Senior Application Security Engineer

At Webflow, our mission is to bring development superpowers to everyone. As the pioneer of the Website Experience Platform (WXP), we’re redefining how teams Build, Manage, and Optimize for the web — combining visual development, powerful content management systems, AI‑driven personalization, seamless hosting, and end‑to‑end analytics in a single, unified platform. With AI at the core, Webflow helps teams move faster, create more performant digital experiences, and scale without heavy engineering support. From independent designers and creative agencies to global enterprises, hundreds of thousands of organizations use Webflow to turn ideas into reality — and to power what’s possible on the web.

We’re looking for a Senior Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

Remote‑first (Argentina)

Full‑time | Permanent

This role is also eligible to participate in Webflow's company‑wide bonus program. Target amounts are a percentage of base salary and vary by career level. Payouts are based on company performance against established financial and operational goals.

Reporting to the Manager of Application Security

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
• Bring security best practices to the software development lifecycle.
• Work as part of a team to champion security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future compliance frameworks.
• Work to find security vulnerabilities through grey‑box techniques, and propose solutions at the architecture and code level to mitigate findings.
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
• Cross‑train entry and mid‑level application security engineers.

• BA/BS Degree or equivalent experience (required)
• Have 3+ years of application security experience with a solid background in web application security, secure coding, penetration testing, and insecure engineering practices.
• Proficiency with security tooling (SCA, SAST, DAST, API security) and experience writing code to build tools, create exploit scripts, or remediate production vulnerabilities.
• Experience evaluating applications to improve security design, conducting threat modeling, and driving risk reduction through secure SDLC processes, tooling, and automation.
• Hands‑on experience with bug bounty programs, including setup, exploit reproduction, and coordinating remediation.
• Familiarity with leveraging AI for security reviews and coding assistance to enhance application security practices.
• Strong communication skills with a passion for security, continuous learning, and the ability to clearly share knowledge and mentor colleagues.
• Business‑level fluency to read, write and speak in English.

• Build lasting customer trust.
• Win together.
• Reinvent ourselves.
• Deliver with speed, quality, and craft.

• Equity ownership (RSUs) in a growing, privately‑owned company.
• 100% employer‑paid healthcare, vision, and dental insurance coverage for full‑time employees (working 30+ hours per week) and their dependents.
• 12 weeks of paid parental leave for both birthing and non‑birthing caregivers, as well as an additional 6‑8 weeks of pregnancy disability leave for birthing parents to be used before child bonding leave.
• Flexible PTO for all locations and sabbatical program.
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program.
• Monthly stipends to support work and wellness.
• 401k plan or pension schemes (in countries where statutorily required), and other financial wellness benefits, like CPA and financial advisor coverage.

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job‑related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.

To join Webflow, you'll need a valid right to work authorization depending on the country of employment. If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes. For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.