Senior Security Engineer - Infrastructure & Automation
Remote-first (United States; BC & ON, Canada; Ireland; United Kingdom; Mexico; Argentina)Full-TimeSenior
Salary139,000 - 198,000 USD per year
Apply NowOpens the employer's application page
Job Details
- Experience
- 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
- Required Skills
- AWSPythonGCPJavascriptKubernetesTypeScriptGoTerraformCloudFormation
Requirements
- 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
- Strong knowledge of AWS and GCP services and security controls.
- Hands-on experience securing Kubernetes and containerized workloads.
- Proficient with infrastructure as code (Pulumi, Terraform, CloudFormation).
- Understand network security concepts including firewalls, segmentation, and zero trust.
- 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages.
- Comfortable architecting automation solutions using full stack components.
- Comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
- Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues.
Responsibilities
- Lead and execute cloud security initiatives that strengthen Webflow’s infrastructure and operational security posture.
- Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
- Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
- Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
- Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
- Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
- Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
- Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability.
- Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
- Translate raw findings into actionable engineering fixes, not just tickets or reports.
- Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
- Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
- Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.
View Full Description & ApplyYou'll be redirected to the employer's site
