Product Security Incident Response Manager (PSIRT)
Product Security Incident Response Manager
This role can be performed at anyone of our office hubs (NYC; Plano, TX; SF Bay Area; Atlanta, GA) or remote from the USA.
Peloton continues to grow and deliver the connected fitness platform of the future to help our members be the best version of themselves. A key pillar of our technology-enabled business is ensuring our products and services are secure for Peloton members. As part of our growth journey, we are expanding our Product Security Incident Response Team (PSIRT) and are looking for a Product Security Incident Response Manager with a diverse set of skills that can thrive in a challenging, fast-paced, and rewarding environment. You will be the first product security incident manager in our team and will be taking our security program to the next level. The right candidate should have a strong focus on results, be self-driven, and be as excited about talking to security researchers and driving engineering teams to address security vulnerabilities as well as in building processes, documentation, and KPIs for the program. An opportunity for this position is becoming the incident response lead for the security organization; leading product security incidents and top tier security incidents that require cross-company coordination. This position is available for remote work in most US states.
Job Responsibilities:
- Coordinate the management and resolution of product security vulnerabilities involving all Peloton products - from security research intake through final resolution
- Support and strengthen security researcher outreach and community-building
- Propose, lead, and execute PSIRT strategic initiatives
- Maintain consistent engagement with multiple teams simultaneously to assess and resolve security vulnerabilities
- Engage teams such as Communications/PR, Member Support, and Legal as needed to minimize risk to Peloton members and the Peloton brand
- Develop, implement, and maintain product security incident playbooks/runbooks
- Prepare and present analysis with findings and recommendations in the form of briefings, reports, and dashboards to managers, various team leads and senior leadership as required
Requirements:
- Minimum 3 years practical experience on product security roles; preferably as part of a PSIRT
- Knowledge of Information Security / Product Security design, principles, and processes; understanding of software and API vulnerabilities
- Excellent written and verbal communication skills
- A learning mindset and bias for action; passion for “getting things done”
- Bonus points for:
- Previous experience in hardware/software/cloud services product security response
- Ability to reproduce and triage some security vulnerabilities
- Security incident response experience as part of a security operations team or an Incident Response team
- Security certifications such as GCIH, GCIA, GPEN, etc.
ABOUT PELOTON:
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
“Together We Go Far” means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. In order to be the best version of Peloton, we are deeply committed to building a diverse workforce and inclusive culture where all of our team members can be the best version of themselves. This work has no endpoint; it is the constant work of running an organization that strives to reach its full potential. As a first step in our commitment, we announced the Peloton Pledge to invest $100 million over the next four years to fight racial injustice and inequity in our world, and to promote health and wellbeing for all, from the inside out.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: [email protected]
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.