Product Security Incident Response Program Manager at Peloton
Product Security Response Program Manager
This role can be performed at anyone of our office hubs (NYC; Plano, TX; SF Bay Area; Atlanta, GA) or remote from the USA.
Peloton continues to grow and deliver the connected fitness platform of the future to help our members be the best version of themselves. A key pillar of our technology-enabled business is ensuring our products and services are secure for Peloton members. As part of our growth journey, we are expanding our Product Security Incident Response Team (PSIRT) and are looking for a Product Security Response Program Manager with a diverse set of skills that can thrive in a challenging, fast-paced, and rewarding environment. You will be the first program manager in our PSIRT and will be taking our product security program to the next level. The right candidate should have a strong focus on results, be self-driven, and be as excited about talking to security researchers and driving engineering teams to address security vulnerabilities as well as in building processes, documentation, and KPIs for the program. This position is available for remote work in most US states.
- Coordinate the management and resolution of product security vulnerabilities involving all Peloton products - from security research intake through final resolution
- Support and strengthen security researcher outreach and community-building
- Propose, lead, and execute PSIRT strategic initiatives
- Maintain consistent engagement with multiple engineering teams simultaneously to assess and resolve security vulnerabilities
- Engage teams such as Communications/PR, Member Support, and Legal as needed
- Develop, implement, and maintain product security incident playbooks/runbooks
- Prepare and present analysis with findings and recommendations in the form of briefings, reports, and dashboards to managers, various team leads and senior leadership as required
- Minimum 3 years practical experience on product security roles; preferably as part of a PSIRT
- Demonstrated security program management experience with a record of successful projects or efforts
- Knowledge of Information Security / Product Security design, principles, and processes; understanding of software and API vulnerabilities
- Excellent written and verbal communication skills
- A learning mindset and bias for action; passion for “getting things done”
- Bonus points for:
- Previous experience in hardware/software/cloud services product security response
- Ability to reproduce and triage security vulnerabilities
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: [email protected]
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.