Risk & Compliance Analyst

Save to Kiter
What Strava is looking for in applicants

About This Role

Strava is the leading social platform for athletes and the largest sports community in the world, with over 85 million athletes in 195 countries. If you sweat you’re an athlete, and Strava’s mobile apps and website connect millions of active people every day!

This role is on the Strava Security Engineering Team, the team that secures our athletes’ experiences on Strava. Strava users upload roughly 40 million activities per week, for a lifetime total of over 5 billion activities handled by our systems. The Security Engineering team strives to exceed our athletes’ expectations for security, privacy, trust, and safety throughout their experience.

We are a team that partners with other teams at Strava including engineering, product, privacy, legal, and others to serve our community of athletes. To protect our athletes, we look to analyze and prioritize multiple data streams of threat, vulnerability, risk, and compliance concerns. These come from a mixture of tools & technologies, and need to be triaged & prioritized before working with engineering & product teams to plan remediation and next steps. A primary goal is to contextualize these relative to our athletes’ expectations and Strava’s company goals. The entire process must support our development velocity as a growth oriented company, and align with our mission & values.


You’re excited about this opportunity because you will:

  • Build a better Strava that delights athletes while reducing information security risks to them

  • Secure and scale our threat, vulnerability, and risk management to Strava’s growth as a company

  • Design models and processes to support security at scale

  • Find mentorship and growth opportunities with more experienced engineers on your team and beyond.


You will be successful here by:

  • Having an eye for detail and thoroughness, as you will work on the most important production systems at Strava.

  • Demonstrating empathy for others and thinking about how you can empower them to build a secure platform with a safety net that helps them

  • Displaying ownership of your work by managing to balance security, developer experience, and an ever changing risk landscape


We’re excited about you because you:

  • Have a passion for the security, reliability, scalability, and usability of what all our engineers create.

  • Own your work, from identifying & prioritizing security issues, to partnering with engineering to build automated scalable solutions, and supporting developer experience in the process.

  • Love working with developers, operations, product managers, and security peers

  • Are systems, process, and scale oriented when thinking about security, and able to share that passion with others


Some of our Technical Expectations

We’re not looking for 100% coverage; if you have experience in any of these technologies, we’d love to hear from you:

  • Experience with security risks in consumer-facing mobile & web applications

  • Experience with responsible disclosure programs

  • Experience working with security professionals, developers, and product managers

  • Familiar with a variety of security tools that create findings to be triaged an

  • Experience with at least one programming language such as Ruby, Scala, Python, or Java


About Strava

Strava is Swedish for “strive,” which epitomizes who we are and what we do. We’re a passionate and committed team, unified by our mission to connect athletes to what motivates them and help them find their personal best. And with billions of activity uploads from all over the world, we have a humbling and audacious vision: to be the record of the world’s athletic activities and the technology that makes every effort count.  

Strava builds software that makes the best part of our athletes’ days even better. And just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community – we are continuously striving to hire and engage diverse teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.

In light of the global pandemic, Strava is currently working in a fully remote capacity. As always, we remain committed to fully supporting our employees, especially their mental health and wellbeing, through these challenging times. Despite challenges in the world around us, we are continuing to grow camaraderie and positivity within our culture and we are unified in our commitment to becoming an antiracist company. We are differentiated by our truly people-first approach, our compassionate leadership, and our belief that we can bring joy and inspiration to athletes’ lives — now more than ever. All to say, it’s a great time to join Strava!

Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

California Consumer Protection Act Applicant Notice

For more information on compensation and benefits, please click here

Want some tips on how to get an interview at Strava?

What is Strava looking for?
If this role looks interesting to you, a great first step is to understand what excites you about the team, product or mission. Take your time thinking about this and then tell the team! Get in touch and communicate that passion.
What are interviews for Risk & Compliance Analyst like?
Interview processes vary by company, role and team. The best plan is to see what others have experienced and then plan accordingly.
How to land an interview at Risk & Compliance Analyst?
A great first step is organizing your path to an offer. Check out Kiter for tools to get started!