Strava
Senior Vulnerability Management Engineer
Strava, San Francisco, California, United States, 94199
Strava is the app for active people. With over 150 million athletes in more than 185 countries, Strava is where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, we help you find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today.
Our mission is simple: to motivate people to live their best active lives. We believe in the power of movement to connect and drive people forward.
About this role
This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices. We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security. We follow a flexible hybrid model that translates to more than half of your time on-site in our San Francisco office — three days per week. What You’ll Do:
You are passionate about securing a platform that supports millions of athletes and their data every day
Own the full lifecycle of vulnerability management—visibility, prioritization, and remediation—across a diverse tech stack
Have a high-leverage impact on Strava’s risk posture by enabling timely, efficient, and measurable patching and hardening efforts
You're excited to build automations and processes that eliminate manual toil and support continuous security improvement
Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction
Leading efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems
Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing
Partner with Strava engineers and business teams to embed patching and configuration management into daily operations
Prioritize engineering-focused solutions over manual processes, and continuously seeking ways to reduce friction
You Will Be Successful Here By:
Be highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes
Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
Are pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
What You’ll Bring to the Team:
Bring experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
Are pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
For more information on benefits, please click here. Why Join Us?
Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals. Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact. When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together. Strava builds software that makes the best part of our athletes’ days even better. Just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together. Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
#J-18808-Ljbffr
This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices. We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security. We follow a flexible hybrid model that translates to more than half of your time on-site in our San Francisco office — three days per week. What You’ll Do:
You are passionate about securing a platform that supports millions of athletes and their data every day
Own the full lifecycle of vulnerability management—visibility, prioritization, and remediation—across a diverse tech stack
Have a high-leverage impact on Strava’s risk posture by enabling timely, efficient, and measurable patching and hardening efforts
You're excited to build automations and processes that eliminate manual toil and support continuous security improvement
Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction
Leading efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems
Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing
Partner with Strava engineers and business teams to embed patching and configuration management into daily operations
Prioritize engineering-focused solutions over manual processes, and continuously seeking ways to reduce friction
You Will Be Successful Here By:
Be highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes
Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
Are pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
What You’ll Bring to the Team:
Bring experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS
Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
Are pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments
Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
For more information on benefits, please click here. Why Join Us?
Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals. Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact. When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together. Strava builds software that makes the best part of our athletes’ days even better. Just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together. Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
#J-18808-Ljbffr