Senior Engineer II, Governance, Risk, and Compliance (GRC)

About this role

Strava is the app for active people. With over 150 million athletes in more than 185 countries, Strava is where connection, motivation, and personal bests thrive. No matter your activity, gear, or goals, we help you find your crew, crush your milestones, and keep moving forward. Start your journey with Strava today.

Our mission is simple: to motivate people to live their best active lives. We believe in the power of movement to connect and drive people forward.

This role is on the Strava Security Team, which exists to protect Strava’s people, business, and data through integrated, proactive security practices.

We work across all security domains, including, but not limited to, product security, vulnerability management, incident response, infrastructure, network, governance, and enterprise security.

We follow a flexible hybrid model that generally translates to around half your time on-site in our San Francisco office—roughly three days per week.

What You’ll Do:

• Are passionate about embedding security, privacy, and compliance into the fabric of a high-growth platform used by millions of athletes
• Thrive in roles where you can apply engineering skills to solve governance, risk, and compliance challenges—not just document them
• Will have a high-leverage impact by aligning Strava’s technical environment with frameworks like: NIST CSF, SOX, and SOC 2 to support audit and IPO readiness
• Are excited to build automation, evidence pipelines, and control enforcement into CI/CD workflows, cloud environments, and developer tooling
• Will collaborate with Engineering, Legal, and Security teams to write policies, define controls, and drive implementation with an engineering-first mindset

You Will Be Successful Here By:

• Being highly self-motivated and detail-oriented, with a strong sense of ownership over technical control implementation and audit deliverables
• Translating the requirements of NIST CSF, SOX, and SOC 2 into testable technical controls embedded within infrastructure, identity systems, and software delivery pipelines
• Partnering with engineering teams to design secure-by-default implementations that reduce risk while preserving speed and autonomy
• Authoring and maintaining policies and standards that are grounded in reality, aligned to NIST CSF, and adaptable to a dynamic cloud-native environment
• Leading evidence collection, audit preparation, and control design efforts across multiple domains in support of IPO-readiness and long-term compliance strategy

What You’ll Bring to the Team:

• Have supported or led technical readiness for NIST CSF, SOX, SOC 2, or other regulatory frameworks in high-growth or pre-IPO companies
• Bring deep experience writing and operationalizing security policies and procedures that map to frameworks like NIST CSF or ISO 27001
• Understand how to architect and implement controls across AWS, GitHub, Okta, and Terraform, and can build automation for evidence collection and control testing
• Have worked alongside developers and infrastructure teams to integrate GRC requirements into IaC, CI/CD, and identity platforms
• Are comfortable scripting or using tools to automate GRC tasks such as access reviews, exception tracking, and risk reporting
• Communicate clearly and proactively, driving cross-functional alignment and building trust between Security, Legal, Engineering, and external auditors

Compensation Overview

At Strava, we know our employees are the most important ingredient to our success, and our compensation and total rewards programs reflect that. We take a market-based approach to pay, and pay may vary depending on the department and your location. Salary ranges are categorized into one of three tiers based on a cost of labor index for that geographic area. We will determine the candidate’s starting pay based on job-related skills, experience, qualifications, work location, and market conditions. We may modify these ranges in the future. For more information, please contact your talent partner.

Compensation: $212,080 - $248,230. This range reflects base compensation only and does not include equity or benefits. Your recruiter can share more details about the full compensation package, including the range specific to your location, during the hiring process.

For more information on benefits, please click here.

Why Join Us?

Movement brings us together. At Strava, we’re building the world’s largest community of active people, helping them stay motivated and achieve their goals.

Our global team is passionate about making movement fun, meaningful, and accessible to everyone. Whether you’re shaping the technology, growing our community, or driving innovation, your work at Strava makes an impact.

When you join Strava, you’re not just joining a company—you’re joining a movement. If you’re ready to bring your energy, ideas, and drive, let’s build something incredible together.

Strava builds software that makes the best part of our athletes’ days even better. Just as we’re deeply committed to unlocking their potential, we’re dedicated to providing a world-class, inclusive workplace where our employees can grow and thrive, too. We’re backed by Sequoia Capital, TCV, Madrone Partners and Jackson Square Ventures, and we’re expanding in order to exceed the needs of our growing community of global athletes. Our culture reflects our community. We are continuously striving to hire and engage teammates from all backgrounds, experiences and perspectives because we know we are a stronger team together.

Strava is an equal opportunity employer. In keeping with the values of Strava, we make all employment decisions including hiring, evaluation, termination, promotional and training opportunities, without regard to race, religion, color, sex, age, national origin, ancestry, sexual orientation, physical handicap, mental disability, medical condition, disability, gender or identity or expression, pregnancy or pregnancy-related condition, marital status, height and/or weight.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

California Consumer Protection Act Applicant Notice