Senior Infrastructure Security Engineer

About This Role

Strava is the app for active people. With over 150 million athletes in more than 185 countries, Strava is where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, we help you find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today.

Our mission is simple: to motivate people to live their best active lives. We believe in the power of movement to connect and drive people forward.

At Strava, we protect the infrastructure that powers millions of athletes' journeys. As a Senior Infrastructure Security Engineer on the Foundation Team, you'll be the guardian of our platform—building security into every layer of our infrastructure while enabling teams to move fast and innovate fearlessly. You'll balance security excellence with developer velocity, ensuring our platform remains both impenetrable and performant.

The Foundation Team is the backbone of Strava's engineering organization, providing the secure infrastructure, tools, and frameworks that power every feature our athletes love. In this role, you'll embed security into the foundation of our platform—from hardening our Kubernetes clusters and cloud infrastructure to building automated security guardrails that make the secure path the easy path for developers.

By architecting security solutions that scale, you'll protect the data of 150+ million athletes while enabling product teams to ship features with confidence. You'll be both a builder and a defender—creating tools that empower engineers, responding to emerging threats, and partnering with teams across Strava to weave security into our engineering DNA.

We follow a flexible hybrid model that translates to more than half your time on-site in our Denver office — three days per week.

What You'll Do:

• Design and implement security controls across Strava's cloud infrastructure, including network segmentation, IAM policies, and data protection mechanisms
• Lead security initiatives for the Foundation Team, conducting threat modeling, security reviews, and risk assessments for infrastructure changes
• Build and maintain security automation tools that enable engineering teams to deploy securely by default
• Partner with engineering teams to integrate security best practices into CI/CD pipelines and infrastructure-as-code workflows
• Respond to security incidents, perform root cause analysis, and implement preventive measures to strengthen our security posture
• Develop and maintain security monitoring, alerting, and response systems using SIEM and cloud-native security tools
• Drive compliance initiatives, ensuring infrastructure meets SOC2, GDPR, and other regulatory requirements
• Collaborate with the security team to implement zero-trust architecture and strengthen our defense-in-depth strategy
• Participate in on-call rotations and mentor other engineers on security best practices

What You'll Bring to the Team:

• 5+ years of infrastructure engineering experience with at least 3 years focused on security engineering or DevSecOps
• Deep expertise in AWS security services (IAM, GuardDuty, Security Hub, WAF, Shield) and cloud security best practices
• Strong background in Kubernetes security, including RBAC, network policies, admission controllers, and container security
• Proven experience implementing infrastructure-as-code security patterns using Terraform, with expertise in policy-as-code tools
• Track record of building security automation and tooling that scales across large engineering organizations
• Excellence in cross-team collaboration, with the ability to influence security practices without direct authority
• Strong incident response experience and ability to remain calm under pressure during security events

Some of our Technical Expectations:

We're not looking for 100% coverage; if you match any of these qualifications, we'd love to hear from you:

• Experience with security scanning tools (Trivy, Snyk, SonarQube) and vulnerability management workflows
• Experience in secrets management solutions (HashiCorp Vault, AWS Secrets Manager) and PKI infrastructure
• Experience with SIEM platforms (Splunk, Datadog Security, Elastic Security) and security orchestration
• Strong knowledge of network security including VPC design, service mesh (Istio), and zero-trust networking
• Familiarity with compliance frameworks and experience with security audits (SOC2, ISO 27001, PCI-DSS)

Compensation Overview:

At Strava, we know our employees are the most important ingredient to our success, and our compensation and total rewards programs reflect that. We take a market-based approach to pay, and pay may vary depending on the department and your location. Salary ranges are categorized into one of three zones based on a cost of labor index for that geographic area. We will determine the candidate’s starting pay based on job-related skills, experience, qualifications, work location, and market conditions. We may modify these ranges in the future. For more information, please contact your talent partner.

Compensation: $150,000 - $167,000. This range reflects base compensation only and does not include equity or benefits. Your recruiter can share more details about the full compensation package during the hiring process.

For more information on benefits, please click here.

Why Join Us?

Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals.

Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact.

When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together.

Strava builds software that makes the best part of our athletes’ days even better. Just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.

Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

California Consumer Protection Act Applicant Notice