Senior Engineer, Application and Security Infrastructure

About Strava

Strava is the app for active people. With over 180 million athletes in more than 185 countries, it’s more than tracking workouts—it’s where people make progress together, from new habits to new personal bests. No matter your sport or how you track it, Strava’s got you covered. Find your crew, crush your goals, and make every effort count. Start your journey with Strava today. Our mission is simple: to motivate people to live their best active lives. We believe in the power of movement to connect and drive people forward.

About This Role

This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices. We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security. We follow a flexible hybrid model that translates to more than half your time on-site in our London office—three days per week.

What You’ll Do:

• Are passionate about protecting a platform that supports millions of athletes by ensuring Strava’s applications and infrastructure are secure, resilient, and compliant across regions.
• Enjoy working closely with engineering, infrastructure, and security teams to design and implement secure architectures and development practices.
• Will have a high-leverage impact by shaping how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance.
• Are excited to build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen our CI/CD and cloud security controls.
• Will collaborate across Security, Engineering, Legal, and Compliance to ensure that systems, processes, and data handling meet EU regulatory standards and Strava’s global security expectations.

You Will Be Successful Here By:

• Being highly self-motivated and detail-oriented, with a strong sense of ownership for Strava’s regional application and infrastructure security posture.
• Serving as the primary security point of contact for Strava Group in the EU, bridging global strategy with local implementation and compliance.
• Driving secure-by-design practices across engineering teams, including threat modeling, architecture reviews, and vulnerability management.
• Partnering with Engineering and Infrastructure teams to embed automated security checks into CI/CD pipelines and infrastructure-as-code deployments.
• Coordinating regional incident response, vulnerability triage, and remediation validation in partnership with the global security team.

What You’ll Bring to the Team:

• Bring hands-on experience in application and infrastructure security, including code review, threat modeling, and securing cloud-native environments (AWS preferred).
• Have designed or implemented automated security controls in CI/CD pipelines using tools like Semgrep, Tenable, GHAS, Snyk, or custom scripting.
• Understand how to secure containerized and distributed environments, including Kubernetes, IAM, and network segmentation.
• Are comfortable managing vulnerability management programs end-to-end—from detection and prioritization through engineering remediation.
• Have familiarity with EU security and privacy frameworks (GDPR, NIS2) and know how to apply them pragmatically to cloud infrastructure and data systems.
• Are collaborative and pragmatic—able to influence engineering teams through partnership, technical credibility, and clear communication.
• Communicate proactively and effectively across technical and non-technical stakeholders, ensuring alignment between EU operations and global security strategy.

Why Join Us?

Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals. Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact. When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together. Strava builds software that makes the best part of our athletes’ days even better. Just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too.

We’re backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together. Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Compensation Range: £93.5K - £110K