- This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering
- Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP)
- Demonstrate strong knowledge of AWS and GCP services and security controls
- Have hands-on experience securing Kubernetes and containerized workloads
- Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
- Understand network security concepts including firewalls, segmentation, and zero trust
- 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components
- Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve
- Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues
What the job involves
- We’re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow’s Security Operations team
- You’ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices
- You’ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default
- Application deadline: applications accepted on an ongoing basis until position is closed and filled
- Perform infrastructure security reviews across cloud services, network design, IAM, and platform components
- Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring)
- Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments
- Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations
- Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies
- Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation
- Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability
- Conduct threat modeling and risk assessments for cloud architecture and new service deployments
- Translate raw findings into actionable engineering fixes, not just tickets or reports
- Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation
- Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle
- Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves
The application process
- Application deadline: applications accepted on an ongoing basis until position is closed and filled
Benefits
- Modern & inclusive healthcare coverage
- 401K and financial planning
- Flexible paid time off
- Annual retreat and offsites
- WFH Office setup budget
- Health and wellness stipend
- Remote work reimbursements for phone & wifi
- Webflow subscription discount
- Remote-first flexibility