Senior Security Engineer, Infrastructure & Automation

🌍 Remote, USA 🎯 Full-time 🕐 Posted Recently

Job Description

We 9re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow 9s Security Operations team. You 9ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices.

This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering. You 9ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default.

    About the role:
  • Location: Remote-first (United States; BC & ON, Canada; Ireland; United Kingdom; Mexico; Argentina)
  • Full-time
  • Permanent
  • Exempt
  • The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We 9ve structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate 9s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States (all figures cited below are in USD and pertain to workers in the United States)
  • Zone A: [$158,000 - 198,000]
  • Zone B: [$149,000 - 186,000]
  • Zone C: [$139,000 - 174,000]
  • Canada (figures cited below are in CAD and pertain to workers in ON & BC, Canada)
  • [$180,000 - 225,000]
  • Application Information:
  • Application deadline: applications accepted on an ongoing basis until position is closed and filled

As a Senior Security Engineer, you 9ll ...

You 9ll lead and execute cloud security initiatives that strengthen Webflow 9s infrastructure and operational security posture. Responsibilities are grouped by scope and impact.

    Infrastructure Security
  • Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
  • Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
  • Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
  • Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
  • Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
  • Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
  • Contribute to the design and execution of Webflow 9s cloud security roadmap, identifying areas for automation and scalability.
  • Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
  • Translate raw findings into actionable engineering fixes, not just tickets or reports.
    Security Automation & Platform Engineering
  • Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
  • Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
  • Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.
    • About You
    You 9ll thrive as a Senior Security Engineer, Infrastructure & Automation if you:
  • Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
  • Demonstrate strong knowledge of AWS and GCP services and security controls
  • Have hands-on experience securing Kubernetes and containerized workloads.
  • Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
  • Understand network security concepts including firewalls, segmentation, and zero trust.
  • 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components.
  • Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
  • Bring a proactive, builder 9s mindset - identifying and closing gaps before they become issues.
    Our Core Behaviors:
  • Build lasting customer trust. We build trust by taking action that puts customer trust first.
  • Win together. We play to win, and we win as one team. Success at Webflow isn 9t a solo act.
  • Reinvent ourselves. We don 9t just improve what exists, we imagine what 9s possible.
  • Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar.
    Benefits
  • Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
  • Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
  • Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
  • Time off that 9s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
  • Wellness for the whole you. Access to mental health resources, therapy and coaching.
  • Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
  • Monthly stipends that flex with your life. Localized support for work and wellness expenses - from Wi-Fi to workouts.
  • Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.

Apply tot his job

Apply To this Job

Ready to Apply?

Don't miss out on this amazing opportunity!

🚀 Apply Now

Similar Jobs

Recent Jobs

You May Also Like