Remoote.app

Work from anywhere. Start here.

Free resume builderCompaniesLog in
Apply

Staff Application Security Engineer

Posted 3 days agoViewed

View full description

💎 Seniority level: Staff, 7+ years

📍 Location: United States, Canada

💸 Salary: 154160.0 - 281060.0 CAD per year

🔍 Industry: Software Development

🏢 Company: Webflow👥 501-1000💰 $120,000,000 Series C almost 3 years ago🫂 Last layoff 8 months agoCMSWeb HostingWeb Design

🗣️ Languages: English

⏳ Experience: 7+ years

🪄 Skills: AWSDockerPythonSoftware DevelopmentCybersecurityGitKubernetesCI/CDRESTful APIsMentoringDevOpsComplianceJSON

Requirements:
  • 7+ years of experience in application security, including 2+ years of software development focused on security.
  • Expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices.
  • Experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities.
  • Have worked on software supply chain security and led bug bounty programs and security tooling initiatives.
  • Have successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation.
  • Have led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams.
  • Have experience mentoring other application security engineers and fostering security best practices across organizations.
Responsibilities:
  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers
Apply

Related Jobs

Apply
🔥 Staff Application Security Engineer
Posted 3 days ago

📍 United States, Canada

🧭 Full-Time

💸 154160.0 - 247690.0 USD per year

🔍 Software Development

  • 7+ years of experience in application security, including 2+ years of software development focused on security.
  • Expertise in secure software design, secure coding, and web application security, with a strong commitment to risk reduction and sustainable security practices.
  • Experience with Threat Modeling, penetration testing, and identifying high-complexity application vulnerabilities.
  • Experience with software supply chain security and led bug bounty programs and security tooling initiatives.
  • Successfully implemented and improved secure development lifecycle (SDLC) processes, including planning, communication, and automation.
  • Led and delivered multi-quarter, complex security projects, application security roadmaps, and medium to large security programs in collaboration with engineering teams.
  • Experience mentoring other application security engineers and fostering security best practices across organizations.
  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers

AWSSoftware DevelopmentCybersecurityCI/CDRESTful APIsMentoringCompliance

Posted 3 days ago
Apply
Apply
🔥 Staff Application Security Engineer
Posted 12 days ago

📍 Canada

🧭 Full-Time

💸 153000.0 - 231000.0 CAD per year

🔍 Software Development

🏢 Company: NerdWallet👥 501-1000💰 Secondary Market almost 4 years ago🫂 Last layoff 7 months agoInternetConsumerFinancial ServicesPersonal Finance

  • 5+ years of experience working in Agile development, with expertise in technologies such as cloud environments (e.g., AWS), application security testing tools (e.g., SAST, DAST, SCA), infrastructure as code (e.g., Terraform), containers (e.g., Docker, Kubernetes), continuous integration (e.g., Jenkins, GitHub Actions), integration of security testing tools into CI pipelines, defect tracking (e.g., Jira), and source code management (e.g., GitHub)
  • Advanced knowledge of: Python, Typescript, and other languages (Go, PHP)
  • High-level understanding of: security weaknesses, exploits, attacks and mitigations
  • In-depth knowledge of common application and network protocols, cryptographic primitives, authentication and authorization protocols, as well as common security threats, including attack techniques, evasive techniques, and preventative and defensive methods
  • Experience leading or participating in Security Development Lifecycle Practices, Threat Modeling, Technical Design Review, and Security Code Review
  • Ensure the timely delivery of high-priority product security initiatives
  • Be a strategic advisor to the Application and Product Security Program
  • Drive key initiatives like Supply Chain Security, Authentication, and Authorization improvements
  • Participate in expanding and maturing NerdWallet’s SSDLC program and its early adoption
  • Partner with cross-functional teams to identify product and application vulnerabilities and propose potential remediation opportunities and prioritization
  • Design and develop security tools and processes to be leveraged by development teams
  • Work closely with engineering to sustain processes or convert manual integrations to automated pipeline activities
  • Help build the Red Team
  • Be a technical mentor to junior members of the team and help develop their skills

AWSDockerPHPPythonKubernetesTypeScriptGoCollaborationCI/CDTerraform

Posted 12 days ago
Apply
Apply
🔥 Senior Staff Application Security Engineer
Posted 24 days ago

📍 United States, Canada, United Kingdom

🧭 Full-Time

💸 150000.0 - 210000.0 CAD per year

🔍 Application Security

🏢 Company: Ping Identity👥 1001-5000💰 $35,000,000 Series F over 10 years ago🫂 Last layoff over 1 year agoGovernmentSecurityIdentity ManagementSoftware

  • 4+ years of proficiency in a mix of Enterprise Application Security, API Security, Web Application Security, and Mobile Application Security
  • 4+ years of developing commercial or open-source products (experience in Java or Javascript preferred) or equivalent experience
  • Exceptional problem-solving skills, curiosity about the inner workings of systems and showing attention to details and documentation
  • Excellent written and oral communication skills
  • Own multiple Security Engineering assignments working with Ping Identity products, processes and tooling
  • Provide technical leadership and mentor other Product Security Engineers
  • Assist in proposing, developing and improving Secure Software Development Lifecycle (SSDLC) practices alongside global, high-performance product engineering teams
  • Work with the product teams to perform architectural, security design/code reviews, vulnerability assessment and management
  • Perform security tasks including (but not limited to) threat modeling, developer training, static code analysis, dynamic runtime fuzzing, building custom tools and automation, and exploit development.
  • Innovate in all aspects of automation of SSDLC tasks including use of Generative AI
  • Assist the presales, support and customer success teams responding to prospect, customer and field questions related to product and industry security
  • Engage with third-party security consultants for independent security assessments, bug bounties and penetration testing of the product

AWSSoftware DevelopmentCybersecurityJavaJavascriptLDAPOAuthCI/CDRESTful APIsLinuxDevOps

Posted 24 days ago
Apply