Senior Security Engineer, Infrastructure & Automation

About The Position

Requirements

• Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
• Demonstrate strong knowledge of AWS and GCP services and security controls
• Have hands-on experience securing Kubernetes and containerized workloads.
• Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
• Understand network security concepts including firewalls, segmentation, and zero trust.
• 3+ years of automation script authoring for security tasks using Python, Go, Javascript, Typscript, or similar languages. Comfortable architecting automation solutions using full stack components.
• Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
• Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues.

Responsibilities

• Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
• Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
• Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
• Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
• Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
• Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
• Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability.
• Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
• Translate raw findings into actionable engineering fixes, not just tickets or reports.
• Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
• Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
• Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.

Benefits

• Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
• Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
• Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
• Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
• Wellness for the whole you. Access to mental health resources, therapy and coaching.
• Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
• Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
• Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.