Software Security Engineer
San Francisco, CA, Denver, CO, Remote (USA)
StravaDesigned by athletes, for athletes, Strava’s mobile app and website connect millions of runners and cyclists through the sports they love.
About This Role
Strava is the leading social platform for athletes and the largest sports community in the world, with over 85 million athletes in 195 countries. If you sweat you’re an athlete, and Strava’s mobile apps and website connect millions of active people every day!
This role is on the Strava Security Engineering Team, the team that secures our athletes’ experiences on Strava. Strava users upload roughly 40 million activities per week, for a lifetime total of over 5 billion activities handled by our systems. The Security Engineering team strives to exceed our athletes’ expectations for security, privacy, trust, and safety throughout their experience.
We are a team that partners with other teams at Strava including engineering, product, privacy, legal, and others to serve our community of athletes. To protect our athletes, we look to build security into the code created and consumed by all engineering teams at Strava. We want to use modern secure coding practices, continuously educate our developers, safely consume open source software, and create assurance when incorporating 3rd party APIs and services. These practices also need to support our development velocity as a growth oriented company, and align with our mission & values.
You’re excited about this opportunity because you will:
Secure & scale software security for all the code that makes Strava possible
Design software security models & processes that empower your engineering colleagues, providing them the foundations to deliver secure products.
Find mentorship and growth opportunities with more experienced engineers on your team and beyond.
You will be successful here by:
Demonstrating empathy for other engineers and thinking about how you can empower them to build a secure platform with a safety net that helps them
Having an eye for detail and thoroughness, as you will work on the most important production systems at Strava.
Displaying ownership of your work by managing to balance security, developer experience, and an ever changing risk landscape
We’re excited about you because you:
Have a passion for the security, reliability, scalability, and usability of what all our engineers create.
Own your work, from identifying & prioritizing software security issues, to implementing automated scalable solutions, and supporting developer experience in the process.
Love working with developers, and helping them build their best code
Are security-minded when developing and working on systems, and able to share that passion with others who may not have a security background
Some of our Technical Expectations
We’re not looking for 100% coverage; if you have experience in any of these technologies, we’d love to hear from you:
Experience with at least one programming language such as Ruby, Scala, Python, or Java
Experience with secure coding, OWASP Top Ten, CWE/SANS Top 25, etc.
Experience working with both security professionals AND developers
Familiar with application security tools such as static analyzers, dynamic analyzers, fuzzing, dependency analysis, etc.
Strava is Swedish for “strive,” which epitomizes who we are and what we do. We’re a passionate and committed team, unified by our mission to connect athletes to what motivates them and help them find their personal best. And with billions of activity uploads from all over the world, we have a humbling and audacious vision: to be the record of the world’s athletic activities and the technology that makes every effort count.
Strava builds software that makes the best part of our athletes’ days even better. And just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community – we are continuously striving to hire and engage diverse teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.
In light of the global pandemic, Strava is currently working in a fully remote capacity. As always, we remain committed to fully supporting our employees, especially their mental health and wellbeing, through these challenging times. Despite challenges in the world around us, we are continuing to grow camaraderie and positivity within our culture and we are unified in our commitment to becoming an antiracist company. We are differentiated by our truly people-first approach, our compassionate leadership, and our belief that we can bring joy and inspiration to athletes’ lives — now more than ever. All to say, it’s a great time to join Strava!
Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
For more information on compensation and benefits, please click here.
Explore more Information Security career opportunities
- Open Vulnerability Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Staff Security Engineer jobs
- Open IT Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Senior Incident Response Analyst jobs
- Open Personnel Security Officer jobs
- Open SOC Analyst jobs
- Open Information Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Sr. Product Security Engineer jobs
- Open IAM Engineer jobs
- Open Information Security Officer jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Staff Engineer, Cloud Security jobs
- Open Azure Security Engineer jobs
- Open Privacy Manager jobs
- Open Software Security Engineer jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open IDS-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Encryption-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open IPS-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open Cryptography-related jobs
- Open DNS-related jobs
- Open TCP/IP-related jobs