Webflow is a visual web development platform that empowers non-coders to create incredible experiences for the web. 

We're looking for a Security Analyst to join our Systems and Integration team to help us lead the effort to evolve our infrastructure to meet future compliance and certification needs. You will establish corporate security requirements by evaluating business strategies and requirements, researching information security standards, performing risk assessments, identifying integration issues, and provide recommendations for remediating identified risk. Additionally, you will lead the review and formal approval process for policy updates. Key responsibilities will be to ensure Information Security Policy and Standard documents meet or exceed industry standards, compliance requirements and customer expectations, coordinating internal and external audits, and maintaining the Information Security program documentation. 

About the role

• Location: San Francisco HQ or remote (anywhere in Western Hemisphere)
• Full-time

As a Security Analyst, you’ll … 

• Act as an advocate of information security policies, standards and as a mechanism to enable the business effectively while managing risk appropriately.
• Act as a Webflow internal subject matter expert and work with product and engineering teams on security procedures regarding governance, monitoring, and remediation practices.
• Implement continuous monitoring solutions to understand and explain security risks and mitigation techniques.
• Partner with internal teams to establish preventative controls to support compliance via automation.
• Stay current on cloud security policies, standards, regulations, and best practices.
• Assist in the implementation of a formalized information security awareness offerings. Support annual renewal and budgeting needs.
• Work with different departments to create necessary awareness, documentation, and security training for all personnel
• Work with the BizOps team to respond to customer questions regarding security, compliance, and resilience.

That being said, these role responsibilities are just the start! At Webflow, we encouraged you to contribute wherever your interests take you — and shape your role accordingly. 

And this isn’t just a philosophical bent: we actually give you 4 hours a week (10% of the work week) to tackle passion projects outside of your role responsibilities. 

About you 

You’ll thrive as a Security Analyst if you:

• Certification in AWS, Security+, CCSP, CISM, or CISSP. If you don't have one of these certifications, you need to have the desire and ability to earn one of them within your first 6 months on the job.
• Familiarity with Infrastructure and Platform Services such as IAM, compute (i. e. EC2, GCE), AWS Key Management Service/Google Cloud Key Management Service, storage (volume/object) etc.
• Knowledge with native cloud security services AWS Trusted Advisor, Amazon Inspector/Google Cloud Security Scanner
• Experience with monitoring tools such as AWS CloudWatch/Google Cloud Monitoring, Splunk etc.
• Awareness with Management Services such as AWS CloudWatch/Google Cloud Monitoring, AWS Lambda/Google Cloud Functions and AWS Config
• Familiarity with cloud security frameworks CSA, NIST, ISO, CIS etc.
• Experience with compliance frameworks such as SOC2 and ISO27001
• Technical skills to identify and assess cloud security vulnerabilities and risks
• Expertise in researching & evaluating identified vulnerabilities and risks posed to the organization’s information and systems
• Produce and provide appropriate reporting to stakeholders 
• Demonstrated experience in administration/management of continuous monitoring solutions
  

However, even if you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that meeting just 50% of a role’s requirements puts you in the running. 

About us 

At Webflow, we believe that our success will not only be defined by what we do — but by how and why we do it. So, here is the Webflow “why” and our “how”: 

Our dual missions — one for the world, one for us

1. For the world: To empower everyone to create for the web and spark an unprecedented wave of digital innovation.
2. For ourselves: Lead fulfilling, impactful lives.

Our core behaviors (how we act)

1. Start with customers
2. Practice extraordinary kindness
3. Be radically candid
4. Move uncomfortably fast
5. Just fix it
6. Lead by serving others
7. Dream big

Our commitments to you 

• We’ll pay you! This is a full-time, salaried position that includes equity
• We’ll invest in your physical and mental well-being with health, dental, and vision benefits and a monthly stipend for health and wellness expenses 
• We’ll pay you to take a vacation … seriously. We’ll give you a $1,000 bonus for taking your first vacation with us that is more than 5 days 
• We offer flexible parental leave for moms and dads
• We provide remote employees with the equipment they need to create a great remote work environment 
• We will offer you the support you need to help you grow as an impactful Security Analyst and a healthy human being 

Ready to apply?

If you share our values and our enthusiasm for empowering the world, we’d love to hear from you!

Note: You'll need valid U.S. work authorization to join us.