Apply on Employer Site

Strava · 2 months ago

Senior Vulnerability Management Engineer

San Francisco, CA

Full-time

Onsite

Senior Level

$212K/yr - $248K/yr

Strava is the app for active people, supporting over 150 million athletes globally. The Senior Vulnerability Management Engineer will be responsible for managing the full lifecycle of vulnerability management and collaborating across teams to improve Strava's security posture.

AppsFitnessInternetMobileSocial NetworkSports

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

Own the full lifecycle of vulnerability management—visibility, prioritization, and remediation—across a diverse tech stack

Have a high-leverage impact on Strava’s risk posture by enabling timely, efficient, and measurable patching and hardening efforts

You're excited to build automations and processes that eliminate manual toil and support continuous security improvement

Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction

Leading efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems

Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing

Partner with Strava engineers and business teams to embed patching and configuration management into daily operations

Prioritize engineering-focused solutions over manual processes, and continuously seeking ways to reduce friction

Qualification

Vulnerability managementPatch engineeringEndpoint hardeningRisk identification toolsScripting in PythonScripting in BashCollaboration with ITCollaboration with SRECollaboration with EngineeringProactive accountabilityClear communication

Required

Be highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes

Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments

Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact—not just CVSS

Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation

Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly

Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows

Are pragmatic and adaptive—able to troubleshoot blockers and move forward in ambiguous environments

Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company

Company

Strava

Glassdoor4.1

Strava is a social fitness app that tracks running, cycling, and workouts, connecting athletes.

Founded in 2009

San Francisco, California, USA

201-500 employees

http://www.strava.com

H1B Sponsorship

Strava has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (14)

2024 (5)

2023 (4)

2022 (6)

2021 (12)

2020 (1)

Funding

Current Stage

Late Stage

Total Funding

$151.85M

Key Investors

Sequoia CapitalJackson Square VenturesMadrone Capital Partners

2025-05-22Series Unknown

2025-05-22Debt Financing

2020-11-17Series F· $110M

Leadership Team

Michael Martin

CEO & Board Member

Rob Terrell

Chief Technology Officer

Recent News

Android Central

Strava challenged Garmin and Fitbit with personalized Instant Workouts, and I'm intrigued

2026-01-11

PR Newswire

Tech Industry Leader Barry McCarthy Joins Strava Board of Directors

2026-01-11

TradingView

Barry Mccarthy Joins Strava Board Of Directors

2026-01-11

Company data provided by crunchbase