Job Closed
This listing is no longer active.
Webflow is the way to design, build, and launch powerful websites visually — without coding.
Senior Security Engineer, Infrastructure & Automation
Location
United States
Posted
52 days ago
Salary
$139K - $225K / year
Seniority
Senior
Job Description
Senior Security Engineer, Infrastructure & Automation
Webflow
At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together. We’re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow’s Security Operations team. You’ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices. This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering. You’ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default. About the role: - Location: Remote-first (United States; BC & ON, Canada; Ireland; United Kingdom; Mexico; Argentina) - Full-time - Permanent - Exempt - The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills. - United States (all figures cited below are in USD and pertain to workers in the United States) - Zone A: [$158,000 - 198,000] - Zone B: [$149,000 - 186,000] - Zone C: [$139,000 - 174,000] - Canada (figures cited below are in CAD and pertain to workers in ON & BC, Canada) - [$180,000 - 225,000] - Application Information: - Application deadline: applications accepted on an ongoing basis until position is closed and filled As a Senior Security Engineer, you’ll … You’ll lead and execute cloud security initiatives that strengthen Webflow’s infrastructure and operational security posture. Responsibilities are grouped by scope and impact. Infrastructure Security - Perform infrastructure security reviews across cloud services, network design, IAM, and platform components. - Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring). - Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments. - Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations. - Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies. - Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation. - Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability. - Conduct threat modeling and risk assessments for cloud architecture and new service deployments. - Translate raw findings into actionable engineering fixes, not just tickets or reports. Security Automation & Platform Engineering - Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation. - Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle. - Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves. About YouYou’ll thrive as a Senior Security Engineer, Infrastructure & Automation if you: - Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP). - Demonstrate strong knowledge of AWS and GCP services and security controls - Have hands-on experience securing Kubernetes and containerized workloads. - Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation) - Understand network security concepts including firewalls, segmentation, and zero trust. - 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components. - Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve. - Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues. Our Core Behaviors: - Build lasting customer trust. We build trust by taking action that puts customer trust first. - Win together. We play to win, and we win as one team. Success at Webflow isn't a solo act. - Reinvent ourselves. We don't just improve what exists, we imagine what's possible. - Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar. Benefits - Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company. - Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums. - Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions. - Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired. - Wellness for the whole you. Access to mental health resources, therapy and coaching. - Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally. - Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts. - Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program. Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment. Be you, with usAt Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records. Stay connectedNot ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor. Please note:We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered. To join Webflow, you'll need a valid right to work authorization depending on the country of employment. If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes. For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.
Benefits
- 401(K), Commuter benefits, Company equity, Company-sponsored outings, Company sponsored family events, Dedicated diversity and inclusion staff, Dental insurance, Disability insurance, Diversity manifesto, Documented equal pay policy, Family medical leave, Fitness stipend, Flexible Spending Account (FSA), Flexible work schedule, Free daily meals, Generous parental leave, Generous PTO, Company-sponsored happy hours, Health insurance, Highly diverse management team, Job training & conferences, Open door policy, Life insurance, Online course subscriptions available, Open office floor plan, Paid holidays, Pair programming, Paid sick days, Partners with nonprofits, Performance bonus, Promote from within, Lunch and learns, Remote work program, Sabbatical, Free snacks and drinks, Team based strategic planning, OKR operational model, Continuing education available during work hours, Mandated unconscious bias training, Unlimited vacation policy, Vision insurance, Wellness programs, Mental health benefits, Home-office stipend for remote employees, Diversity employee resource groups, Hiring practices that promote diversity, Fertility benefits, Employee resource groups, Employee-led culture committees, Day off for your birthday, Quarterly engagement surveys, In-person revenue kickoff, President's club, Employee awards, Diversity recruitment program, Transgender health care benefits, Wellness days, Virtual coaching services, Flexible time off, Floating holidays, Bereavement leave benefits, Hardship benefits, Company-wide vacation
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security Engineer - Vulnerability Detection
CrowdStrikeCrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise. Tested and proven, the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer, Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company, we believe cultivating a connected culture for every employee, no matter where they are in the world, is a key ingredient in building a high-performing, diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?
Title: Security Engineer - Vulnerability Detection (Hybrid) Location: Sunnyvale United States Job Description: As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn't changed - we're here to stop breaches, and we've redefined modern security with the world's most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We're always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About the Role: CrowdStrike is looking for a Vulnerability Detection Engineer for our Exposure Management group. This is an Individual Contributor role in the Exposure Management Content team responsible for researching, developing and delivering our Host and Network Vulnerability Assessment detections for CrowdStrike as also collaborating on the development of new features and technical solutions. This role is hybrid, requiring 2-3 days per week on-site at our Sunnyvale, CA office. This person would work closely with other internal teams and product management to understand the requirements and needs on Vulnerability Detection capabilities for the product. They will be technically involved in the capabilities for Exposure Management to detect, track, report and prioritize vulnerabilities on assets. Strong communication and organizational skills are essential. The successful candidate should have had experience within Exposure Management, Vulnerability Analysis and Detection and be able to develop detection pipelines for vulnerabilities and other threats. Work experience in the security industry is highly desirable, including a strong understanding of some of the current prevalent products in this space. What You'll Do: - Collaborate and lead a Team of Vulnerability Detection Engineers and Researchers to plan, coordinate and execute Vulnerability Detection Coverage for Exposure Management Supported Platforms - Participate and lead Company Thought Leadership efforts and guidance for analysis on prevalent vulnerabilities and Risk Based Vulnerability Management. - Vulnerability data discovery and validation (Data efficacy & Accuracy) - Collaborate with multi-functional teams across various physical locations including product management and other engineering disciplines. - Lead and manage other projects as assigned - AI-Enhanced Vulnerability Detection Research: Leverage generative AI tools to accelerate vulnerability analysis, proof-of-concept development, and detection rule creation while maintaining human oversight for validation and detection accuracy. - Intelligent Vulnerability Assessment Pipeline: Design and implement AI agent workflows to automate multi-step vulnerability validation processes (e.g., discovery, analysis, prioritization, remediation guidance) while ensuring human-in-the-loop verification for critical vulnerability detections and false positive reduction. What You'll Need: - Minimum 5 years of overall experience as an Individual Contributor. Experience in management and leadership roles is a plus. - Ability and desire to being hands on as well as empowering peers while collaborating across different functional areas and products - Ability to develop, coordinate and execute on an engineering roadmap - Ability to communicate and articulate crisply at all levels from executive staff to engineers - Ability to communicate, collaborate, and work effectively in a distributed team - Familiarity and experience with the Agile process - Experience in Cybersecurity Industry - Programming/scripting knowledge for automating day to day tasks - Python/ Perl, Golang. Required Skills: - Understanding of Vulnerabilities, mitigations and remediations - Understanding of Vulnerability and Software Detection techniques - Understanding of Vulnerability Prioritization Models - Experience with Security/Vulnerability detections development and release - Experience of Vulnerability Management product development - Experience designing and implementing validation workflows for Security Based products - Experience working in remote & distributed environments - Solid design and problem-solving skills with a demonstrated passion for engineering excellence, pragmatism, quality, security, and performance - Experience with Go and/or Python automation - Experience with AI/ML models is a plus #LI-AP1 #LI-AM1 #HTF Benefits of Working at CrowdStrike: - Market leader in compensation and equity awards - Comprehensive physical and mental wellness programs - Competitive vacation and holidays for recharge - Paid parental and adoption leaves - Professional development opportunities for all employees regardless of level or role - Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections - Vibrant office culture with world class amenities - Great Place to Work Certified across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance. Find out more about your rights as an applicant. CrowdStrike participates in the E-Verify program. Notice of E-Verify Participation Right to Work CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $100,000 - $145,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off. For detailed information about the U.S. benefits package, please click here.
IT-Consultant - Security Engineer (m/w/x) - Microsoft Security & Infrastructure
Intercon Solutions GmbHWir verbinden IT Fach- und Führungskräfte und Unternehmen
Fully Remote möglich | Unbefristet Unser Klient ist ein großer, etablierter IT-Dienstleister mit einem breiten Leistungsportfolio und mehreren spezialisierten Geschäftsbereichen. Für eine fokussierte Security-Sparte wird ein IT-Consultant mit Schwerpunkt Security Engineering im Microsoft- und Infrastruktur-Umfeld gesucht. Aufgaben - Mitarbeit bei der Konzeption, Konfiguration und Einführung von IT-Security-Lösungen - Mitarbeit in nationalen und internationalen IT-Security-Projekten - Technische Planung und projektbezogene Vorbereitung von Security-Maßnahmen - Identifikation, Analyse und Bewertung von Security-Schwachstellen in Netzwerken und Anwendungen - Dokumentation, Priorisierung und Behebung identifizierter Schwachstellen - Zuarbeit und Unterstützung des Security Managements auf Kundenseite - Unterstützung interner Backoffice- und Security-Strukturen (z. B. SOC, Security Operations) Qualifikation - Gute Kenntnisse im Bereich IT-Security im Windows- und Infrastruktur-Umfeld - Erfahrung mit ESAE, ASAI und Enterprise Access Model - Kenntnisse der Microsoft Defender Produktfamilie von Vorteil - Erfahrung mit Tools wie ADAudit Plus, PingCastle, Schwachstellenscannern, PurpleKnight oder RuneCast wünschenswert - Idealerweise Zertifizierungen im Security- oder Microsoft-Umfeld - Eigenständige, strukturierte Arbeitsweise und professionelles Auftreten - Hohe Lernbereitschaft und Interesse an kontinuierlicher Weiterentwicklung - Freude an einem innovativen, flexiblen Arbeitsumfeld mit Gestaltungsspielraum Benefits - Fully-Remote-Arbeitsmodell (dauerhaft möglich) - Mitarbeit in einer hoch spezialisierten Security-Sparte eines großen IT-Dienstleisters - Spannende, abwechslungsreiche Projekte mit technischem Tiefgang - Attraktives Vergütungspaket inkl. zusätzlichem erfolgsabhängigen Jahresbonus - Strukturiertes, fundiertes Onboarding - Kollegiales, fachlich starkes Team mit Duz-Kultur ab dem ersten Tag - Praxisnahe Weiterbildungs- und Zertifizierungsmöglichkeiten - Regelmäßige Team- und Unternehmensevents - Umfangreiche Sozialleistungen - Flexible Arbeitszeitmodelle (Voll- oder Teilzeit) Interessiert? Wir freuen uns auf deine Bewerbung!
• Erstellen von IT-Security Konzepten und Unterstützung bei der Integration diverser Lösungen im laufenden Betrieb. • Unterstützung unserer Kunden bei der Auswahl geeigneter Security Lösungen/ Strategien. • Fokus auf „Endpoint Security”, XDR "SIEM", "Network Security" & "Cloud Security" SOC Services.
RMF and Cybersecurity Lead
AmyxAmyx is proud to be an Equal Opportunity Employer. All qualified candidates will be considered without regard to race, color, religion, national origin, age, disability, sexual orientation, gender identity, status as a protected veteran, or any other characteristic protected by law. Amyx is a VEVRAA federal contractor and we request priority referral of veterans. Physical Demands Employee needs to be able to sit at a workstation for extended periods; use hand(s) to handle or feel objects, tools, or controls; reach with hands and arms; talk and hear. Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. Must be able to effectively communicate with others verbally and in writing. Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. Regular and predictable attendance is essential.
Role Description Amyx is seeking to hire a RMF and Cybersecurity Lead to join our Defense client in O'Fallon, IL. This position will support RMF compliance, cybersecurity operations, and continuous monitoring. - Develops and maintains RMF artifacts (ATO/ATC, POA&Ms). - Supports vulnerability management and security audits. - Provides cybersecurity reporting and metrics. - Must be experienced in RMF compliance & documentation: - Develop/maintain documentation to obtain ATO/ATC. - Identify evidence/artifacts for A&A packages. - Manage RMF artifacts (risk acceptance memos, POA&Ms, etc.). - Update security documentation in eMASS or Government-selected tools. - Provide A&A metrics. - Continuous monitoring & vulnerability management: - Upload code/security scans/checklists. - Document AP/CCI mappings. - Track POA&Ms. - Audit POA&M items. - Validate privileged user accounts as needed. - Compliance auditing & PPSM: - Support PPSM registry activities. - Ensure declared PPSMs follow applicable instructions. - Support internal/external security audits (including financial/privacy audits). - Cybersecurity operations: - Log analysis. - Support control audits/assessments. - Assess security control effectiveness. - Develop metrics and security posture reporting. - Support change management review for security impacts. - Incident reporting awareness: align reporting actions with DFARS 252.204. - Must have the ability to communicate accurate information. Qualifications - Desired: Secret Clearance. - Must have one CE cert/certificate aligned to OS/tools/devices supported (categories include OS, network support/defense, cloud/virtualization, applications, etc.). - Required: - Experience supporting USTRANSCOM and working at USTC. - Experience supporting DoD. - Demonstrated experience producing recurring cybersecurity deliverables (POA&M status, compliance reports, hygiene/scorecards, risk assessments). - Familiarity with NIST 800‑171 SSP expectations (contractor System Security Plan requirement). Benefits - Medical, Dental, and Vision Plans (PPO & HSA options available). - Flexible Spending Accounts (Health Care & Dependent Care FSA). - Health Savings Account (HSA). - 401(k) with matching contributions. - Roth. - Qualified Transportation Expense with matching contributions. - Short Term Disability. - Long Term Disability. - Life and Accidental Death & Dismemberment. - Basic & Voluntary Life Insurance. - Wellness Program. - PTO. - 11 Holidays. - Professional Development Reimbursement. Company Description Amyx is proud to be an Equal Opportunity Employer. All qualified candidates will be considered without regard to race, color, religion, national origin, age, disability, sexual orientation, gender identity, status as a protected veteran, or any other characteristic protected by law. Amyx is a VEVRAA federal contractor and we request priority referral of veterans. Physical Demands - Employee needs to be able to sit at a workstation for extended periods. - Use hand(s) to handle or feel objects, tools, or controls. - Reach with hands and arms. - Talk and hear. - Most positions require ability to work on desktop or laptop computer for extended periods of time reading, reviewing/analyzing information, and providing recommendations, summaries and/or reports in written format. - Must be able to effectively communicate with others verbally and in writing. - Employee may be required to occasionally lift and/or move moderate amounts of weight, typically less than 20 pounds. - Regular and predictable attendance is essential.
