Senior Security Engineer, Infrastructure & Automation

At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.

We’re looking for a Senior Security Engineer, Infrastructure & Automation to join Webflow’s Security Operations team. You’ll collaborate closely with our Infrastructure Engineering, Infrastructure Security, Enterprise Security, and Application Security teams to harden our AWS and GCP environments, embed security into our CI/CD pipelines, and champion secure-by-default infrastructure practices.

This role is ideal for an engineer who thrives at the intersection of infrastructure security and software engineering. You’ll design and build internal security platforms, APIs, and automation that help Webflow detect, triage, and remediate infrastructure vulnerabilities faster, while enabling engineering teams to ship securely by default.

About the Role

You’ll lead and execute cloud security initiatives that strengthen Webflow’s infrastructure and operational security posture. Responsibilities are grouped by scope and impact.

Infrastructure Security

• Perform infrastructure security reviews across cloud services, network design, IAM, and platform components.
• Design, implement, and maintain secure AWS and GCP infrastructure following best practices (least privilege, network segmentation, encryption, monitoring).
• Partner with infrastructure and platform teams to embed security controls in CI/CD pipelines, infrastructure as code, and containerized environments.
• Own the cloud security posture management (CSPM) strategy, ensuring continuous compliance and automated detection of misconfigurations.
• Collaborate with engineering teams to secure Kubernetes and containerized workloads, ensuring adherence to runtime and image scanning policies.
• Respond to and investigate cloud-related security incidents, providing technical expertise during triage and remediation.
• Contribute to the design and execution of Webflow’s cloud security roadmap, identifying areas for automation and scalability.
• Conduct threat modeling and risk assessments for cloud architecture and new service deployments.
• Translate raw findings into actionable engineering fixes, not just tickets or reports.

Security Automation & Platform Engineering

• Design and build internal security services, APIs, and tools that automate infrastructure vulnerability detection, triage, reporting, and remediation.
• Develop security automation that integrates with CI/CD, cloud control planes, and developer workflows to shift detection and remediation earlier in the lifecycle.
• Experiment with and operationalize agentic and AI-assisted approaches to security detection, analysis, and response as the threat landscape evolves.

About You

You’ll thrive as a Senior Security Engineer, Infrastructure & Automation if you:

• Have 5+ years of experience in cloud security, infrastructure engineering, or security automation (with at least 3 years focused on AWS and GCP).
• Demonstrate strong knowledge of AWS and GCP services and security controls
• Have hands-on experience securing Kubernetes and containerized workloads.
• Are proficient with infrastructure as code (Pulumi, Terraform, CloudFormation)
• Understand network security concepts including firewalls, segmentation, and zero trust.
• 3+ years of automation script authoring for security tasks using Python, Go, Javascript, TypeScript, or similar languages. Comfortable architecting automation solutions using full stack components.
• Are comfortable operating in ambiguous, fast-changing environments, adapting tooling and approaches as threats and technologies evolve.
• Bring a proactive, builder’s mindset — identifying and closing gaps before they become issues.