Security Engineer
Job Description:
As a Security Engineer at Peloton, you will be responsible for supporting the ongoing security operations and overall security strategy at Peloton. The ideal candidate must demonstrate in-depth knowledge of and experience in cloud security, incident response. This person will develop, optimize, and operate the security tools used throughout Peloton’s infrastructure and contribute to the overall security strategy across the entire organization.
Responsibilities:
- Architect, deploy, and maintain Peloton’s security infrastructure
- Evangelize security throughout Peloton and empower end users to do their jobs securely without creating additional friction
- Research and analyze potential new threats, attack vectors and risks and identify mitigation efforts
- Examine output from security tools and software and report on findings
- Collaborate with Peloton engineering teams to provide feedback on Peloton products and secure development environments
- Work with our security operations team to develop new detection scenarios, IR playbooks, and maintain tooling to enrich telemetry data
Requirements:
- 3+ years experience working in a security role
- You work well cross-functionally, and can communicate with a variety of audiences who may not have a security or technical background.
- Demonstrated knowledge of enterprise-scale security technologies which may include include SIEM, vulnerability management, incident case management, HIDS/NIDS, PKI, user behavior analytics, SSO, IAM, Privileged Access Management.
- Considerable incident management experience working with Linux and MacOS operating systems
- Experience building and maintaining enterprise logging pipelines (e.g. Splunk, Devo, Sumologic, ELK Stack, etc.)
- Comfortable with scripting (Bash, Python, Go, etc) to automate the boring stuff, as well as solve complex security challenges and integrate security solutions via APIs
- Experience with developing infrastructure as code (Terraform, Cloudformation)
- Deep hands on security experience with cloud providers such as AWS, GCP, and other cloud providers and their respective security tools (Guarduty, Cloudtrails, SecurityMonkey, ScoutSuite, etc)
- Experience with EDR(Endpoint Detection and Response) tools e.g. Crowdstrike, GRR, osquery, Sysdig, Carbon Black, Endgame, Tanium etc.
- Familiarity with development processes and environment tools such as Git, Jira, Confluence.
Great to Have:
- Hands on experience with Container Technology (Docker, EKS, GKE, Kubernetes, Openshift, ) and their respective security tools (Twistlock, Stackrox, Aqua, Sysdig, etc)
- Experience with firewalls (Meraki, Palo Alto, PFSense, etc)
- Experience with SOAR, CASB, DLP technologies
- Comfortable with configuration management tools (e.g. Chef, Puppet, Ansible)
- Familiarity with Zerotrust\Beyondcorp
- Previous working experience with Agile
ABOUT PELOTON:
Founded in 2012, Peloton is a global interactive fitness platform that brings the energy and benefits of studio-style workouts to the convenience and comfort of home. We use technology and design to bring our Members immersive content through the Peloton Bike, the Peloton Tread, and Peloton Digital, which provide comprehensive, socially-connected fitness offerings anytime, anywhere. We believe in taking risks and challenging the status quo by continuously innovating and improving. Our team is made up of passionate brand ambassadors, and we know that together, we go far.
Headquartered in New York City, with offices, warehouses and retail showrooms in the US, UK and Canada, Peloton is changing the way people get fit. Peloton has been named to many prestigious industry lists, including Fast Company's Most Innovative Companies, CNBC's Disruptor 50, Crain's New York Business' Tech25 and Fast50, as well as TIME's Genius Companies. Visit www.onepeloton.com/careers to learn more about joining our team.