Lead Security Engineer
Job Description:
The security team at Peloton has oversight into the security practices of the entire organization, instantiating security policies and best practices, as well as automation of these policies/practices where possible. The security team at Peloton is looking for a Security Engineer to join our growing team to work across disparate teams. As a Security Engineer, you would ensure the security of Peloton's products and services.
Responsibilities:
- Perform security assessments and design reviews of Peloton’s web applications, mobile clients, internal services and APIs.
- Maintaining and creating secure development best practices and programs for our engineering teams and external developers
- Identify risks in code, applications, software architecture, and internal development processes
- Evaluate, analyze, and reproduce security vulnerabilities reported by internal tools, internal engineers, security researchers, partners, and customers. Partner with development teams to ensure they address these vulnerabilities in our products and services.
- Institute Security training and outreach to Peloton engineering teams
- Provide guidance on relevant application security industry standards and practices such as OWASP, SANS, CWE, CWSS, CVE, CVSS, etc.
- Collaborate and act as an ambassador to multiple engineering stakeholders to evangelize security, assist in developing security controls into engineering pipelines, and remediate security issues from internal, and third party assessments.
- Integrate and build new tools into our Security program, which includes automation of processes to make security testing more effective and efficient.
- Take part in helping develop the maturity of Peloton's security organization
Requirements:
- You have 4+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS, GCP.
- Experience with manual secure code review in languages such as Javascript, Python, Node.js, Ruby
- Experience integrating security into CI/CD pipelines
- Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode, AppSpider, Coverity, Black Duck, NetSparker
- Knowledge of software security testing procedures across multiple platforms and Operating Systems.
- Understanding of Agile software development methods and familiarity with enterprise productivity tools such as JIRA, confluence
- Experience instituting organizational change with respect to security
- Effective spoken and written communicator to multiple audiences
- B.S. Computer Science in a related field, or equivalent experience
Nice to haves
- Experience and familiarity with NIST, PCI, et. al. frameworks.
- Familiarity with Peloton products and services is a plus
- Experience with bug bounty programs
- Experience with CDNs such as Fastly, Cloudflare, Cloudfront, Akamai
- Experience with Android development
ABOUT PELOTON:
Founded in 2012, Peloton has transformed the at-home fitness experience by creating a bike that merges high-design with modern technology to provide access to live streaming and on demand indoor cycling classes led by elite instructors. With a state of the art studio, the best instructors and content distribution, Peloton delivers an intense high-energy workout that motivates, while positively changing the mind and body.