Security Architect
EarnestSalary not specified
Full Time
Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Technology, FitnessIndustries
Requirements
- Hands-on experience in application and infrastructure security, including code review, threat modeling, and securing cloud-native environments (AWS preferred)
- Designed or implemented automated security controls in CI/CD pipelines using tools like Semgrep, Tenable, GHAS, Snyk, or custom scripting
- Understand how to secure containerized and distributed environments, including Kubernetes, IAM, and network segmentation
- Comfortable managing vulnerability management programs end-to-end—from detection and prioritization through engineering remediation
- Familiarity with EU security and privacy frameworks (GDPR, NIS2) and know how to apply them pragmatically to cloud infrastructure and data systems
- Collaborative and pragmatic—able to influence engineering teams through partnership, technical credibility, and clear communication
- Communicate proactively and effectively across technical and non-technical stakeholders, ensuring alignment between EU operations and global security strategy
- Highly self-motivated and detail-oriented, with a strong sense of ownership
Responsibilities
- Protect Strava’s applications and infrastructure by ensuring they are secure, resilient, and compliant across regions
- Work closely with engineering, infrastructure, and security teams to design and implement secure architectures and development practices
- Shape how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance
- Build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen CI/CD and cloud security controls
- Collaborate across Security, Engineering, Legal, and Compliance to ensure systems, processes, and data handling meet EU regulatory standards and Strava’s global security expectations
- Serve as the primary security point of contact for Strava Group in the EU, bridging global strategy with local implementation and compliance
- Drive secure-by-design practices across engineering teams, including threat modeling, architecture reviews, and vulnerability management
- Partner with Engineering and Infrastructure teams to embed automated security checks into CI/CD pipelines and infrastructure-as-code deployments
- Coordinate regional incident response, vulnerability triage, and remediation validation in partnership with the global security team
Skills
Application Security
Infrastructure Security
Vulnerability Management
CI/CD Security
Cloud Security
Secure Architecture
Compliance
Incident Response
Automated Workflows
EU Regulations
Strava
Fitness tracking and social networking platform
About Strava
Strava is a digital platform that allows athletes and fitness enthusiasts to record, track, and analyze their physical activities, offering metrics like speed, pace, and distance. It operates on a freemium model, providing basic services for free while charging for premium features such as advanced training plans and detailed activity breakdowns. Strava distinguishes itself from competitors through its social networking aspect, enabling users to share activities and connect with others, fostering a supportive community. The goal of Strava is to enhance the fitness experience by providing valuable performance insights and encouraging community engagement.
San Francisco, CaliforniaHeadquarters
2009Year Founded
$147.3MTotal Funding
SERIES_FCompany Stage
Consumer Software, Social ImpactIndustries
501-1,000Employees
Benefits
100% company paid benefits for employees and families
Flexible paid time off
$2,000 annual professional development stipend
Paid time off for volunteering
401(k) Plan with company matching
$1000 annual gear stipend
$500 annual gym reimbursement
Onsite fitness rooms with showers, lockers, and towel service
Weekly team workouts
Free yoga classes
Secure bike storage
Twice weekly dinner for those working late
Monthly happy hours
Dog days
Cell phone reimbursement
Snacks & stocked kitchens
Risks
Increased competition from evolving fitness apps may attract users away from Strava.
Over-reliance on partnerships like Apple Fitness may not ensure long-term growth.
Integration with third-party apps could lead to data privacy concerns affecting user trust.
Differentiation
Strava combines fitness tracking with social networking, fostering a unique community experience.
The platform offers a freemium model, attracting a wide range of users globally.
Strava's compatibility with most GPS devices enhances its accessibility and user base.
Upsides
Partnership with Apple Fitness+ expands Strava's reach and user engagement.
Integration with Mibro Fit enhances user experience and social connectivity.
Growing trend of virtual fitness challenges aligns with Strava's community-driven events.
Related Jobs
RemoteRemoteSecurity Engineer, Product Security
Chainlink LabsSalary not specified
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteSenior Application Security Engineer
M&T BankSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSecurity Engineer, Infrastructure Security
OpenAI$292,500 - $405,000/year
- Full Time
- Junior (1 to 2 years)
RemoteSecurity Engineer, Cloud Security
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteSenior Site Reliability Engineer (Security Clearance)
Red Cell PartnersSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Backend Engineer, Secure Policy (US/Canada Eastern or European …
Docker€113,200 - €155,700/year
- Full Time
- Senior (5 to 8 years)
RemoteApplication Security Lead
Accurate BackgroundSalary not specified
- Full Time
- Expert & Leadership (9+ years)