Application Security Engineer

New York, NY

Peloton Interactive, Inc. logo
Peloton Interactive, Inc.
Apply now Apply later

Posted 4 weeks ago

The security team at Peloton has oversight into the security practices of the entire organization, instantiating security policies and best practices, as well as automation of these policies/practices where possible. We are looking for an Application Security Engineer to join our growing team to work across the company. As an Application Security Engineer, you would ensure the security of Peloton's products and services.


  • Integrate security into the CI/CD pipeline
  • Perform penetration testing and code reviews of web and mobile applications
  • Perform design reviews and threat modeling of web and mobile applications
  • Provide remediation guidance to respective development teams
  • Create and maintain application security best practices
  • Work with engineering teams in the design phase of new products and features
  • Institute Security training and outreach to Peloton engineering teams
  • Develop and automate security tools and process


  • You have 4+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, and mobile applications within cloud hosted environments such as AWS and GCP  
  • Experience building security into the SDLC.
  • Experience with CICD platforms: Jenkins, CircleCI, etc.
  • Experience with secure code review in languages such as Javascript, Python, C/C++, and Java
  • Experience developing with common scripting languages Python, BASH, etc.
  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Snyk, Checkmarx, and NetSparker
  • Knowledge of software security testing procedures across multiple platforms and Operating Systems
  • Understanding of Agile software development methods and familiarity with enterprise productivity tools such as JIRA, Confluence
  • Experience instituting organizational change with respect to security
  • Effective spoken and written communicator to multiple audiences

Bonus points for:

  • Experience with securing mobile platforms, iOS, Android, and associated frameworks
  • Experience with hacking IoT devices
  • Experience and familiarity with NIST, PCI, et. al. frameworks.
  • Experience with bug bounty programs
  • Experience with CDNs such as Fastly, Cloudflare, Cloudfront, Akamai


Founded in 2012, Peloton is a global interactive fitness platform that brings the energy and benefits of studio-style workouts to the convenience and comfort of home. We use technology and design to bring our Members immersive content through the Peloton Bike, the Peloton Tread, and Peloton Digital, which provide comprehensive, socially-connected fitness offerings anytime, anywhere. We believe in taking risks and challenging the status quo by continuously innovating and improving. Our team is made up of passionate brand ambassadors, and we know that together, we go far.

Headquartered in New York City, with offices, warehouses and retail showrooms in the US, UK and Canada, Peloton is changing the way people get fit. Peloton has been named to many prestigious industry lists, including Fast Company's Most Innovative Companies, CNBC's Disruptor 50, Crain's New York Business' Tech25 and Fast50, as well as TIME's Genius Companies. Visit to learn more about joining our team.

Job tags: Automation AWS Burp Suite C CloudFront Go Java JavaScript NIST PCI Penetration testing Python Security assessments Web application testing