Senior Vulnerability Management Engineer
About The Position
Strava is the app for active people. With over 150 million athletes in more than 185 countries, it's more than tracking workouts-it's where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, Strava's got you covered. Find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today. This role is on the Strava Security Team, which exists to protect Strava's people, business, and data through integrated, proactive security practices. We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security. We follow a flexible hybrid model that translates to more than half of your time on-site in our San Francisco office - three days per week.
Requirements
- Be highly self-motivated and detail-oriented, with a bias for action and strong ownership of outcomes
- Experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
- Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact-not just CVSS
- Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
- Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
- Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
- Are pragmatic and adaptive-able to troubleshoot blockers and move forward in ambiguous environments
- Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
- Bring experience in vulnerability management, patch engineering, or endpoint hardening at scale in enterprise environments
- Know how to evaluate and act on vulnerability data using context, threat intelligence, and business impact-not just CVSS
- Have worked with tools like Tenable, AWS Inspector, CrowdStrike Spotlight, or similar platforms for risk identification and remediation
- Have collaborated with IT, SRE, and Engineering to implement automated patching, enforce baselines, or manage exceptions responsibly
- Are comfortable scripting in Python, Bash, or similar to automate and integrate remediation workflows
- Are pragmatic and adaptive-able to troubleshoot blockers and move forward in ambiguous environments
- Communicate clearly and proactively, fostering alignment and accountability across teams in a remote, distributed company
Responsibilities
- Own the full lifecycle of vulnerability management-visibility, prioritization, and remediation-across a diverse tech stack
- Have a high-leverage impact on Strava's risk posture by enabling timely, efficient, and measurable patching and hardening efforts
- You're excited to build automations and processes that eliminate manual toil and support continuous security improvement
- Collaborate across Engineering, IT, and Security to align technical execution with real-world risk reduction
- Leading efforts to identify, assess, and remediate vulnerabilities across endpoints, infrastructure, and SaaS systems
- Build scalable processes and automation for vulnerability ingestion, deduplication, enrichment, and routing
- Partner with Strava engineers and business teams to embed patching and configuration management into daily operations
- Prioritize engineering-focused solutions over manual processes, and continuously seeking ways to reduce friction
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Publishing Industries
Education Level
No Education Listed
Number of Employees
251-500 employees
