Senior Vulnerability Management Engineer

Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web. 

We’re looking for a Security Vulnerability Management Engineer on Webflow's Security team, you will work with the Director Security to help us meet current and future security needs. 

About the role 

• Location: San Francisco or Remote
• Full-time

As a Security Vulnerability Management Engineer , you will … 

• Manage and automate overall vulnerability scanning coverage
• Drive application penetration tests and red team projects.
• Review vulnerability scan, pentest, and red team reports
• Assess and triage findings
• Collaborate with external teams and internal security teams 
• Shepherd vulnerability tickets through to completion/mitigation
• Automate / script the vulnerability ticket lifecycle
• Establish and maintain relevant vulnerability management metrics to support strategic security roadmap decisions.
• Be a supporting member of Webflow bug bounty program

That said, these responsibilities are just the start! At Webflow, we encourage you to contribute wherever your interests take you — and shape your role accordingly. And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to pursue passion projects outside of your role responsibilities. 

About you 

You’ll thrive as (a) Security Vulnerability Management Engineer  if you:

• Are passionate about staying up to date with the security threat landscape and news
• Are familiar with common Security vulnerabilities (OWASP Top 10, CWE Top 25)
• Have experience working with and supporting security frameworks such as SOC2, ISO27001
• Have experience using Jira
• Have experience with writing automation scripts against API’s
• Have experience with python development
• Have experience with vulnerability scanning tools such as Nessus, Qualys, Claire, AWS Inspector, GitHub Dependabot.
• Are able to effectively drive the mitigation of security issues with other busy teams
• Are knowledgeable of different operating systems (Linux, Windows, MacOS)
• Are knowledgeable of/have experience with software development (i.e. Python, Ruby, etc).
• Are knowledgeable of AWS deployments with an understanding of possible insecure configuration patterns.
• Are knowledgeable of DAST & SAST tools
• Are passionate about security in general, and always hungry to learn.

If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements.

About us 

At Webflow, we believe that our success will be defined not only by what we do — but also by how and why we do it. So, here is the Webflow “why” and our “how”: 

Our dual missions — one for the world, one for us

1. For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
2. For ourselves: Lead fulfilling, impactful lives.

Our core behaviors (how we act)

1. Start with customers
2. Practice extraordinary kindness
3. Be radically candid
4. Move intentionally fast
5. Just fix it
6. Lead by serving others
7. Dream big

Our commitments to you 

• We’ll pay you! This is a full-time, salaried position that includes equity
• We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses 
• We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days 
• We offer flexible parental leave 
• We provide remote employees with the equipment they need to create a great remote work environment 
• We will offer you the support you need to help you grow as an impactful Compliance Manager and a human being 

Ready to apply?

If you share our values and enthusiasm for empowering the world, we’d love to review your application! We promise we do take the time and care to review every application we receive. However, as much as we wish we could interview everyone who submits an application, we cannot guarantee an interview or feedback due to the unprecedented volume of applications we are receiving today. We are rooting for you, and hope you do consider applying.

Note: You'll need valid U.S. work authorization to join us. (remove if you can hire international candidates

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes