Senior Vulnerability Management Engineer at Strava

San Francisco, California, United States

Apply Now

Not SpecifiedCompensation

Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

TechnologyIndustries

Requirements

Highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes
Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
Ability to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
Experience working with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
Experience collaborating with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
Comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
Pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
Ability to communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company

Responsibilities

Own the full lifecycle of vulnerability management—visibility, prioritization, and remediation—across a diverse tech stack
Have a high-leverage impact on Strava’s risk posture by enabling timely, efficient, and measurable patching and hardening efforts
Build automations and processes that eliminate manual toil and support continuous security improvement
Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction
Lead efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems
Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing
Partner with Strava engineers and business teams to embed patching and configuration management into daily operations
Prioritize engineering-focused solutions over manual processes, and continuously seek ways to reduce friction

Skills

Key technologies and capabilities for this role

vulnerability managementpatch managementrisk prioritizationremediationautomationscriptingvulnerability scanningdeduplicationenrichmentconfiguration managementendpoint securityinfrastructure securitySaaS security

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

The role follows a flexible hybrid model that generally translates to around half your time on-site in the San Francisco office—roughly three days per week.

What salary information is provided for this position?

This information is not specified in the job description.

What key skills and experience are required for this role?

Required experience includes vulnerability management, patch engineering, or endpoint hardening at scale; working with tools like Tenable, AWS Inspector, or CrowdStrike Spotlight; scripting in Python, Bash, or similar; and collaboration with IT, SRE, and Engineering teams.

What is the company culture like for the Security Team at Strava?

The Security Team protects Strava’s people, business, and data through integrated, proactive security practices, working across all security domains in a remote, distributed company with clear communication and collaboration.

What makes a strong candidate for this Senior Vulnerability Management Engineer role?

Strong candidates are highly self-motivated, detail-oriented with a bias for action, experienced in vulnerability management at scale, skilled in automation with Python or Bash, and excel at cross-team collaboration in ambiguous environments.

Strava

Fitness tracking and social networking platform

About Strava

Strava is a digital platform that allows athletes and fitness enthusiasts to record, track, and analyze their physical activities, offering metrics like speed, pace, and distance. It operates on a freemium model, providing basic services for free while charging for premium features such as advanced training plans and detailed activity breakdowns. Strava distinguishes itself from competitors through its social networking aspect, enabling users to share activities and connect with others, fostering a supportive community. The goal of Strava is to enhance the fitness experience by providing valuable performance insights and encouraging community engagement.

San Francisco, CaliforniaHeadquarters

2009Year Founded

$147.3MTotal Funding

SERIES_FCompany Stage

Consumer Software, Social ImpactIndustries

501-1,000Employees

Benefits

100% company paid benefits for employees and families

Flexible paid time off

$2,000 annual professional development stipend

Paid time off for volunteering

401(k) Plan with company matching

$1000 annual gear stipend

$500 annual gym reimbursement

Onsite fitness rooms with showers, lockers, and towel service

Weekly team workouts

Free yoga classes

Secure bike storage

Twice weekly dinner for those working late

Monthly happy hours

Dog days

Cell phone reimbursement

Snacks & stocked kitchens

Risks

Increased competition from evolving fitness apps may attract users away from Strava.

Over-reliance on partnerships like Apple Fitness may not ensure long-term growth.

Integration with third-party apps could lead to data privacy concerns affecting user trust.

Differentiation

Strava combines fitness tracking with social networking, fostering a unique community experience.

The platform offers a freemium model, attracting a wide range of users globally.

Strava's compatibility with most GPS devices enhances its accessibility and user base.

Upsides

Partnership with Apple Fitness+ expands Strava's reach and user engagement.

Integration with Mibro Fit enhances user experience and social connectivity.

Growing trend of virtual fitness challenges aligns with Strava's community-driven events.

Land your dream remote job 3x faster with AI

Try Jobo Free