Senior Vulnerability Management Engineer
US Remote
Webflow
Create custom, responsive websites with the power of code — visually. Design and build your site with a flexible CMS and top-tier hosting. Try Webflow for free.Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web.
We’re looking for a Security Vulnerability Management Engineer on Webflow's Security team, you will work with the Director Security to help us meet current and future security needs.
About the role
- Location: San Francisco or Remote
- Full-time
As a Security Vulnerability Management Engineer , you will …
- Manage and automate overall vulnerability scanning coverage
- Drive application penetration tests and red team projects.
- Review vulnerability scan, pentest, and red team reports
- Assess and triage findings
- Collaborate with external teams and internal security teams
- Shepherd vulnerability tickets through to completion/mitigation
- Automate / script the vulnerability ticket lifecycle
- Establish and maintain relevant vulnerability management metrics to support strategic security roadmap decisions.
- Be a supporting member of Webflow bug bounty program
That said, these responsibilities are just the start! At Webflow, we encourage you to contribute wherever your interests take you — and shape your role accordingly. And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to pursue passion projects outside of your role responsibilities.
About you
You’ll thrive as (a) Security Vulnerability Management Engineer if you:
- Are passionate about staying up to date with the security threat landscape and news
- Are familiar with common Security vulnerabilities (OWASP Top 10, CWE Top 25)
- Have experience working with and supporting security frameworks such as SOC2, ISO27001
- Have experience using Jira
- Have experience with writing automation scripts against API’s
- Have experience with python development
- Have experience with vulnerability scanning tools such as Nessus, Qualys, Claire, AWS Inspector, GitHub Dependabot.
- Are able to effectively drive the mitigation of security issues with other busy teams
- Are knowledgeable of different operating systems (Linux, Windows, MacOS)
- Are knowledgeable of/have experience with software development (i.e. Python, Ruby, etc).
- Are knowledgeable of AWS deployments with an understanding of possible insecure configuration patterns.
- Are knowledgeable of DAST & SAST tools
- Are passionate about security in general, and always hungry to learn.
If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements.
About us
At Webflow, we believe that our success will be defined not only by what we do — but also by how and why we do it. So, here is the Webflow “why” and our “how”:
Our dual missions — one for the world, one for us
- For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
- For ourselves: Lead fulfilling, impactful lives.
Our core behaviors (how we act)
- Start with customers
- Practice extraordinary kindness
- Be radically candid
- Move intentionally fast
- Just fix it
- Lead by serving others
- Dream big
Our commitments to you
- We’ll pay you! This is a full-time, salaried position that includes equity
- We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses
- We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days
- We offer flexible parental leave
- We provide remote employees with the equipment they need to create a great remote work environment
- We will offer you the support you need to help you grow as an impactful Compliance Manager and a human being
Ready to apply?
If you share our values and enthusiasm for empowering the world, we’d love to review your application! We promise we do take the time and care to review every application we receive. However, as much as we wish we could interview everyone who submits an application, we cannot guarantee an interview or feedback due to the unprecedented volume of applications we are receiving today. We are rooting for you, and hope you do consider applying.
Note: You'll need valid U.S. work authorization to join us. (remove if you can hire international candidates
If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes
Tags: APIs Automation AWS Compliance DAST GitHub ISO 27001 Jira Linux MacOS Nessus OWASP Python Qualys Red team Ruby SAST SOC 2 Vulnerabilities Vulnerability management Windows
Perks/benefits: Career development Flex hours Flex vacation Health care Home office stipend Parental leave Salary bonus Startup environment Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs