About the Role
Millions of people are motivated by Strava every day. Our goal is to be the home of their athletic lives, capturing their activities, inspiring them every day, and making every activity count. As a Security Engineer at Strava, you will join our Platform team as a founding member of our security function to build the systems and services that ensure the security of our customers' valuable data and our mobile, web, and backend applications. In this role, you will work across the breadth of Strava's backend systems including services for social features, services that interact with our geo data and many others. You will improve the security of existing services and design new ones to support our Product engineering teams building new products that are secure by default. You will support short-term feature velocity while also planning and executing longer-term security initiatives.
You are excited about this role because you will:
* Have great impact on Strava as it continues to grow by ensuring the security and integrity of Athlete and business partner data
* Deeply integrate with product teams to evaluate and define the necessary security properties of new and existing features
* Enable a culture of secure-by-default across the company
You will be successful here by:
* Demonstrating empathy for your fellow engineers by listening to the tradeoffs they face, the goals they have, and the struggles they face when integrating with the feature you build
* Being a security subject matter expert in applying adversarial tools and techniques via a safe and controlled manner; and to deliver concise presentations and recommendations
* Displaying craftsmanship especially when building or implementing open source and third party tools to support detection, prevention and analysis of current and future security threats
* Conducting penetration tests against our production customer-facing applications and our cloud infrastructure
* Acting as a member of on-call and staying abreast of emerging threats and trends in the industry in order to hunt threats while partnering with other teams during Incident Response
* Finding creative ways to educate and influence teams to reduce risk through small, easy to understand, changes which improve the overall security stance of Strava
We're excited about you because you have experience with:
* Building security-centric services in a production environment (using some combination of Ruby, Java, Scala, Go, Python etc)
* Using, implementing and owning security best-practices in a programmatic way within a cloud provider environment
* Planning and executing some mixture of white and black box testing and security evaluation of production systems, both individually and with external security teams
We'd love to talk to you about the future of Strava's core technologies and your role in developing and securing them. Please take a look at the links below to learn about the exciting work we are doing.
* The Engineering Blog covers a wide range of topics, from how we rebuilt our leaderboard systems to how we have refined our interview process.
* Strava Labs shows off some of our R+D efforts, and gives a sense of the power and scale of Strava's datasets.
Strava is Swedish for "strive," which epitomizes our attitude and ambition: We're a passionate and committed team, unified by our mission to build the most engaged community of athletes in the world. Every day, we're searching for new ways to inspire athletes and make the sports they love even more fun. But it's not only about achieving - we're an inclusive team, dedicated to elevating each other and the members of our community. That balanced approach has helped us revolutionize our industry, and we're just getting started. Millions of athletes are on Strava, millions more will come. When you're ready for a challenge and a team that will support you along the way, join us.
Backed by Sequoia Capital, Madrone Partners, Jackson Square Ventures, and Go4it, Strava is expanding in order to exceed the needs of our growing community of global athletes. By joining our team, you will help push Strava forward in fresh, innovative ways. You will engage in interesting and challenging work that will improve the lives of our athletes every day. And in the same way that Strava is deeply committed to unlocking the potential of our athletes, we are dedicated to providing a world-class workplace where our employees can grow and thrive. Join us!
Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.
Strava is a company that operates an online network that connects the global community of athletes.