Senior Security Analyst, Vulnerability Management
VantaSalary not specified
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
TechnologyIndustries
Requirements
- Highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes
- Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
- Ability to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
- Experience working with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
- Experience collaborating with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
- Comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
- Pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
- Ability to communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
Responsibilities
- Own the full lifecycle of vulnerability management—visibility, prioritization, and remediation—across a diverse tech stack
- Have a high-leverage impact on Strava’s risk posture by enabling timely, efficient, and measurable patching and hardening efforts
- Build automations and processes that eliminate manual toil and support continuous security improvement
- Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction
- Lead efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems
- Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing
- Partner with Strava engineers and business teams to embed patching and configuration management into daily operations
- Prioritize engineering-focused solutions over manual processes, and continuously seek ways to reduce friction
Skills
vulnerability management
patch management
risk prioritization
remediation
automation
scripting
vulnerability scanning
deduplication
enrichment
configuration management
endpoint security
infrastructure security
SaaS security
Strava
Fitness tracking and social networking platform
About Strava
Strava is a digital platform that allows athletes and fitness enthusiasts to record, track, and analyze their physical activities, offering metrics like speed, pace, and distance. It operates on a freemium model, providing basic services for free while charging for premium features such as advanced training plans and detailed activity breakdowns. Strava distinguishes itself from competitors through its social networking aspect, enabling users to share activities and connect with others, fostering a supportive community. The goal of Strava is to enhance the fitness experience by providing valuable performance insights and encouraging community engagement.
San Francisco, CaliforniaHeadquarters
2009Year Founded
$147.3MTotal Funding
SERIES_FCompany Stage
Consumer Software, Social ImpactIndustries
501-1,000Employees
Benefits
100% company paid benefits for employees and families
Flexible paid time off
$2,000 annual professional development stipend
Paid time off for volunteering
401(k) Plan with company matching
$1000 annual gear stipend
$500 annual gym reimbursement
Onsite fitness rooms with showers, lockers, and towel service
Weekly team workouts
Free yoga classes
Secure bike storage
Twice weekly dinner for those working late
Monthly happy hours
Dog days
Cell phone reimbursement
Snacks & stocked kitchens
Risks
Increased competition from evolving fitness apps may attract users away from Strava.
Over-reliance on partnerships like Apple Fitness may not ensure long-term growth.
Integration with third-party apps could lead to data privacy concerns affecting user trust.
Differentiation
Strava combines fitness tracking with social networking, fostering a unique community experience.
The platform offers a freemium model, attracting a wide range of users globally.
Strava's compatibility with most GPS devices enhances its accessibility and user base.
Upsides
Partnership with Apple Fitness+ expands Strava's reach and user engagement.
Integration with Mibro Fit enhances user experience and social connectivity.
Growing trend of virtual fitness challenges aligns with Strava's community-driven events.
Related Jobs
RemoteRemoteSr. Vulnerability Management Engineer (Remote)
CrowdstrikeSalary not specified
RemoteSenior Security Engineer
BraceSalary not specified
Full Time
Senior (5 to 8 years)
RemoteStaff Endpoint Security Engineer
Included HealthSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Vulnerability Manager
Keeper SecuritySalary not specified
RemoteSr. Vulnerability Detection Engineer (Content) Exposure Management (Re…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSecurity Engineer (Remediation)
VerinextSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSr. Application Security Engineer (Remote)
Rula$155,500 - $183,000/year
- Full Time
- Senior (5 to 8 years)