Security Engineer • Senior

Who you are

You have 5+ years of experience in security engineering, focusing on application and infrastructure security — you've designed and implemented secure architectures that protect sensitive data and ensure compliance across various regions. Your expertise in AWS, Docker, and Kubernetes allows you to build resilient systems that can withstand security threats while maintaining performance.

You are proficient in programming languages such as Python and have experience with automation tools like Terraform — you enjoy creating automated workflows that identify vulnerabilities early and enforce secure configurations. Your understanding of CI/CD processes enables you to integrate security practices seamlessly into the development lifecycle.

You have a strong background in incident response and vulnerability management — you thrive in high-pressure situations where quick and accurate remediation is crucial. Your ability to collaborate with engineering, infrastructure, and security teams ensures that security is a shared responsibility across the organization.

You are knowledgeable about network security principles and application security best practices — you stay updated on the latest security trends and threats, allowing you to proactively address potential risks. Your analytical mindset helps you assess security controls and recommend improvements based on industry standards.

Desirable

Experience with cloud security controls and governance frameworks is a plus — you understand the complexities of managing security in cloud environments and can navigate compliance requirements effectively. Familiarity with security tools such as Burp Suite and OWASP guidelines enhances your ability to identify and mitigate vulnerabilities.

What you'll do

In this role, you will be part of the Strava Security Team, dedicated to protecting the platform that supports millions of athletes — your work will directly impact the security and integrity of Strava’s applications and infrastructure. You will collaborate closely with engineering and infrastructure teams to design and implement secure architectures that align with business goals.

You will shape how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance — your insights will help drive security initiatives that enhance the overall security posture of the organization. You will build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen our CI/CD and cloud security controls.

You will participate in incident response activities, leading investigations and coordinating remediation efforts — your expertise will be invaluable in minimizing the impact of security incidents and ensuring compliance with regulatory requirements. You will also conduct security assessments and audits to evaluate the effectiveness of existing security controls and recommend enhancements.

What we offer

Strava offers a flexible hybrid work model, allowing you to spend more than half your time on-site in our London office — this balance fosters collaboration while providing the flexibility to work from home. You will be part of a dynamic team that values innovation and encourages professional growth.

We provide competitive compensation and benefits, including opportunities for continuous learning and development — we believe in investing in our employees to help them reach their full potential. Join us in our mission to connect and motivate athletes around the world while ensuring their data and experiences are secure.