Senior Infrastructure Security Engineer at Strava

Denver, Colorado, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, FitnessIndustries

Requirements

5+ years of infrastructure engineering experience with at least 3 years focused on security engineering or DevSecOps
Deep expertise in AWS security services (IAM, GuardDuty, Security Hub, WAF, Shield) and cloud security best practices
Strong background in Kubernetes security, including RBAC, network policies, admission controllers, and container security
Proven experience implementing infrastructure-as-code security patterns using Terraform, with expertise in policy-as-code tools
Track record of building security automation and tooling that scales across large engineering organizations
Excellence in cross-team collaboration, with the ability to influence security practices without direct authority
Strong incident response experience and ability to remain calm under pressure during security events
Experience with security scanning tools (Trivy, Snyk, SonarQube) and vulnerability management workflows

Responsibilities

Design and implement security controls across Strava's cloud infrastructure, including network segmentation, IAM policies, and data protection mechanisms
Lead security initiatives for the Foundation Team, conducting threat modeling, security reviews, and risk assessments for infrastructure changes
Build and maintain security automation tools that enable engineering teams to deploy securely by default
Partner with engineering teams to integrate security best practices into CI/CD pipelines and infrastructure-as-code workflows
Respond to security incidents, perform root cause analysis, and implement preventive measures to strengthen our security posture
Develop and maintain security monitoring, alerting, and response systems using SIEM and cloud-native security tools
Drive compliance initiatives, ensuring infrastructure meets SOC2, GDPR, and other regulatory requirements
Collaborate with the security team to implement zero-trust architecture and strengthen our defense-in-depth strategy
Participate in on-call rotations and mentor other engineers on security best practices

Skills

Key technologies and capabilities for this role

KubernetesCloud InfrastructureNetwork SegmentationIAM PoliciesData ProtectionSecurity Controls

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

Strava follows a flexible hybrid model that requires more than half your time on-site in the Denver office, specifically three days per week.

What experience is required for this position?

The role requires 5+ years of infrastructure engineering experience.

What is the salary range for this role?

This information is not specified in the job description.

What does the Foundation Team do at Strava?

The Foundation Team is the backbone of Strava's engineering organization, providing the secure infrastructure, tools, and frameworks that power every feature.

What makes a strong candidate for this Senior Infrastructure Security Engineer role?

A strong candidate will have 5+ years of infrastructure engineering experience and skills in areas like Kubernetes, cloud infrastructure, security automation, threat modeling, CI/CD integration, and incident response.

Strava

Fitness tracking and social networking platform

About Strava

Strava is a digital platform that allows athletes and fitness enthusiasts to record, track, and analyze their physical activities, offering metrics like speed, pace, and distance. It operates on a freemium model, providing basic services for free while charging for premium features such as advanced training plans and detailed activity breakdowns. Strava distinguishes itself from competitors through its social networking aspect, enabling users to share activities and connect with others, fostering a supportive community. The goal of Strava is to enhance the fitness experience by providing valuable performance insights and encouraging community engagement.

San Francisco, CaliforniaHeadquarters

2009Year Founded

$147.3MTotal Funding

SERIES_FCompany Stage

Consumer Software, Social ImpactIndustries

501-1,000Employees

Benefits

100% company paid benefits for employees and families

Flexible paid time off

$2,000 annual professional development stipend

Paid time off for volunteering

401(k) Plan with company matching

$1000 annual gear stipend

$500 annual gym reimbursement

Onsite fitness rooms with showers, lockers, and towel service

Weekly team workouts

Free yoga classes

Secure bike storage

Twice weekly dinner for those working late

Monthly happy hours

Dog days

Cell phone reimbursement

Snacks & stocked kitchens

Risks

Increased competition from evolving fitness apps may attract users away from Strava.

Over-reliance on partnerships like Apple Fitness may not ensure long-term growth.

Integration with third-party apps could lead to data privacy concerns affecting user trust.

Differentiation

Strava combines fitness tracking with social networking, fostering a unique community experience.

The platform offers a freemium model, attracting a wide range of users globally.

Strava's compatibility with most GPS devices enhances its accessibility and user base.

Upsides

Partnership with Apple Fitness+ expands Strava's reach and user engagement.

Integration with Mibro Fit enhances user experience and social connectivity.

Growing trend of virtual fitness challenges aligns with Strava's community-driven events.

Land your dream remote job 3x faster with AI

Try Jobo Free