Sr. Security Engineer (Enterprise Systems) at Peloton
As a Security Engineer at Peloton, you will be responsible for supporting the operations and overall strategy of ongoing security and compliance of Pelotons’ cloud and on premise infrastructure.
You will work closely with Pelotons’ engineering teams, providing security and compliance guidance to existing and new information and operational technology footprints
- Architect, deploy, and maintain Pelotons’ security standards
- Evangelize security throughout Pelotons’ sites and empower end users to do their jobs securely with professionalism
- Research and analyze potential new threats, attack vectors and risks and identify mitigation efforts
- Prioritize vulnerabilities for remediation with the business and accountable IT and Engineering teams
- Collaborate with Pelotons’ IT and Security teams, continually improving the security and compliance posture of Pelotons’ facilities.
- Work with cyber analysts and security engineers to develop threat models, detections, incident response playbooks, and maintain tooling to enrich security intelligence.
- Coordinate and develop IT risk control and compliance management activities
- 6+ years experience working in a security and compliance role
- You have demonstrated cross domain knowledge and experiences in cloud and infrastructure security best practices, incident response, vulnerability management, automation, IT compliance and risk control
- You know how to identify security gaps and effectively put together a plan to remediate them.
- You are able to think offensively and defensively about security. You understand how an attacker may compromise a system or network, and you can implement the mitigating controls to prevent a breach.
- You understand the importance of collecting security relevant logs from an entire environment, providing the necessary information to then be turned into intelligence, finding the signal in the noise.
- You can work cross functionally between technical and business teams, evangelizing security best practices, prolicy, and procedures.
Demonstrable experience & knowledge with…
- Programming: Scripting (Bash, Python, Go, etc) for automation, integration with tooling and vendor APIs for custom tooling.
- Enterprise-scale security technologies: e.g. Vulnerability Management, HIDS/NIDS, PKI, SSO, IAM, Privileged Access Management.
- System incident management and response: Cloud, Linux, MacOS, and Windows environments.
- Configuration management tools; Ansible, Chef, Puppet, etc.
- Cloud Security EDR (Endpoint Detection and Response) tools: e.g. Crowdstrike, GRR, osquery, Sysdig, Carbon Black, Endgame, Tanium etc.
- Development processes and environment tools: e.g. Git, Jira, Confluence.
- Container Technology (Docker, EKS, GKE, Kubernetes, Openshift) and their respective security tools (Twistlock, Stackrox, Aqua, Sysdig, etc)
Hands-on / Working Experiences with...
- Operational technology and manufacturing
- Firewalls (Meraki, Palo Alto, PFSense, etc)
- SOAR, CASB, DLP technologies
- Security compliance & quality management: ISO9001, 27001, SOX ITGC audit facilitation, remediation
- IT compliance, cyber risk and data protection practices
- CISSP, OSCP, Security+
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: [email protected]
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.