Note: The job is a remote job and is open to candidates in USA. Webflow is building the world’s leading AI-native Digital Experience Platform, and they are seeking a Security Technical Program Manager to lead their Security program. This role involves driving collaboration across teams and managing the Vulnerability Management lifecycle to strengthen Webflow’s security posture.
Responsibilities
• Coordinate security-wide planning across teams — tracking dependencies, aligning on priorities, and maintaining roadmap visibility
• Lead the end-to-end Vulnerability Management lifecycle, from discovery to remediation
• Manage stakeholder communication, and cross-functional alignment. Partner with Engineering to ensure vulnerability ownership, ticket quality, and remediation clarity
• Experience with AI tooling and workflow automation to better drive efficiency
• Maintain and improve Jira workflows for vulnerability and security ticketing
• Develop and publish vulnerability metrics and dashboards for visibility and accountability
• Identify and resolve process bottlenecks; drive continuous improvement in the vulnerability lifecycle
• Collaborate with SMEs in AppSec and SecDevOps to maintain full scanning and tooling coverage (e.g., Socket, container scanning, SCA)
• Maintain VM documentation, operating procedures, and readiness for audits (SOC 2, ISO 27001, ISO 42001)
• Identify opportunities for automation or reporting enhancements that scale VM effectiveness
Skills
• 3-4 years of program or project management experience in technical domains such as security, infrastructure, or DevOps
• Experience coordinating cross-functional delivery between engineering, security, and operations teams
• Comfortable working with vulnerability management tools and workflows (e.g., Socket, container scanning, SCA, Jira)
• Strong organizational skills. You can manage timelines, track remediation progress, and maintain clear documentation without losing momentum
• Communicate clearly and with empathy; you're proactive about sharing updates, surfacing risks, and keeping teams aligned
• Understand the importance of balancing speed with security, helping teams make informed tradeoffs that reduce risk without blocking delivery
• Experience improving or building processes that make vulnerability management more scalable and predictable
• Take ownership of your work, follow through on commitments, and escalate blockers early with solutions in mind
• Thrive in ambiguity. You bring structure and clarity even when priorities shift or data is incomplete
• Curious about how security and engineering systems fit together and how to make them stronger
• Exposure to security compliance frameworks such as SOC 2, ISO 27001, or similar audit processes
• Familiarity with security scanning and reporting tools (Socket, Qualys, or equivalent)
• Experience supporting or coordinating incident response or vulnerability triage workflows
• Background in SaaS or cloud environments with an understanding of common infrastructure patterns
• Experience developing dashboards or metrics for vulnerability tracking and remediation progress
• Prior experience in a fast-paced, remote-first organization or working across distributed teams
Benefits
• Ownership in what you help build. Every permanent Webflower receives equity (RSUs) in our growing, privately held company.
• Health coverage that actually covers you. Comprehensive medical, dental, and vision plans for full-time employees and their dependents, with Webflow covering most premiums.
• Support for every stage of family life. 12 weeks of paid parental leave for all parents and 6+ weeks of additional paid leave for birthing parents. Plus inclusive care for family planning, menopause, and midlife transitions.
• Time off that’s actually off. Flexible vacation, paid holidays, and a sabbatical program to help you recharge and come back inspired.
• Wellness for the whole you. Access to mental health resources, therapy and coaching.
• Invest in your future. A 401(k) with 100% employer match (up to $6,000/year) in the U.S., and support for retirement savings globally.
• Monthly stipends that flex with your life. Localized support for work and wellness expenses — from Wi-Fi to workouts.
• Bonus for building together. All full-time, permanent, non-commission employees are eligible for our annual WIN bonus program.
Company Overview
• Webflow is a visual web design platform, CMS, and hosting provider for building production websites and prototypes. It is a sub-organization of Gitshock Finance. It was founded in 2013, and is headquartered in San Francisco, California, USA, with a workforce of 501-1000 employees. Its website is http://www.webflow.com.
Company H1B Sponsorship
• Webflow has a track record of offering H1B sponsorships, with 7 in 2025, 10 in 2024, 4 in 2023, 8 in 2022, 5 in 2021. Please note that this does not guarantee sponsorship for this specific role.