Senior Vulnerability Management Engineer
Webflow (View all Jobs)
1. Short take-home challenge 2. Paid 3-5 day freelance contract project
Programming Languages Mentioned
Python, C#, Ruby
Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web.
We’re looking for a Security Vulnerability Management Engineer on Webflow's Security team, you will work with the Director Security to help us meet current and future security needs.
About the role
- Location: San Francisco or Remote
As a Security Vulnerability Management Engineer , you will …
- Manage and automate overall vulnerability scanning coverage
- Drive application penetration tests and red team projects.
- Review vulnerability scan, pentest, and red team reports
- Assess and triage findings
- Collaborate with external teams and internal security teams
- Shepherd vulnerability tickets through to completion/mitigation
- Automate / script the vulnerability ticket lifecycle
- Establish and maintain relevant vulnerability management metrics to support strategic security roadmap decisions.
- Be a supporting member of Webflow bug bounty program
That said, these responsibilities are just the start! At Webflow, we encourage you to contribute wherever your interests take you — and shape your role accordingly. And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to pursue passion projects outside of your role responsibilities.
You’ll thrive as (a) Security Vulnerability Management Engineer if you:
- Are passionate about staying up to date with the security threat landscape and news
- Are familiar with common Security vulnerabilities (OWASP Top 10, CWE Top 25)
- Have experience working with and supporting security frameworks such as SOC2, ISO27001
- Have experience using Jira
- Have experience with writing automation scripts against API’s
- Have experience with python development
- Have experience with vulnerability scanning tools such as Nessus, Qualys, Claire, AWS Inspector, GitHub Dependabot.
- Are able to effectively drive the mitigation of security issues with other busy teams
- Are knowledgeable of different operating systems (Linux, Windows, MacOS)
- Are knowledgeable of/have experience with software development (i.e. Python, Ruby, etc).
- Are knowledgeable of AWS deployments with an understanding of possible insecure configuration patterns.
- Are knowledgeable of DAST & SAST tools
- Are passionate about security in general, and always hungry to learn.
If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements.
At Webflow, we believe that our success will be defined not only by what we do — but also by how and why we do it. So, here is the Webflow “why” and our “how”:
Our dual missions — one for the world, one for us
- For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
- For ourselves: Lead fulfilling, impactful lives.
Our core behaviors (how we act)
- Start with customers
- Practice extraordinary kindness
- Be radically candid
- Move intentionally fast
- Just fix it
- Lead by serving others
- Dream big
Our commitments to you
- We’ll pay you! This is a full-time, salaried position that includes equity
- We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses
- We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days
- We offer flexible parental leave
- We provide remote employees with the equipment they need to create a great remote work environment
- We will offer you the support you need to help you grow as an impactful Compliance Manager and a human being
Ready to apply?
If you share our values and enthusiasm for empowering the world, we’d love to review your application! We promise we do take the time and care to review every application we receive. However, as much as we wish we could interview everyone who submits an application, we cannot guarantee an interview or feedback due to the unprecedented volume of applications we are receiving today. We are rooting for you, and hope you do consider applying.
Note: You'll need valid U.S. work authorization to join us. (remove if you can hire international candidates
If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes
Webflow requires all new employees to submit proof of their COVID-19 vaccination status as a condition of their employment. As such, your failure to timely provide such information, upon Webflow's request, may result in the revocation of your offer or the termination of your employment with Webflow, as applicable.
At this time, Webflow does not require fully remote employees to be vaccinated against COVID-19. However, you must be fully vaccinated against COVID-19 and provide proof of vaccination to work out of any Webflow office, visit an office, or attend any in person work events, including company off-sites, company sponsored social gatherings, and meetings. As such, at this time, we will only consider individuals who are fully vaccinated against COVID-19 for roles which require any in person work. If, due to the nature of your role, you are at any time during your employment required to work in person, but you are not fully vaccinated against COVID-19, subject to applicable regulations, your employment may be terminated.
We are committed to maintaining a safe and inclusive workplace, and our vaccination policy will evolve in response to the changing risks and regulations associated with COVID-19.
Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄