Similar Jobs
ABOUT THE ROLE
The Staff Application Security Engineer is instrumental in ensuring Peloton applications, services and systems are implemented and secured with industry standard processes. This Engineer is an expert in the area of technical analysis, design and penetration testing. You will help define the application security program, security policy and standards and will coordinate with engineering partners to ensure the security bar is upheld. Reporting directly to the CISO, the candidate will work with multiple and teams with varied strengths across Peloton including, but not limited to Product, Platform, and Ecommerce Engineering, Legal, Enterprise IT Operations and Security Response. They will coordinate the actions of each and ensure collectively we are working as “one Peloton” to protect our members and the team. The role plays a critical function in constantly evolving Peloton’s security penetration testing and security review capabilities, ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services. The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs.
YOUR DAILY IMPACT AT PELOTON
● Security Design Reviews/threat models: Ensure security guarantees are integrated into products by conducting thorough reviews of design and implementations.
● Developer Guidance: Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
● Collaboration with Engineering Teams: Partner closely with product and engineering teams to design solutions that are secure by default.
● Expertise in Web and Mobile Security: Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed decisions.
● Automated Analysis and Secure Frameworks: Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities. Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization. Partner with cloud security and incident response teams to identify and implement security tooling to detect security vulnerabilities and risks at scale.
YOU BRING TO PELOTON
● 4+ years of application security experience
● 2+ years experience with applications development on AWS cloud
● 3+ years experience with software development preferred but not required
● Working knowledge of one or more general purpose programming/script languages, preferably Python
● Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) would be a plus
● Has a strong understanding of cybersecurity threats, vulnerabilities, and mitigations.
● Has experience in security automation, DevSecOps, SRE, or a similar role.
● Has excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
● Experience writing software that enables security processes
● Breadth of applied knowledge across application and infrastructure security
● Drive high impact, cross-team security initiatives
● The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
● An ability to think creatively and holistically about reducing risk in a complex environment
● Exhibits a results-oriented mindset, consistently delivering measurable improvements to
the security posture of applications and systems.
● Excellent relationship building skills across diverse cross-functional teams.
● Exceptional written/oral communication skills.
● Exceptional bias for action and ownership.
The base salary range represents the low and high end of the anticipated salary range for this position based at our New York City headquarters. The actual base salary offered for this position will depend on numerous factors including, without limitation, experience and business objectives and if the location for the job changes. Our base salary is just one component of Peloton’s competitive total rewards strategy that also includes annual equity awards and an Employee Stock Purchase Plan as well as other region-specific health and welfare benefits.
As an organization, one of our top priorities is to maintain the health and wellbeing for our employees and their family. To achieve this goal, we offer robust and comprehensive benefits including:
- Medical, dental and vision insurance
- Generous paid time off policy
- Short-term and long-term disability
- Access to mental health services
- 401k, tuition reimbursement and student loan paydown plans
- Employee Stock Purchase Plan
- Fertility and adoption support and up to 18 weeks of paid parental leave
- Child care and family care discounts
- Free access to Peloton Digital App and apparel and product discounts
- Commuter benefits and Citi Bike Discount
- Pet insurance and so much more!
ABOUT PELOTON:
Peloton (NASDAQ: PTON) provides Members with expert instruction, and world class content to create impactful and entertaining workout experiences for anyone, anywhere and at any stage in their fitness journey. At home, outdoors, traveling, or at the gym, Peloton brings together innovative hardware, distinctive software, and exclusive content. Founded in 2012 and headquartered in New York City, Peloton has millions of Members across the US, UK, Canada, Germany, Australia, and Austria. For more information, visit www.onepeloton.com.
Peloton is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. Equal employment opportunity has been, and will continue to be, a fundamental principle at Peloton, where all team members, applicants, and other covered persons are considered on the basis of their personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, disability, pregnancy, genetic information, military or veteran status, sexual orientation, gender identity or expression, marital and civil partnership/union status, alienage or citizenship status, creed, genetic predisposition or carrier status, unemployment status, familial status, domestic violence, sexual violence or stalking victim status, caregiver status, or any other protected characteristic as established by applicable law. This policy of equal employment opportunity applies to all practices and procedures relating to recruitment and hiring, compensation, benefits, termination, and all other terms and conditions of employment. If you would like to request any accommodations from application through to interview, please email: [email protected].
At Peloton, we embrace technology, including AI, to enhance productivity and accelerate innovation in the work we do for our members, However, in our hiring process, our priority remains in getting to know you and your unique qualifications. To ensure a fair and equitable process, we do not permit the use of AI tools during any stage of the application and interview process. In considering you as an applicant, we want to understand your skills, experiences, and motivations without mediation through an AI system. We also want to directly assess your communication skills without the use of an AI tool.
Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance and the San Francisco Fair Chance Ordinance, as applicable to applicants applying for positions in these jurisdictions.
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.
Peloton New York, New York, USA Office
Our headquarters is located in Hudson Yards on Manhattan's West Side, between Hell's Kitchen and Chelsea. This vibrant area is home to incredible cuisine, culture, and community, and is not far from a number of train lines and Citi Bikes.
What you need to know about the NYC Tech Scene
Key Facts About NYC Tech
- Number of Tech Workers: 549,200; 6% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Capgemini, Bloomberg, IBM, Spotify
- Key Industries: Artificial intelligence, Fintech
- Funding Landscape: $25.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Greycroft, Thrive Capital, Union Square Ventures, FirstMark Capital, Tiger Global Management, Tribeca Venture Partners, Insight Partners, Two Sigma Ventures
- Research Centers and Universities: Columbia University, New York University, Fordham University, CUNY, AI Now Institute, Flatiron Institute, C.N. Yang Institute for Theoretical Physics, NASA Space Radiation Laboratory
