CrawlJobs Logo

Staff Application Security Engineer

webflow.com Logo

Webflow

Location Icon

Location:
United States; Canada

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

154000.00 - 247000.00 USD; CAD / Year
Save Job
Save Icon
Apply Position

Job Description:

We’re looking for a Staff Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

Job Responsibility:

  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem
  • Bring security best practices to the software development lifecycle
  • Work as part of a team to champion security standards while balancing business strategies and requirements
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers
  • Cross-train entry and mid-level application security engineers

Requirements:

  • BA/BS degree or equivalent experience
  • 7+ years of application security experience, including hands-on software development
  • Deep expertise in secure software design, secure coding, and modern web application security
  • Experience leading threat modeling efforts, conducting advanced penetration testing, and managing third-party pentests
  • Experience designing, implementing, and evolving software supply chain security programs
  • Experience implementing and improving Secure Development Lifecycle (SDLC) processes at scale
  • Experience driving multi-quarter application security roadmaps and complex security programs
  • Experience leading security initiatives within large-scale solutions
  • Experience using and building security solutions that leverage agentic AI
  • Experience participating in and leading response efforts for application security incidents
  • Passionate about security, continuously learning, and able to clearly explain complex security concepts

Nice to have:

Stay curious and open to growth — actively building fluency in emerging technologies like AI to unlock creativity, accelerate progress, and amplify impact

What we offer:
  • Ownership in what you help build (RSUs)
  • Comprehensive medical, dental, and vision plans
  • 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents
  • Inclusive care for family planning, menopause, and midlife transitions
  • Flexible vacation, paid holidays, and a sabbatical program
  • Access to mental health resources, therapy and coaching
  • A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally
  • Monthly stipends for work and wellness expenses
  • Annual WIN bonus program

Additional Information:

Job Posted:
February 18, 2026

Employment Type:
Fulltime
Work Type:
Remote work
Icon
Webflow - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Staff Application Security Engineer

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Melbourne; Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

We’re looking for a Staff Product Security Engineer to lead the design and imple...
Location
Location
United States
Salary
Salary:
184000.00 - 252000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of experience in product, application, or cloud security engineering
  • Deep understanding of secure SDLC, threat modeling, and secure architecture design
  • Proven expertise with AWS cloud security concepts and best practices
  • Strong experience with container security, orchestration, and runtime protection
  • Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling
  • Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure
  • Familiarity with DevSecOps and continuous integration/deployment environments
Job Responsibility
Job Responsibility
  • Embed robust security practices throughout the software and AI development lifecycle (SDLC)
  • Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services
  • Partner with engineering and product teams to ensure security, privacy, and compliance by design
  • Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows
  • Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments
  • Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft
  • Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act
  • Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations
  • Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management
  • Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction
What we offer
What we offer
  • Competitive compensation, benefits, and career growth opportunities
  • Opportunity to shape and drive product security strategy
  • Collaborative and security-minded engineering culture
  • Work on cutting-edge security challenges in a fast-growing company
  • Performance-based bonus, equity, and a generous benefits program
  • Fulltime
Read More
Arrow Right

Security and Application Security Engineer

Beacon Technologies is seeking a Security and Application Security Engineer. The...
Location
Location
United States , Las Vegas
Salary
Salary:
Not provided
beacontechinc.com Logo
Beacon Technologies
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Minimum of five years of Information Security experience with at least two years of application-level security
  • Strong communication skills: ability to convey and document security guidelines, requirements, and coding best practices
  • Familiarity with Security Best Practices in common coding languages
  • Application Penetration Testing / API Security Testing
  • Software Development Life Cycle Design and Implementation
  • Static and Dynamic Application Testing Tools and Methods
  • Container and orchestration security (Kubernetes, Docker, Octopus, GitHub, etc.)
  • Familiarity with Application Security Testing Frameworks such as OWASP
  • Strong logical and analytical thinker
  • exceptional skills in security systems solutions
Job Responsibility
Job Responsibility
  • Operate as a liaison between the Security Team and the Development Teams
  • Preserve PCI and SOX Security Certification programs with a primary focus on ensuring compliance with the appropriate industry standards and security controls
  • Supporting incident response and architecture review whenever applications security expertise is needed
  • Integrating threat modeling practices into the SDLC
  • Work with other staff to perform periodic scans and evaluation of system security including areas such as patch management, penetration testing, vulnerability assessments, and other types of InfoSec-related tasks
  • Assist in identifying and communicating security exposures, information security incidents or non-compliance situations to IT management or the CISO as appropriate. Duties may also include collecting and documenting cyber security and incident response event data as necessary.
What we offer
What we offer
  • Career advancement opportunities
  • extensive training
  • excellent benefits including paying for health and dental premiums for salaried employees.
  • Fulltime
Read More
Arrow Right

Staff Cloud Security Engineer

We're making the world of digital assets accessible and secure for everyone. Joi...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in DevSecOps & automation, security assessment, and cloud-native environments
  • 8+ years of experience on information security
  • Proficiency working in Unix/Linux environments, Git, Python, Terraform, Kubernetes, AWS cloud solutions and architectures, CI/CD tools, configuration management, etc.
  • Hands-on experience with security tooling deployment, monitoring, and incident response
  • Proven track record of cross-functional work, with the ability to collaborate effectively with various teams and stakeholders
  • Excellent presentation and written communication skills
  • Ability to work autonomously, deal with ambiguity, and handle high-pressure situations.
Job Responsibility
Job Responsibility
  • Collaborate with the Infrastructure, the engineering and the Donjon teams to integrate security into the delivery plans, ensure early detection and mitigation of security vulnerabilities
  • Work closely with the Donjon, the product Security team responsible, to provide automation and tooling for product security evaluation integration in CI/CD pipeline
  • Engage in proactive security practices, including penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure
  • Participate in the design and implementation of security architectures, from the design to the risk assessment
  • Act as the primary point of contact for any security incidents, ensuring rapid response, mitigation, and post-incident analysis
  • Drive the adoption of DevSecOps culture, best practices, and methodologies across the organization, ensuring continuous security improvement.
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets, including Apple products
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products.
  • Fulltime
Read More
Arrow Right

Staff Product Security Engineer

As a Staff Product Security Engineer, you will play a crucial role in safeguardi...
Location
Location
France , Paris
Salary
Salary:
Not provided
dashlane.com Logo
Dashlane
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong understanding of application security best practices, including experience with threat modeling and risk assessments
  • Demonstrated experience building or improving an SDLC program
  • Familiarity with CI/CD pipelines and their security implications
  • Familiarity with cloud infrastructure (e.g., AWS, Azure, Kubernetes), and Infrastructure-as-Code (e.g., Terraform)
  • Interest in enabling secure use of AI tools to drive efficiency, creativity, and impact internally
  • Communication & Collaboration: You engage and listen empathetically to others, adjusting your communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences
  • Mentoring: You enjoy using your knowledge and experience to support and uplevel those around you
  • Motivated Learner: You learn new technologies and processes quickly, and understand where to look for knowledge when you need it
  • Adaptability: You are a jack or jane of all trades - you’re comfortable digging into non-technical parts of the business to provide security support and guidance
Job Responsibility
Job Responsibility
  • Drive the continuous improvement of Dashlane’s security program across the product and company
  • Conduct architecture design reviews, threat modeling, and technical security assessments of Dashlane’s product (application and infrastructure) to identify security risks and provide mitigation guidance
  • Ensure security best practices are integrated throughout the software development lifecycle (SDLC)
  • Build upon and scale Vulnerability Management to ensure the team can track, analyze, and manage vulnerabilities and their remediation
  • Perform risk assessments of Dashlane’s internal systems, environments, assets, and data, and implement security best practices accordingly
  • Evaluate and implement security tooling and/or build customized tooling in-house where necessary
  • Participate in Compliance and Incident Response
  • Innovate and propose new forward-looking security features that protect Dashlane and our users
What we offer
What we offer
  • Equal Parental leave - regardless of gender, up to 20 weeks fully paid leave to take care of their new baby, within the first year of birth or adoption
  • Health insurance covered by Dashlane
  • Mentorship program - select your mentor from our internal pool and continue your learning path!
  • Commute allowance
  • Meal Vouchers (Swile)
  • Mental health services through Spring Health for you and family members
  • 4 extra days off (one per quarter) to acknowledge the importance of your wellbeing
  • Spot in daycare
  • Time off saving account
  • Donation matching program - give back to the community and support actions that lead to positive social impact under the historically marginalized communities. Every donation will be matched by Dashlane
  • Fulltime
Read More
Arrow Right

Staff Cloud Security Engineer

We're making the world of digital assets accessible and secure for everyone. Joi...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in DevSecOps & automation, security assessment, and cloud-native environments
  • 8+ years of experience on information security
  • Proficiency working in Unix/Linux environments, Git, Python, Terraform, Kubernetes, AWS cloud solutions and architectures, CI/CD tools, configuration management, etc.
  • Hands-on experience with security tooling deployment, monitoring, and incident response
  • Proven track record of cross-functional work, with the ability to collaborate effectively with various teams and stakeholders
  • Excellent presentation and written communication skills
  • Ability to work autonomously, deal with ambiguity, and handle high-pressure situations
Job Responsibility
Job Responsibility
  • Building and driving the cybersecurity transformation by integrating secure development practices, ensuring application security via automated scanning, and collaborating closely with the Infrastructure, Engineering, and The product security (Donjon) teams
  • Collaborate with the Infrastructure, the engineering and the Donjon teams to integrate security into the delivery plans, ensure early detection and mitigation of security vulnerabilities
  • Work closely with the Donjon, the product Security team responsible, to provide automation and tooling for product security evaluation integration in CI/CD pipeline
  • Engage in proactive security practices, including penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure
  • Participate in the design and implementation of security architectures, from the design to the risk assessment
  • Act as the primary point of contact for any security incidents, ensuring rapid response, mitigation, and post-incident analysis
  • Drive the adoption of DevSecOps culture, best practices, and methodologies across the organization, ensuring continuous security improvement
What we offer
What we offer
  • Equity: Employees are the foundation of our success, and we award stock options so you can share in that success as we grow
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets, including Apple products
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products
  • Fulltime
Read More
Arrow Right

Staff Cloud Security Engineer

We're making the world of digital assets accessible and secure for everyone. Joi...
Location
Location
France , Paris
Salary
Salary:
Not provided
https://www.ledger.com Logo
Ledger
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in DevSecOps & automation, security assessment, and cloud-native environments
  • 8+ years of experience on information security
  • Proficiency working in Unix/Linux environments, Git, Python, Terraform, Kubernetes, AWS cloud solutions and architectures, CI/CD tools, configuration management, etc.
  • Hands-on experience with security tooling deployment, monitoring, and incident response
  • Proven track record of cross-functional work, with the ability to collaborate effectively with various teams and stakeholders
  • Excellent presentation and written communication skills
  • Ability to work autonomously, deal with ambiguity, and handle high-pressure situations.
Job Responsibility
Job Responsibility
  • Collaborate with the Infrastructure, the engineering and the Donjon teams to integrate security into the delivery plans, ensure early detection and mitigation of security vulnerabilities
  • Work closely with the Donjon, the product Security team responsible, to provide automation and tooling for product security evaluation integration in CI/CD pipeline.
  • Engage in proactive security practices, including penetration testing, vulnerability assessments, and Infrastructure Security (IaC) code reviews to ensure Ledger's platforms and applications are secure.
  • Participate in the design and implementation of security architectures, from the design to the risk assessment.
  • Act as the primary point of contact for any security incidents, ensuring rapid response, mitigation, and post-incident analysis.
  • Drive the adoption of DevSecOps culture, best practices, and methodologies across the organization, ensuring continuous security improvement.
What we offer
What we offer
  • Equity
  • Flexibility: A hybrid work policy
  • Social: Annual company outing for Ledgerdary Days, plus frequent social events, snacks and drinks
  • Medical: Comprehensive health insurance policy offering extensive medical, dental and vision care coverage
  • Well-being: Personal development, coaching & fitness with our dedicated partners
  • Vacation: Five weeks of paid leave per year, in addition to national holidays and rest & relaxation (RTT) days
  • High tech: Access to high performance office equipment and gadgets, including Apple products
  • Transport: Ledger reimburses part of your preferred means of transportation
  • Discounts: Employee discount on all our products.
  • Fulltime
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy