Application Security Engineer
The Cybersecurity team at Peloton has oversight into the security practices of the entire organization, instantiating security policies and best practices, as well as automation of these policies/practices where possible. We are looking for an Application Security Engineer to join our growing team to work across the company. As an Application Security Engineer, you would ensure the security of Peloton's products and services.
Responsibilities:
- Integrate security into the CI/CD pipeline
- Perform penetration testing and code reviews of web and mobile applications
- Perform design reviews and threat modeling of web and mobile applications
- Provide remediation guidance to respective development teams
- Create and maintain application security best practices
- Work with engineering teams in the design phase of new products and features
- Institute Security training and outreach to Peloton engineering teams
- Develop and automate security tools and process
Requirements:
- You have 3+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS and GCP
- Experience building security into the SDLC.
- Experience with CICD platforms: Jenkins, CircleCI, etc.
- Experience with secure code review in languages such as Javascript, Python, C/C++, and Java
- Experience developing with common scripting languages Python, BASH, etc.
- Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Snyk, Checkmarx, and NetSparker
- Knowledge of software security testing procedures across multiple platforms and Operating Systems
- Understanding of Agile software development methods and familiarity with enterprise productivity tools such as JIRA, Confluence
- Experience instituting organizational change with respect to security
- Effective spoken and written communicator to multiple audiences
Bonus points for:
- Experience with securing mobile platforms, iOS, Android, and associated frameworks
- Experience with hacking IoT devices
- Experience and familiarity with NIST, PCI, et. al. frameworks.
- Experience with bug bounty programs
- Experience with CDNs such as Fastly, Cloudflare, Cloudfront, Akamai
ABOUT PELOTON:
Peloton is the largest interactive fitness platform in the world with a loyal community of more than 3 million Members. The company pioneered connected, technology-enabled fitness, and the streaming of immersive, instructor-led boutique classes for its Members anytime, anywhere.
Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that encourage its Members to be the best versions of themselves.
An innovator at the nexus of fitness, technology, and media, Peloton has reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, and world-class streaming digital fitness and wellness content, creating a product that its Members love.
The brand's immersive content is accessible through the Peloton Bike, Peloton Tread, Peloton Bike+, Peloton Tread+, and Peloton App, which allows access to a full slate of fitness classes across disciplines, on any iOS or Android device, Apple TV, Fire TV, Roku TVs, and Chromecast and Android TV.
Founded in 2012 and headquartered in New York City, Peloton has a growing number of retail showrooms across the US, UK, Canada and Germany. For more information, visit www.onepeloton.com