Job Description
Title: Senior Security Automation Engineer
Location: United States
ABOUT THE ROLE
Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do.
The Senior Security Automation Engineer is instrumental in building a frictionless and integrated developer experience with cutting edge security tools that results in the right security engineering choices being the most easy ones. The candidate will help to define architecture and overall security tooling posture and portfolio for Peloton.
Reporting directly to the Director of Security Engineering, the candidate will drive the selection, development, and implementation of security tooling and services at Peloton that inform Peloton risk owners and enable them to remediate at scale.
The Senior Security Automation Engineer will work with external technology providers and security vendors. They will evaluate and assess the applicability of various solutions to determine their capability to mitigate potential security risks. They will work closely with partner teams to integrate solutions, build custom tooling, and champion wide adoption.
The role plays a critical function in constantly evolving Peloton’s security automation capabilities and ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services.
The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners to identify security requirements, opportunities for improvements, and developing custom tooling for reducing risk. They are a proven security technology and methodology expert with experience developing automation within large-scale cloud hybrid environments.
YOUR DAILY IMPACT AT PELOTON
- Integrate security tooling and security automation solutions into Peloton’s build pipelines to proactively identify and remediate high impact security vulnerabilities and defects.
- Work with platform and security engineering leadership to interactively improve Peloton’s Security Development Lifecycle investments. Identify opportunities and engage targeted application of security tools at each phase to eradicate prevalent and targeted classes of security defects.
- Design, engineer, deploy, and maintain custom automation products and tools
- Optimize automation solutions for scalability, efficiency, and cost effectiveness
- Identify/Gather metrics data and develop detection and alerting capabilities based on known attacker tactics and techniques.
YOU BRING TO PELOTON
- 10+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
- 7+ years of experience in an SRE, automation, software development, and/or engineering role with a focus on security.
- 5+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
- Extensive experience and strong understanding with securing diverse environments over multiple cloud, on-prem, and mobile environments. To include, but not limited to AWS, GCP, Azure, Android, IOS, etc.
- Deep understanding of securing large scale AWS environments leveraging services including but not limited to Organizations, Security Hub/Guard Duty, Config, IAM, Inspector, SCPs, and Macie.
- Knowledge and Hands on Skills with Docker, ECS, Kubernetes, and Container Security at scale.
- Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
- Solid understanding of information security issues, automation/software engineering technologies, cloud architecture, and threat landscape concepts
- Deep understanding of one or more general purpose programming/scripting languages including but not limited to: Python, JavaScript, PowerShell, Bash.
- Excellent relationship building skills across diverse cross-functional teams.
- Exceptional written/oral communication skills.
- Exceptional bias for action and ownership.
- Humble, hardworking, forward-thinking and embodies a hands on leadership mindset.
- Key stakeholder in defining and refining the remediation workflows to ensure that issues are addressed in a timely manner.
#LI-Remote #LI-CM1
ABOUT PELOTON:
Peloton is the leading interactive fitness platform globally, with a passionate community of 7 million Members in the US, UK, Canada, Germany, and Australia. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that motivate its Members to commit to their fitness journeys. An innovator at the nexus of fitness, technology, and media, Peloton reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, world-class streaming digital fitness and wellness content, and best-in-class fitness experts and Instructors.
At Peloton, we motivate the world to live better. Together We Go Far means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. By combining hardware, software, content, retail, apparel, manufacturing, Member support, and so much more, we deliver an exhilarating fitness experience that unlocks our members’ greatness. Join our team to unlock yours.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: applicantaccommodations@onepeloton.com
Peloton has a COVID-19 vaccination policy to safeguard the health and well-being of our employees and customers globally. All employees based in the U.S. and Canada are required to provide proof of vaccination, unless the employee has a Peloton-approved reasonable accommodation or as otherwise required by law.
Peloton values the side-by-side collaboration that comes with working together in an office. Our Hybrid Working Policy requires team members in US office-based roles to be in the office every Tuesday, Wednesday and Thursday.
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email applicantaccommodations@onepeloton.com before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.