Senior Engineer, Application and Security Infrastructure

London, UK

Strava is the app for active people. With over 150 million athletes in more than 185 countries, it’s more than tracking workouts—it’s where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, Strava’s got you covered. Find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today.

This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices.

We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security.

We follow a flexible hybrid model that translates to more than half your time on-site in our London office— three days per week.

• Passionate about protecting a platform that supports millions of athletes by ensuring Strava’s applications and infrastructure are secure, resilient, and compliant across regions.
• Work closely with engineering, infrastructure, and security teams to design and implement secure architectures and development practices.
• Have a high-leverage impact by shaping how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance.
• Build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen our CI/CD and cloud security controls.
• Collaborate across Security, Engineering, Legal, and Compliance to ensure that systems, processes, and data handling meet EU regulatory standards and Strava’s global security expectations.

• Being highly self-motivated and detail-oriented, with a strong sense of ownership for Strava’s regional application and infrastructure security posture.
• Serving as the primary security point of contact for Strava Group in the EU, bridging global strategy with local implementation and compliance.
• Driving secure-by-design practices across engineering teams, including threat modeling, architecture reviews, and vulnerability management.
• Partnering with Engineering and Infrastructure teams to embed automated security checks into CI/CD pipelines and infrastructure-as-code deployments.
• Coordinating regional incident response, vulnerability triage, and remediation validation in partnership with the global security team.

• Hands‑on experience in application and infrastructure security, including code review, threat modeling, and securing cloud‑native environments (AWS preferred).
• Designed or implemented automated security controls in CI/CD pipelines using tools like Semgrep, Tenable, GHAS, Snyk, or custom scripting.
• Understanding of securing containerized and distributed environments, including Kubernetes, IAM, and network segmentation.
• Comfortable managing vulnerability management programs end‑to‑end— from detection and prioritization through engineering remediation.
• Familiarity with EU security and privacy frameworks (GDPR, NIS2) and ability to apply them pragmatically to cloud infrastructure and data systems.
• Collaborative and pragmatic— able to influence engineering teams through partnership, technical credibility, and clear communication.
• Effective communication across technical and non‑technical stakeholders, ensuring alignment between EU operations and global security strategy.

For roles that are based at our offices in London: £93,500 - £110,000. This range reflects base compensation only and does not include equity or benefits.

Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals.

Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact.

When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together.

Strava builds software that makes the best part of our athletes’ days even better. We’re dedicated to providing a world‑class, inclusive workplace where our employees can grow and thrive. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.

Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions—including hiring, evaluation, termination, promotion and training opportunities—without regard race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy‑related condition, marital status, height and/or weight.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.