Senior Engineer, Application and Security Infrastructure

Strava is the app for active people. With over 150 million athletes in more than 185 countries, it's more than tracking workouts—it's where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, Strava's got you covered. Find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today.

This role is on the Strava Security Team, which exists to protect Strava's people, business, and data through integrated, proactive security practices.

We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security.

We follow a flexible hybrid model that translates to more than half your time on-site in our London office— three days per week.

• Are passionate about protecting a platform that supports millions of athletes by ensuring Strava's applications and infrastructure are secure, resilient, and compliant across regions.
• Enjoy working closely with engineering, infrastructure, and security teams to design and implement secure architectures and development practices.
• Will have a high-leverage impact by shaping how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance.
• Are excited to build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen our CI/CD and cloud security controls.
• Will collaborate across Security, Engineering, Legal, and Compliance to ensure that systems, processes, and data handling meet EU regulatory standards and Strava's global security expectations.

• Being highly self-motivated and detail-oriented, with a strong sense of ownership for Strava's regional application and infrastructure security posture.
• Serving as the primary security point of contact for Strava Group in the EU, bridging global strategy with local implementation and compliance.
• Driving secure-by-design practices across engineering teams, including threat modeling, architecture reviews, and vulnerability management.
• Partnering with Engineering and Infrastructure teams to embed automated security checks into CI/CD pipelines and infrastructure-as-code deployments.
• Coordinating regional incident response, vulnerability triage, and remediation validation in partnership with the global security team.

• Bring hands-on experience in application and infrastructure security, including code review, threat modeling, and securing cloud-native environments (AWS preferred).
• Have designed or implemented automated security controls in CI/CD pipelines using tools like Semgrep, Tenable, GHAS, Snyk, or custom scripting.
• Understand how to secure containerized and distributed environments, including Kubernetes, IAM, and network segmentation.
• Are comfortable managing vulnerability management programs end-to-end — from detection and prioritization through engineering remediation.
• Have familiarity with EU security and privacy frameworks (GDPR, NIS2) and know how to apply them pragmatically to cloud infrastructure and data systems.
• Are collaborative and pragmatic — able to influence engineering teams through partnership, technical credibility, and clear communication.
• Communicate proactively and effectively across technical and non-technical stakeholders, ensuring alignment between EU operations and global security strategy.

At Strava, we know our employees are the most important ingredient to our success, and our compensation and total rewards programs reflect that. We take a market-based approach to pay, and pay may vary depending on the department and your location. Salary ranges are categorized into one of three zones based on a cost of labor index for that geographic area. We will determine the candidate's starting pay based on job-related skills, experience, qualifications, work location, and market conditions. We may modify these ranges in the future. For more information, please contact your talent partner.

Compensation: For roles that are based at our offices in London: £93,500 - £110,000. This range reflects base compensation only and does not include equity or benefits. Your recruiter can share more details about the full compensation package during the hiring process.

For more information on benefits, please click here.

Movement brings us together. At Strava, we're building the world's largest community of active people, helping them stay motivated and achieve their goals.

Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you're shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact.

When you join Strava, you're not just joining a company—you're joining a movement. If you're ready to bring your energy, ideas, and drive, let's build something incredible together.

Strava builds software that makes the best part of our athletes' days even better. Just as we're deeply committed to unlocking their potential, we're dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We're backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we're expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.

Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

California Consumer Protection Act Applicant Notice