At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.

We’re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow’s Security Operations team. You’ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices.

This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering. You’ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default.

About the role:

Location: Remote-first (United States; BC & ON, Canada; Ireland; United Kingdom; Mexico; Argentina)
Full-time
Permanent
Exempt
The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
Application Information:

As a Senior Security Engineer, you’ll …

You’ll lead and execute cloud security initiatives that strengthen Webflow’s infrastructure and operational security posture. Responsibilities are grouped by scope and impact.

Infrastructure Security

Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability.
Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
Translate raw findings into actionable engineering fixes, not just tickets or reports.

Security Automation & Platform Engineering

Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.

About You

You’ll thrive as a Senior Security Engineer, Infrastructure & Automation if you:

Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
Demonstrate strong knowledge of AWS and GCP services and security controls
Have hands-on experience securing Kubernetes and containerized workloads.
Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
Understand network security concepts including firewalls, segmentation, and zero trust.
3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components.
Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues.

Our Core Behaviors:

Build lasting customer trust. We build trust by taking action that puts customer trust first.
**Win together. **We play to win, and we win as one team. Success at Webflow isn't a solo act.
Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
**Deliver with speed, quality, and craft. **We move fast because the moment demands it, and we do so without lowering the bar.

Benefits

Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
**Time off that’s actually off. **Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
**Wellness for the whole you. **Access to mental health resources, therapy and coaching.
**Invest in your future. **A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
**Bonus for building together. **All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.

Be you, with us

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.

To join Webflow, you'll need a valid right to work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

_For information about how Webflow processes your personal information, please review _Webflow’s Applicant Privacy Notice_. _

About the role:

Location: Remote-first (United States; BC & ON, Canada; Ireland; United Kingdom; Mexico; Argentina)
Full-time
Permanent
Exempt
The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
Application Information:

As a Senior Security Engineer, you’ll …

You’ll lead and execute cloud security initiatives that strengthen Webflow’s infrastructure and operational security posture. Responsibilities are grouped by scope and impact.

Infrastructure Security

Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability.
Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
Translate raw findings into actionable engineering fixes, not just tickets or reports.

Security Automation & Platform Engineering

Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.

About You

You’ll thrive as a Senior Security Engineer, Infrastructure & Automation if you:

Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
Demonstrate strong knowledge of AWS and GCP services and security controls
Have hands-on experience securing Kubernetes and containerized workloads.
Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
Understand network security concepts including firewalls, segmentation, and zero trust.
3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components.
Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues.

Our Core Behaviors:

Build lasting customer trust. We build trust by taking action that puts customer trust first.
**Win together. **We play to win, and we win as one team. Success at Webflow isn't a solo act.
Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
**Deliver with speed, quality, and craft. **We move fast because the moment demands it, and we do so without lowering the bar.

Benefits

Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
**Time off that’s actually off. **Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
**Wellness for the whole you. **Access to mental health resources, therapy and coaching.
**Invest in your future. **A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
**Bonus for building together. **All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Be you, with us

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

To join Webflow, you'll need a valid right to work authorization depending on the country of employment.

_For information about how Webflow processes your personal information, please review _Webflow’s Applicant Privacy Notice_. _

Senior Security Engineer, Infrastructure & Automation

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

About the role:

About You

Our Core Behaviors:

Benefits

Be you, with us

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

About the role:

About You

Our Core Behaviors:

Benefits

Be you, with us

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note: