CrawlJobs Logo

Senior Engineer, Application and Security Infrastructure

United Kingdom, London 93500.00 - 110000.00 GBP / Year · Job Posted February 20, 2026
Apply Position
Job Link Share

Job Description

This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices. We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security.

Job Responsibility

  • Protect a platform that supports millions of athletes by ensuring Strava’s applications and infrastructure are secure, resilient, and compliant across regions
  • Work closely with engineering, infrastructure, and security teams to design and implement secure architectures and development practices
  • Shape how Strava manages application and infrastructure risks in the EU, ensuring speed, accuracy, and consistency in remediation and governance
  • Build automated workflows that identify vulnerabilities early, enforce secure configurations, and strengthen our CI/CD and cloud security controls
  • Collaborate across Security, Engineering, Legal, and Compliance to ensure that systems, processes, and data handling meet EU regulatory standards and Strava’s global security expectations
  • Serve as the primary security point of contact for Strava Group in the EU, bridging global strategy with local implementation and compliance
  • Drive secure-by-design practices across engineering teams, including threat modeling, architecture reviews, and vulnerability management
  • Partner with Engineering and Infrastructure teams to embed automated security checks into CI/CD pipelines and infrastructure-as-code deployments
  • Coordinate regional incident response, vulnerability triage, and remediation validation in partnership with the global security team

Requirements

  • Hands-on experience in application and infrastructure security, including code review, threat modeling, and securing cloud-native environments (AWS preferred)
  • Designed or implemented automated security controls in CI/CD pipelines using tools like Semgrep, Tenable, GHAS, Snyk, or custom scripting
  • Understand how to secure containerized and distributed environments, including Kubernetes, IAM, and network segmentation
  • Comfortable managing vulnerability management programs end-to-end — from detection and prioritization through engineering remediation
  • Familiarity with EU security and privacy frameworks (GDPR, NIS2) and know how to apply them pragmatically to cloud infrastructure and data systems
  • Collaborative and pragmatic — able to influence engineering teams through partnership, technical credibility, and clear communication
  • Communicate proactively and effectively across technical and non-technical stakeholders, ensuring alignment between EU operations and global security strategy

What we offer

Offers Equity

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Senior Engineer, Application and Security Infrastructure

8 matching positions

Senior Software Engineer, Infrastructure and Security

At Vanta, our mission is to help businesses earn and prove trust. We believe tha...
Location
Location
United States
Salary
Salary:
179000.00 - 211000.00 USD / Year
vanta.com Logo
Vanta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • You’ve played technical leadership roles on Infrastructure or platform teams
  • You have experience with infrastructure, AWS services, and scaling platforms in fast-growing environments
  • You care deeply about performance and reliability
  • You’re thoughtful about trade-offs and have good product sense when creating new infrastructure
  • Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact
Job Responsibility
Job Responsibility
  • Design and build scalable infrastructure to support rapid growth in data volume, service usage, and engineering velocity
  • Lead projects across our cloud infrastructure, including container orchestration (e.g., AWS Fargate, ECS), monitoring and alerting systems, networking, and database maintenance
  • Implement and maintain core security infrastructure and controls including, service-to-service authentication, secrets management, application security primitives (e.g., rate-limiting, encryption libraries, etc.), and infrastructure hardening
  • Identify and solve complex scalability and performance challenges, particularly related to service reliability and data throughput
  • Partner closely with Security Engineering to implement infrastructure that supports best-in-class security and compliance practices
  • Drive infrastructure design reviews and provide technical guidance on architectural decisions and trade-offs
  • Work with talented and kind engineers to make a significant impact on our customer base, enabling them to improve their security and prove it
  • Contribute to building Vanta’s engineering culture as we grow
What we offer
What we offer
  • Offers Equity
  • medical benefits
  • 401(k) plan
  • other company perk programs
  • Comprehensive medical, dental, and vision coverage, with 100% of employee-only benefit premiums covered for most medical plans
  • 16 weeks fully-paid Parental Leave for all new parents
  • Health & wellness stipend
  • Remote workspace, internet, and cellphone stipend
  • Commuter benefits for team members who report to the SF and NYC office
  • Family planning benefits
  • Fulltime
Read More
Arrow Right

Senior Software Engineer, Infrastructure and Security

Vanta’s Infrastructure & Security team provides a platform that powers the scala...
Location
Location
Canada
Salary
Salary:
Not provided
vanta.com Logo
Vanta
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • You’ve played technical leadership roles on Infrastructure or platform teams
  • You have experience with infrastructure, AWS services, and scaling platforms in fast-growing environments
  • You care deeply about performance and reliability
  • You’re thoughtful about trade-offs and have good product sense when creating new infrastructure
  • Open to using AI to amplify their skills and strengthen their work - demonstrating curiosity, a willingness to learn, and sound judgment in applying AI responsibly to improve efficiency and impact
Job Responsibility
Job Responsibility
  • Design and build scalable infrastructure to support rapid growth in data volume, service usage, and engineering velocity
  • Lead projects across our cloud infrastructure, including container orchestration (e.g., AWS Fargate, ECS), monitoring and alerting systems, networking, and database maintenance
  • Implement and maintain core security infrastructure and controls including, service-to-service authentication, secrets management, application security primitives (e.g., rate-limiting, encryption libraries, etc.), and infrastructure hardening
  • Identify and solve complex scalability and performance challenges, particularly related to service reliability and data throughput
  • Partner closely with Security Engineering to implement infrastructure that supports best-in-class security and compliance practices
  • Drive infrastructure design reviews and provide technical guidance on architectural decisions and trade-offs
  • Work with talented and kind engineers to make a significant impact on our customer base, enabling them to improve their security and prove it
  • Contribute to building Vanta’s engineering culture as we grow
What we offer
What we offer
  • Industry-competitive salary and equity
  • 100% covered medical, dental, and vision benefits with dependents coverage
  • Pension contribution
  • 16 weeks fully paid Parental Leave for all new parents
  • Health & wellness stipend
  • Remote workspace, internet, and cellphone stipend
  • Flexible work hours and location
  • 21 days of Vacation Time and 80 hours of Sick Leave
  • 11 company-paid holidays
  • Virtual team building activities, lunch and learns, and other company-wide events
  • Fulltime
Read More
Arrow Right

Senior Security Engineer - Application Security

This is an opportunity to join K's critical InfoSec team as a Senior Security En...
Location
Location
United States , New York
Salary
Salary:
150000.00 - 185000.00 USD / Year
khealth.com Logo
K Health
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Information Security, Cloud Security, IT Security, and/or Application Security
  • Strong expertise in cloud technology (AWS, GCP, or Azure), modern programming languages, utilization of generative coding utilities, and the security implications of utilizing AI code development utilities
  • Demonstrated experience researching, establishing, and successfully rolling out enterprise-wide security policies and guidelines
  • Proven experience establishing a cutting-edge security posture, particularly within the regulated healthcare technology field
  • Excellent communication skills, capable of translating complex security risks into clear, actionable advice for technical and non-technical stakeholders
  • Expertise in compliance, security, and regulatory areas such as
  • HIPAA, PHI, AKS, SOC 2, ISO, GDPR, etc.
  • Flexibility in covering a rotation for critical on-call support responsibilities
Job Responsibility
Job Responsibility
  • Lead the development and implementation of robust application security protocols throughout the entire Software Development Lifecycle (SDLC)
  • Design, deploy, and continuously monitor cloud security architecture across our cloud environments, ensuring performance and resilience
  • Manage the security posture of K’s core IT infrastructure, internal networks, and perimeter defenses, mitigating threats before they impact operations
  • Ensure adherence to relevant healthcare regulatory and compliance requirements (e.g., HIPAA, GDPR, etc.) across all product lines and systems
  • Conduct proactive vulnerability assessments, penetration tests, and security reviews to identify and remediate potential weaknesses in our platforms
  • Collaborate with engineering teams to integrate security tools and practices into continuous integration/continuous deployment (CI/CD) pipelines
What we offer
What we offer
  • Hybrid work schedule with weekly lunches and stocked fridges
  • Monthly social committees for company events
  • 18 vacation days, 9 company holidays, 5 sick days, and 2 personal days
  • Stock options for every full-time employee
  • Paid parental leave
  • 401k benefit
  • Commuter Benefits
  • Competitive health, dental, and vision insurance options
  • Fulltime
Read More
Arrow Right

Senior Security Engineer, Application Security

We are hiring a Senior Application Security Engineer to join Turnkey's team and ...
Location
Location
Salary
Salary:
Not provided
turnkey.com Logo
Turnkey
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelors degree in Computer Science, Engineering, or a related field
  • 5+ years of experience in application or product security, ideally in fast-moving, high-impact or crypto-native environments
  • Strong understanding of web, mobile, and cryptographic security fundamentals (e.g. OWASP Top Ten, SANS/CWE Top 25)
  • Proficiency in programming and scripting languages (Typescript/Javascript, Go, Rust) and experience building secure systems from the code up
  • Hands-on experience with security testing tools and methodologies (static/dynamic analysis, pen testing, etc.)
  • Strong understanding of cloud, containerized, and runtime environments (AWS, GCP, Docker, Kubernetes), with the ability to embed security early in the SDLC
  • Excellent analytical, problem-solving, and communication skills, with a collaborative mindset for partnering across product and infrastructure teams
  • Curious, proactive, and passionate about building secure, reliable systems in a fast moving startup environment
  • A builder mentality
  • comfortable operating with ambiguity, tackling incomplete systems, and applying hands-on engineering experience to security challenges.
Job Responsibility
Job Responsibility
  • Partner with Product and Engineering at both the design and development stage to ensure that we implement new features securely, including (but not limited to): Participating in the implementation efforts
  • Doing security reviews
  • Helping with product design decisions
  • Auditing and surfacing vulnerabilities in our current products
  • Conducting threat modeling and security assessments for new features and systems, identifying risks early and shaping secure architectural decisions
  • Developing and improving our Automated Tooling: further enhancing our automated tooling to scale our product security capabilities and find potential code problems both before and after we deploy
  • Making the safe way, the easy way: work on defining and building application guardrails so that developers can build securely by default
  • Investigating and remediating security issues, including vulnerabilities and incidents, and drive long-term improvements to prevent recurrence
  • Embedding a culture of secure development across engineering, defining practices that influence how Turnkey builds, deploys, and maintains systems at scale.
What we offer
What we offer
  • Full benefits, including medical, dental, vision, life, disability, HSA/FSA, 401(k)
  • Paid parental leave
  • Unlimited PTO
  • $3,000/yr learning and development budget to attend industry conferences
  • Multiple team offsites per year
  • Macbook Pro laptop
  • Lunch stipend (for those physically in the New York City office)
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland , Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English.
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps).
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We're hiring a Senior Application Security Engineer to join a small, high-levera...
Location
Location
United States , Remote
Salary
Salary:
180000.00 - 210000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in application security, offensive security, or security engineering, with demonstrable depth in at least two of: offensive testing, security tooling/automation, and cloud/infra security
  • Strong offensive skills - you can manually exploit real web and API vulnerabilities beyond what a scanner will find, and you can teach others to do the same
  • Deep familiarity with building and operating security tooling in a modern engineering org: SAST/DAST/SCA pipelines, custom detection rules, secrets scanning, and CI/CD security gates. You've written tooling, not just configured it
  • Production experience with AWS (IAM, VPC, networking, data services), containerized workloads (Docker, Kubernetes/EKS), and infrastructure-as-code (Terraform or similar)
  • Comfort reading, reviewing, and contributing code in at least one language common to modern web stacks (Python, Go, Ruby, TypeScript, or similar)
  • Clear, direct communication style. You can make a sharp technical argument to senior engineers, translate risk into business terms for leadership, and write a bug report an engineer actually wants to fix
  • Strong partnership instincts - you get leverage by making other teams faster, not by blocking them
Job Responsibility
Job Responsibility
  • Run offensive assessments against Qualia's applications and infrastructure: manual penetration testing, exploit development, authenticated web/API testing, and adversarial review of new designs before they ship
  • Lead threat modeling and secure design review for the highest-risk initiatives across the company, and mentor engineers to do the same for their own work
  • Own and evolve our AppSec tooling stack end-to-end - SAST, DAST, SCA, secret scanning, IaC scanning, and the CI/CD gates that tie them together. Build the custom rules, detections, and automation that generic tooling doesn't give us
  • Harden our cloud posture: review AWS configurations, IAM policies, Kubernetes/EKS workloads, and networking boundaries
  • build automation and guardrails that prevent the same class of issue from recurring
  • Reduce toil for the team - write the tools, scripts, and integrations that turn a day of triage into a few minutes
  • Partner with Infrastructure and Platform on detection engineering, incident response support, and cross-cutting programs (secrets management, supply chain, runtime security)
  • Set the technical bar for the AppSec team: raise the quality of reviews, establish patterns others can reuse, and mentor peers across seniority levels
  • Represent AppSec in architectural reviews, vendor evaluations, and compliance efforts
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • a variety of internal virtual events to keep employees connected
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We’re looking for a senior-level security expert to lead proactive security desi...
Location
Location
Poland
Salary
Salary:
Not provided
airswift.com Logo
Airswift Sweden
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in offensive and defensive security roles, with long-term project experience
  • Proven expertise in penetration testing (especially web applications) and threat modelling
  • Strong programming/scripting skills, particularly in Python
  • Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication)
  • Excellent communication skills in English
Job Responsibility
Job Responsibility
  • Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure
  • Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities
  • Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors
  • Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps)
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

We are hiring an Application Security Engineer to join our Infrastructure & Secu...
Location
Location
United States
Salary
Salary:
170000.00 - 210000.00 USD / Year
onebrief.com Logo
Onebrief
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application Security, Cybersecurity Engineering, Software Engineering or a related field
  • U.S. citizenship required
  • A strong understanding of Linux, containerization and orchestration, and virtual machines
  • Networking fundamentals: core protocols and secure configurations
  • A deep understanding of incident response processes
  • Clear, concise writing
  • strong documentation habits and async communication
  • Core skills and technologies: Javascript/Browser security, Network Security, Firewalls, Intrusion Detection, Static Analysis, Dynamic Analysis, Container Scanning, Kubernetes, Docker, Helm, Ansible, Terraform, Linux, AWS, DoD compliance, Monitoring and Observability tools
  • 5+ years experience in Cybersecurity, Software Engineering and/or DevOps
  • Familiarity with DevOps practices, CI/CD
Job Responsibility
Job Responsibility
  • Find Vulnerabilities in our Software: Bring an attacker’s mindset to review PRs, perform code audits, and utilize static analysis to identify vulnerable code patterns
  • Fix Vulnerabilities Across the Full Stack: Think like an adversary to find, fix, prevent or patch vulnerabilities from browser to kernel
  • Improve the Security Posture of Infrastructure: Review identity and access management, logging, auditing, monitoring to help craft a layered defense
  • Make the Team Stronger: Mentor other engineers on best security practices, share news of vulnerable libraries and compromises, engage with community on active threats and trends
What we offer
What we offer
  • Equity: Share in the company's success
  • Flexible Work Environment: Remote-first organization* with flexible work hours and unlimited PTO
  • Comprehensive Health Coverage: Health, dental, vision, and life insurance
  • Retirement Plan: 401(k) plan with company match
  • Parental Leave: 8 weeks at 100% regardless of state
  • Company Retreats: Annual company summit trips
  • Home Office Budget: $1,000 per year for home office improvements
  • Fulltime
Read More
Arrow Right