As a Senior Security Engineer at Peloton, you will be responsible for supporting the ongoing security operations and overall security strategy at Peloton. The ideal candidate must demonstrate in-depth knowledge of and experience in cloud security, incident response, automation, and development. This person will develop, optimize, and operate the security tools used throughout Peloton’s infrastructure and contribute to the overall security strategy across the entire organization.
- Architect, deploy, and maintain Peloton’s security infrastructure
- Evangelize security throughout Peloton and empower end users to do their jobs securely without creating additional friction
- Research and analyze potential new threats, attack vectors and risks and identify mitigation efforts
- Examine output from security tools and software and report on findings
- Collaborate with Peloton engineering teams to provide feedback on Peloton products and secure development environments
- Work with cyber analysts and security engineers to develop threat models, detections, incident response playbooks, and maintain tooling to enrich security intelligence
- 5+ years experience working in a security role
- You know how to identify security gaps / areas of risk and are able to effectively put together a plan for remediation
- Ability to work cross functionally between technical and business teams, evangelizing security best practices, policy, and procedure
- Effective communication skills
- Demonstrated knowledge of enterprise-scale security technologies which may include SIEM, vulnerability management, incident response, HIDS/NIDS, PKI, user behavior analytics, SSO, IAM, Privileged Access Management
- Experience building and maintaining enterprise logging pipelines (e.g. Splunk, Devo, Sumologic, ELK Stack, etc.)
- Demonstrated proficiency with scripting (Bash, Python, Go, etc)
- Experience with developing infrastructure as code (Terraform, Cloudformation)
- Deep hands on security experience with cloud providers such as AWS, GCP, and other cloud providers and their respective security tools (Guarduty, Cloudtrails, SecurityMonkey, ScoutSuite, etc)
- Experience with EDR (Endpoint Detection and Response) tools e.g. Crowdstrike, GRR, osquery, Sysdig, Carbon Black, Endgame, Tanium etc.
- Familiarity with development processes and environment tools such as Git, Jira, Confluence
Great to Have:
- OSxx Suite of Certifications
- Pentesting experience
- Hands on experience with Container Technology (Docker, EKS, GKE, Kubernetes, Openshift, ) and respective security tools (Twistlock, Stackrox, Aqua, Sysdig, etc)
- Experience with SOAR, CASB, DLP technologies
- Comfortable with configuration management tools (e.g. Chef, Puppet, Ansible)
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: email@example.com
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email firstname.lastname@example.org before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.