As a Senior Security Engineer at Peloton, you will be responsible for supporting the ongoing security operations and overall security strategy at Peloton. The ideal candidate must demonstrate in-depth knowledge of and experience in cloud security, incident response, automation, and development. This person will develop, optimize, and operate the security tools used throughout Peloton’s infrastructure and contribute to the overall security strategy across the entire organization.
- Architect, deploy, and maintain Peloton’s security infrastructure
- Evangelize security throughout Peloton and empower end users to do their jobs securely without creating additional friction
- Research and analyze potential new threats, attack vectors and risks and identify mitigation efforts
- Examine output from security tools and software and report on findings
- Collaborate with Peloton engineering teams to provide feedback on Peloton products and secure development environments
- Work with cyber analysts and security engineers to develop threat models, detections, incident response playbooks, and maintain tooling to enrich security intelligence
- 5+ years experience working in a security role
- You know how to identify security gaps / areas of risk and are able to effectively put together a plan for remediation
- Ability to work cross functionally between technical and business teams, evangelizing security best practices, policy, and procedure
- Effective communication skills
- Demonstrated knowledge of enterprise-scale security technologies which may include SIEM, vulnerability management, incident response, HIDS/NIDS, PKI, user behavior analytics, SSO, IAM, Privileged Access Management
- Experience building and maintaining enterprise logging pipelines (e.g. Splunk, Devo, Sumologic, ELK Stack, etc.)
- Demonstrated proficiency with scripting (Bash, Python, Go, etc)
- Experience with developing infrastructure as code (Terraform, Cloudformation)
- Deep hands on security experience with cloud providers such as AWS, GCP, and other cloud providers and their respective security tools (Guarduty, Cloudtrails, SecurityMonkey, ScoutSuite, etc)
- Experience with EDR (Endpoint Detection and Response) tools e.g. Crowdstrike, GRR, osquery, Sysdig, Carbon Black, Endgame, Tanium etc.
- Familiarity with development processes and environment tools such as Git, Jira, Confluence
Great to Have:
- OSxx Suite of Certifications
- Pentesting experience
- Hands on experience with Container Technology (Docker, EKS, GKE, Kubernetes, Openshift, ) and respective security tools (Twistlock, Stackrox, Aqua, Sysdig, etc)
- Experience with SOAR, CASB, DLP technologies
- Comfortable with configuration management tools (e.g. Chef, Puppet, Ansible)
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.