Senior Technical Program Manager, Security

At Webflow, we’re building the world’s leading AI-native Digital Experience Platform, and we’re doing it as a remote-first company built on trust, transparency, and a whole lot of creativity. This work takes grit, because we move fast, without ever sacrificing craft or quality. Our mission is to bring development superpowers to everyone. From entrepreneurs launching their first idea to global enterprises scaling their digital presence, we empower teams to design, launch, and optimize for the web without barriers. We believe the future of the web, and work, is more open, more creative, and more equitable. And we’re here to build it together.

We recently announced that we're opening an office in Buenos Aires, and this role will be one of the first members of the team. Not ready to apply, or not seeing the right role yet? Sign up here to hear about future opportunities and events with the Webflow team in Argentina.

About the Role

We’re looking for a Security Technical Program Manager (TPM) to lead Webflow’s Security program and drive collaboration across different teams in Webflow and Security.

This role blends technical understanding with program leadership — ensuring key projects across information security, across the spectrum of security operations, application security, compliance and specifically vulnerability management. You should have experience with vulnerabilities to ensure they are identified, tracked, triaged, prioritized, and remediated efficiently. You’ll build strong relationships with Application Security, Security Operations, Product, Engineering, Trust & Safety and IT teams to strengthen Webflow’s security posture and operational maturity.

• Location: Remote-first (United States; BC & ON, Canada; Argentina)
• Type: Full-time
• Exempt
• The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
  • United States (all figures cited below are in USD and pertain to workers in the United States)
    • Zone A: $145,000 - $217,000
    • Zone B: $137,000 - $204,000
    • Zone C: $128,000 - $191,000
  • Canada (figures cited below are in CAD and pertain to workers in ON & BC, Canada)
    • $165,000 - $246,000
• Application Information:
  • Application deadline: applications accepted on an ongoing basis until position is closed and filled
  • This posting is for a new position.

As the Security TPM, you will own and coordinate initiatives that scale Webflow’s security processes, reduce risk and better manage Webflow’s attack surface. Your responsibilities will span from direct program ownership to broader cross-team enablement.

• Coordinate security-wide planning across teams — tracking dependencies, aligning on priorities, and maintaining roadmap visibility.
• Lead the end-to-end Vulnerability Management lifecycle, from discovery to remediation.
• Manage stakeholder communication, and cross-functional alignment. Partner with Engineering to ensure vulnerability ownership, ticket quality, and remediation clarity.
• Experience with AI tooling and workflow automation to better drive efficiency.
• Maintain and improve Jira workflows for vulnerability and security ticketing.
• Develop and publish vulnerability metrics and dashboards for visibility and accountability.
• Identify and resolve process bottlenecks; drive continuous improvement in the vulnerability lifecycle.
• Collaborate with SMEs in AppSec and SecDevOps to maintain full scanning and tooling coverage (e.g., Socket, container scanning, SCA).
• Maintain VM documentation, operating procedures, and readiness for audits (SOC 2, ISO 27001, ISO 42001).
• Identify opportunities for automation or reporting enhancements that scale VM effectiveness.

About you

You’ll thrive as a Senior Security TPM if you:

• Have 3-4 years of program or project management experience in technical domains such as security, infrastructure, or DevOps.
• Have experience coordinating cross-functional delivery between engineering, security, and operations teams.
• Are comfortable working with vulnerability management tools and workflows (e.g., Socket, container scanning, SCA, Jira).
• Have strong organizational skills. You can manage timelines, track remediation progress, and maintain clear documentation without losing momentum.
• Communicate clearly and with empathy; you’re proactive about sharing updates, surfacing risks, and keeping teams aligned.
• Understand the importance of balancing speed with security, helping teams make informed tradeoffs that reduce risk without blocking delivery.
• Have experience improving or building processes that make vulnerability management more scalable and predictable.
• Take ownership of your work, follow through on commitments, and escalate blockers early with solutions in mind.
• Thrive in ambiguity. You bring structure and clarity even when priorities shift or data is incomplete.
• Are curious about how security and engineering systems fit together and how to make them stronger.

Nice to Have Experience:

• Exposure to security compliance frameworks such as SOC 2, ISO 27001, or similar audit processes.
• Familiarity with security scanning and reporting tools (Socket, Qualys, or equivalent).
• Experience supporting or coordinating incident response or vulnerability triage workflows.
• Background in SaaS or cloud environments with an understanding of common infrastructure patterns.
• Experience developing dashboards or metrics for vulnerability tracking and remediation progress.
• Prior experience in a fast-paced, remote-first organization or working across distributed teams.

You Are:

• Collaborative: You possess a collaborative spirit, thriving when working with both your immediate team and cross-functional partners.
• Strategic thinker: You're a strategic thinker, adept at defining clear business needs and evaluating solutions to make informed build-versus-buy decisions.
• Comfortable with ambiguity: You navigate ambiguous situations with ease, gathering data and making progress even with incomplete information or unclear requirements.

If you don’t meet 100% of the above qualifications, you should still seriously consider applying. Studies show that you can still be considered for a role if you meet just 50% of the role’s requirements.

Our Core Behaviors:

• Build lasting customer trust. We build trust by taking action that puts customer trust first.
• Win together. We play to win, and we win as one team. Success at Webflow isn't a solo act.
• Reinvent ourselves. We don't just improve what exists, we imagine what's possible.
• Deliver with speed, quality, and craft. We move fast because the moment demands it, and we do so without lowering the bar.

Benefits

• Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
• Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
• Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
• Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
• Wellness for the whole you. Access to mental health resources, therapy and coaching.
• Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
• Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
• Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.

Temporary employees may be eligible for paid holiday and time off, statutory leaves of absence, and company-sponsored medical benefits depending on their Fixed Term Contract and their country/state of employment.

Remote, together

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Upon interview scheduling, instructions for confidential accommodation requests will be administered.

To join Webflow, you'll need a valid right to work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please review Webflow’s Applicant Privacy Notice.