This is Engineering at Lattice

Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.

Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.

What You Will Do

• Mentor and advise product development teams in the area of application security
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Assist in the implementation of security processes and automated tooling that prevent classes of security issues
• Design and implement Typescript code libraries and patterns to improve application security
• Perform security-focused code reviews
• Work with infrastructure teams to ensure our systems are secure
• Support the bug bounty program
• Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Help develop security training and socialize the material with product development teams

What You Will Bring to the Table

Experience it’s important for you to have at some level:

• Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
• Familiarity with secure coding practices
• Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
• Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
• Strong understanding and experience with common security libraries, security controls, and common security flaws
• Strong communication and collaboration skills

Experience that would be helpful:

• Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
• Familiarity with containerization (Docker, containerd, etc) and Kubernetes
• Experience developing and operating cloud systems in AWS
• Experience with GraphQL

----

The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.

#LI-remote

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.

The Department: Application Security

The Role: Senior Application Security Engineer

As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities.

As a Senior Application Security Engineer on the Application Security team’s Product Security group, you will work closely with engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing among other activities.

Responsibilities:

• Support the Gemini Secure Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
• Collaborate and advise engineering teams on application security best practices and vulnerability remediation
• Perform deep-dive security reviews to ensure all Gemini products and services follow secure design principles across our product portfolio (web, mobile, and APIs)
• Develop tools and research to scale the Product Security team
• Create and deliver hands-on software security training to engineering teams to increase security awareness
• Participate in the Application Security on-call rotation to support engineering teams during incidents
• Role activities:
  • Manual source code review
  • Penetration testing
  • Design and implementation review
  • Threat modeling
  • Design and implementation consultation
  • Continuous assurance activities
  • Risk identification and categorization / management
  • Engineering education and engagement

Minimum Qualifications:

• 5+ years of experience in application security or similar roles
• Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
• Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
• Some background in development or scripting experience (Python, Scala, C++, or JavaScript)
• Familiarity with and ability to understand business objectives, business context, and security risk
• Strong communication skills and the ability to collaborate on a cross-functional team

Preferred Qualifications:

• Experience with microservice architectures
• Experience with cloud-native environments
• Experience with preventing application security vulnerabilities through secure design patterns, automated tooling, or frameworks

• Competitive starting salary
• A discretionary annual bonus
• Long-term incentive in the form of a new hire equity grant
• Comprehensive health plans
• 401K with company matching
• Paid Parental Leave
• Flexible time off

Salary Range: The base salary range for this role is between $152,000 - $190,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1

Job Summary

At Bugcrowd, we handle application security assessment at an epic scale. As an Application Security Engineer (ASE) you will curate and manage the incoming security vulnerability submissions to some of the world’s biggest companies’ bug bounty programs. Here are just a few of the reasons why we are the best:

• A tenure at Bugcrowd often means you have worked on not only one company’s security program but potentially on hundreds.
• As an ASE at Bugcrowd you will be exposed to the Internet’s best security researchers and their cutting-edge security testing methodologies. Our ASEs quickly become technically fluent in obscure/complex XSS, SQLi, XXE, IDOR, SSTI, SSRF, and many other vulnerability types. There is no other organization that offers the learning opportunity that Bugcrowd does.

• You will be exposed to things outside of your comfort zone. We routinely run security programs for cars, IoT devices, embedded systems, mobile applications, and more!

• We have an awesome team and tons of perks. We’ve even been selected as one of “The 10 Coolest Security Startups Of 2016” by crn.com.

**Please note we are only considering candidates residing in Brazil

Essential Duties & Responsibilities

An ASE is responsible for the ongoing triage and validation services of Bugcrowd managed programs. Under the direction of the Director of Technical Operations, you will take incoming submission data and curate it for validity, accuracy, and severity as well as communicate directly with Bugcrowd’s clients or researchers when additional information is required. ASEs also handle Incident Response – escalating and communicating about the highest severity bugs to clients. ASEs need to have strong knowledgeof OWASP Top Ten type vulnerabilities. They also usually require a strong skill set in one scripting/development language, often to assist with the design or development of tooling for improving the triage/validation process.  The ASE position is perfect for security professionals looking to take their skills to the next level.

Education, Experience, Skills, & Abilities

• Bachelor’s degree or previous security consulting experience
• Published and demonstrated passion for security assessment research
• High proficiency with Burp Suite (or any other interception proxy) and a working level of experience with other industry standard tools (nmap, sqlmap, anything included in Kali Linux)
• Ability to execute on individual projects but still contribute to the team
• Ability to complete tasks on time
• Strong organization, influencing, and communication skills

Working Conditions

The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.

Sitting and/or standing - Must be able to remain in a stationary position 50% of the time

Carrying and /or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

Available Locations: Austin, New York, and Washington DC.

About the Department

The Security team at Cloudflare is focused and committed to helping secure both Cloudflare and our customers. The Application and Product Security team at Cloudflare is focused on and committed to securing both Cloudflare and our customers. The Application & Product Security team is responsible for keeping our products, and platforms secure.

What you’ll do

We are looking for a Security Engineer to help us in our mission to build a better internet. Part engineer, part hacker, you will work with our engineering and security teams to build solutions for .

• Work with engineering teams to help secure Cloudflare products and platforms
• Assess products and new feature releases through threat modeling, code review and security testing. Also provide guidance on effective countermeasures
• Contribute to security architecture/design and assist in building and rolling out processes for secure code development and deployment
• Build secure frameworks & libraries that engineering teams can use at scale
• Build internal security tools and automate processes that help fix security problems at a massive scale. 
• Managing and prioritizing multiple tasks in accordance with high level objectives

Key skill sets and Knowledge

Security engineers take part in a wide variety of tasks and projects on the team. One individual is not expected to know everything, but a working knowledge in several of the following areas is required: 

• Experience in securing large scale distributed systems
• Experience in designing, building and implementing systems
• Experience in assessing the security posture of systems/services
• Experience in penetration testing and providing mitigating controls
• Strong engineering background and programming experience (Python, Golang, Rust, Bash, etc.)
• Strong communication skills and ability to work with remote teams
• Results and goal-oriented

Compensation

Compensation may be adjusted depending on work location and level.

• Estimated annual salary for Texas based hires $168,000 - $187,000 USD

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

• Medical/Rx Insurance
• Dental Insurance
• Vision Insurance
• Flexible Spending Accounts
• Commuter Spending Accounts
• Fertility & Family Forming Benefits
• On-demand mental health support and Employee Assistance Program
• Global Travel Medical Insurance

Financial Benefits

• Short and Long Term Disability Insurance
• Life & Accident Insurance
• 401(k) Retirement Savings Plan
• Employee Stock Participation Plan

Time Off

• Flexible paid time off covering vacation and sick leave
• Leave programs, including parental, pregnancy health, medical, and bereavement leave

We are looking for a Senior Application Security Engineer to join our team to help us build and secure the Integral Ad Science (IAS) infrastructure and security operations. As part of the Information Security team you will participate and collaborate with multiple Product and R&D teams to ensure that the IAS Platform and our architecture remains secure and compliant. We are a small but growing group of dedicated hard working individuals working to secure IAS relying on our experience and industry standards and we are looking for a dynamic, personable individual to join this team.  If you enjoy the pace of the changing security landscape and an environment where you can make a direct and visible impact, then IAS is the place for you.

What you’ll get to do:

• • Define, plan and carry out IAS’ security framework and application protections
  • Develop security standards & best practices for the R&D organization as well as recommend security enhancements to management as needed
  • Develop strategies to respond to and recover from security vulnerabilities and incidents
  • Educating the workforce on secure application security through training and security awareness.
  • Attain Security training and certification
  • Evaluate and recommend additional tools to enhance our application security posture
  • Develop automation to implement and improve security processes across the SDLC
  • Work with multiple teams for secure devops release cycle

You should apply if you have most of this:

• • 5- 10 + years of application security experience with a development or coding background
  • Direct experience working with code analysis products (SAST, DAST, IAST etc.)
  • Experience with threat modeling and penetration testing using both manual and automated methods. 
  • CI/CD experience using tools such as Github, Jenkins, etc. 
  • Practical knowledge of one or more relevant coding languages (e.g. Java, python, go, kotlin, scala, typescript, etc.) 
  • Familiarity with architecting or developing cloud native applications with AWS services
  • Familiarity with common cloud security tooling such as CSPMs, SIEM, etc.
  • Familiarity with cloud provisioning tools such as Terraform, Cloud Formation with focus on security
  • Experience planning, researching and developing security policies, standards and procedures with comprehensive documentation
  • Experience working with development, engineering and architecture teams to ensure security best practices are followed.
  • Ability to communicate effectively and work independently utilizing critical thinking skills, the ability to learn new concepts and problem solving as they arise

About Integral Ad Science

Equal Opportunity Employer:

IAS is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age. We strongly encourage women, people of color, members of the LGBTQIA community, people with disabilities and veterans to apply.

To learn more about us, please visithttp://integralads.com/andhttps://muse.cm/2t8eGlN

Attention agency/3rd party recruiters: IAS does not accept any unsolicited resumes or candidate profiles. If you are interested in becoming an IAS recruiting partner, please send an email introducing your company to recruitingagencies@integralads.com. We will get back to you if there's interest in a partnership.

#LI-Hybrid

We’re looking for an experienced Senior Application Security Engineer to help us secure the next generation of products which will go beyond just ID and enable our members to leverage the power of a networked digital identity. As a Senior Security Engineer at CLEAR, you will participate in the design, implementation, testing, and deployment of applications to build and enhance our platform- one that interconnects dozens of attributes and qualifications while keeping member privacy and security at the core. 

A brief highlight of our tech stack:

• Java / Javascript / React / Typescript / Python / Postgres
• AWS cloud 

What you'll do:

• Work side by side with engineering and product resources to define security requirements for new features and services
• Build threat models, testing plans, and validation strategies to ensure a high secure bar for the system
• Review code, infrastructure, and architecture for common security flaws, as well as bespoke, business logic flaws
• Perform and manage penetration tests of critical features
• Develop and maintain tools and infrastructure, such as SAST and DAST scanning 
• Bridge and facilitate communication between engineering teams and other parts of the Security organization

What you're great at:

• You understand how to analyze a system and look for potential threats at every stage of the SDLC. You have experience with system design reviews, threat modeling, and common vulnerabilities in Web and Mobile applications
• You have worked with cloud-based architectures, especially those built on AWS and Kubernetes
• You can write software beyond small scripts, and you are proficient in one (or more) of the following languages: Java, Javascript, Python
• You are a strong communicator who can explain security concepts to a variety of audiences and levels, as well as work collaboratively across technical and non-technical teams
• You are comfortable with high levels of autonomy and delivering on complex goals

How You'll be Rewarded:

At CLEAR we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members who are motivated by our mission of making experiences safer and easier. Our hybrid work environment provides flexibility. In our offices, you’ll enjoy benefits like meals and snacks. We invest in your well-being and learning & development with our stipend and reimbursement programs. 

We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility and adoption/surrogacy support), flexible time off, free OneMedical memberships for you and your dependents, and a 401(k) retirement plan with employer match. The base salary range for this role is $150,000 - $190,000, depending on levels of skills and experience.

The base salary range represents the low and high end of CLEAR’s salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. The range listed is just one component of CLEAR’s total compensation package for employees and other rewards may include annual bonuses, commission, Restricted Stock Units

About CLEAR

Have you ever had that green-light feeling? When you hit every green light and the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 25+ million passionate members and hundreds of partners around the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, and more seamless experiences - making them all feel like magic.

CLEAR provides reasonable accommodation to qualified individuals with disabilities or protected needs. Please let us know if you require a reasonable accommodation to apply for a job or perform your job. Examples of reasonable accommodation include, but are not limited to, time off, extra breaks, making a change to the application process or work procedures, policy exceptions, providing documents in an alternative format, live captioning or using a sign language interpreter, or using specialized equipment.

#LI-Hybrid #LI-Onsite

About The Role

Pagoda's growing security team seeks an Application Security Engineer to help us enhance the security of our cutting-edge blockchain applications. Partnering closely with our engineering and product teams, you'll play a vital role in applying your security expertise throughout the software development lifecycle.

What You’ll Be Doing

• Work alongside engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing.
• Participate in secure code review and penetration testing efforts, honing your skills with hands-on experience under the guidance of senior team members.
• Contribute to deep-dive security reviews of our web, mobile, and API products to ensure they adhere to secure design principles.
• Participate in security training and share your learnings with the broader engineering team to foster a culture of security awareness.
• Assist in incident response to gain valuable real-world experience and help protect Pagoda's systems and data.
• Gain exposure to SAST/DAST tools (Snyk, Stackhawk), bug bounty analysis, and risk assessment, building a foundation for future growth.

What We’re Looking For

• 5+ years of experience in application security or a related field, with a passion for learning and growing your skillset.
• A solid understanding of security fundamentals and common vulnerabilities (e.g., XSS, CSRF, SQL Injection).
• A knack for identifying potential risks and collaborating with engineers to find effective solutions.
• The ability to effectively communicate security concepts to both technical and non-technical audiences.
• A collaborative mindset and a willingness to learn from and teach others

We’d Love If You Have

• Familiarity with one or more programming languages (Python, JavaScript, Rust) to aid in code review and vulnerability analysis.
•  An interest in blockchain technology and a desire to contribute to the security of the Web3 ecosystem.

Here’s What Our Interview Process Looks Like

Our interviews take place via Zoom and typically consists of the following stages:

• Recruiter Call
• Hiring Manager Call
• 1st Round
  • Bug Bounty Interview
  • Technical Assessment with Engineering 
• Final Round
  
  • Meet with CTO
  • Pagoda Values Interview

Compensation

The base salary range for this role is $153,000 - $170,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process. 

Application Security Engineer

About the role:

This hands-on security engineering position will be part of StockX's Information Security Cloud & Application Engineering team, leading efforts to enhance the security of software development practices. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you’ll do

• Assist software development architects on secure coding and architecture practices
• Assist with metric collection and application methodologies for internal information risk management efforts
• Consult with teams to ensure data is properly handled throughout our environment
• Collaborate with business, technology, project management, architecture and information security teams to deliver secure solutions that support our business
• Serve as a liaison between the business and IT for technical security projects
• Stay current on information security practices
• Perform qualitative risk assessments on systems and applications
• Work with information security analysts to ensure visibility and security controls are implemented and maintained
• Enhance technologies and processes for information security analysts
• Participation in one or more of the following:
• Maintaining the organization’s security information tools (AlienVault, Snyk, GitGuardian, ServiceNow, etc)
• Conducting code reviews and assisting with remediations across multiple apps and services (PHP, React, iOS, Android, NodeJS, etc)
• Help drive the shift left movement within StockX by implementing tooling within our CI/CD pipelines (DevSecOps)
• Driving best practices for AWS Cloud Security in greenfield projects, reviewing current practices, and auditing current policies/infrastructure
• Serving as a liaison between Compliance and Engineering to ensure we are meeting our regulatory requirements

About you

• 3 years in a technical IT security role
• GIAC, GSEC, OSCP or other security certifications preferred
• Experience with web application security, including OWASP Top 10 vulnerabilities
• Familiarity with SecDevOps and CI/CD best practices
• Knowledge of cloud security, including AWS
• Knowledge of container security, including Docker or Kubernetes
• Excellent communication and interpersonal skills
• Strong problem-solving skills and attention to detail
• Willingness to learn and get up to speed quickly.
• Excellent analytical, organizational, and communication skills. Ability to say No.
• Experience and ability to mentor senior and junior engineers in the team for best outcomes.

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $120,000 to $145,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses. Compensation is dependent on geography and may vary.

At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

We’re looking for a Staff Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

About the role 

• Location: Remote-first (United States; BC & ON, Canada) 
• Full-time 
• Permanent
• Exempt 
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States  (all figures cited below in USD and pertain to workers in the United States)
    • Zone A: $191,600 - $260,600
    • Zone B: $180,100 - $245,000
    • Zone C: $168,600 - $229,350 
  • Canada  (All figures cited below in CAD and pertain to workers in ON & BC, Canada)
    
    • CAD 217,000 - CAD 296,350

• Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

• Reporting to the Manager, AppSec

As a Staff Application Security Engineer, you’ll … 

• Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
• Bring security best practices to the software development lifecycle.
• Work as part of a team to champion security standards while balancing business strategies and requirements.
• Support Webflow’s security current and future compliance frameworks
• Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
• Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
• Cross-train entry and mid-level application security engineers

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

About you 

You’ll thrive as a Staff Application Security Engineer if you:

• Has 7+ years of experience in application security
• Has led medium to large application security programs 
• Has led and delivered multi-quarter/complex security projects
• Has experience mentoring other application security engineers
• Led application security roadmaps in collaboration with engineering teams and organizations.
• Significant experience penetration testing, finding and developing high complexity application vulnerabilities.

Our Core Behaviors:

• Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
• Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
• Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
• Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

Benefits & wellness

• Equity ownership (RSUs) in a growing, privately-owned company
• 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent care Flexible Spending Account (US only), dependent on insurance plan selection where applicable in the respective country of employment; Employees may also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness where applicable in the respective country of employment
• 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave (where local requirements are more generous employees receive the greater benefit); Employees also have access to family planning care and reimbursement
• Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations (where local requirements are more generous employees receive the greater benefit), and sabbatical program
• Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
• Monthly stipends to support health and wellness, smart work, and professional growth
• Professional career coaching, internal learning & development programs
• 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage
• Discounted Pet Insurance offering (US only)
• Commuter benefits for in-office employees

Remote, together

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please reviewWebflow’s Applicant Privacy Notice.