← All work

Security Engineering at Webflow

Lead Security Engineering: software supply-chain defense, cloud and container vulnerability management, and the endpoint and detection stack (EDR, MDM, SIEM).

Role
Senior Manager, Security Engineering
Year
2025 to Present
Stack
Supply-Chain Security · Container Patching · CSPM · EDR · MDM · SIEM

The problem

Modern teams ship fast on open-source and cloud infrastructure, which is exactly where attackers now aim: poisoned npm and PyPI packages, vulnerable container base images, and exposed credentials.

What I lead

  • Lead Webflow’s Security Engineering function across software supply-chain security, cloud and container posture, vulnerability management, and the endpoint and detection stack.
  • Strengthened the core security tooling end to end: EDR for endpoint detection and response, MDM for fleet and device control, and SIEM / log observability, including automated alert triage and a pipeline that centralizes security and bot-protection logs.
  • Drove a fleet-wide container vulnerability reduction program built on continuous base-image patching and hardened images, backed by cloud security posture management (CSPM).
  • Rolled out org-wide supply-chain defense that blocks malicious packages at install time and automatically investigates new advisories, through a stretch of near-weekly attacks.
  • Built software composition analysis and automation that routes findings to the teams that own them and files tickets with ready-to-apply fixes.

Outcome

  • Fleet container vulnerabilities cut by more than 90%.
  • Malicious packages blocked before they reach a build, across the engineering org.
  • Faster, automated detection, response, and vulnerability triage across the security stack.