Sr Enterprise Security Engineer

ABOUT THE ROLE

Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do. 

The Senior Enterprise Security Engineer will work across Peloton, collaborating with the Information Security leadership team, Enterprise IT and Global Infrastructure partners to evolve and manage Peloton’s endpoint and infrastructure security programs. This engineering role will evaluate solutions, deploy, streamline operations, and ensure that Peloton has an effective way to gain visibility into potential attacker behavior while also ensuring our endpoints are resilient against attacks.

This position involves understanding and working with a broad spectrum of security principles, architectures, and technologies. It is imperative the candidate not only have the technical prerequisites, but also has the ability to operate at a strategic level. The right candidate should be high energy, with a focus on results, as well as self motivated.

This position will report directly to the Director of Security Engineering. 

The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering and infrastructure partners to document security requirements, identify opportunities for improvements, and manage endpoint security solutions.  They are a proven security technology and methodology expert with experience securing endpoints in large-scale cloud hybrid environments.

YOUR DAILY IMPACT AT PELOTON

• Drive endpoint security across Peloton ensuring that Enterprise and Platform infrastructure is secure, protecting our employees and customers.
• Define and carry out an endpoint security approach that establishes standards for secure configs across a wide range device types and ensure they are deployed comprehensively across Peloton endpoints and infrastructure.
• Develop ways to measure aspects of the Enterprise Security organization, ensuring that programs and initiatives are driven on metrics.
• Maintain a strong understanding of secure configuration and endpoint security technology and related security requirements to adjust to changing internal and external drivers.

YOU BRING TO PELOTON

• 5+ years of proven, hands-on experience as a Security Engineer, working with engineering partners to secure endpoints and enterprise infrastructure.
• 5+ years of experience in an SRE, automation, software development, and/or engineering role with a focus on security.
• 5+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
• Hands-on experience configuring, deploying and managing security systems in the cloud, including, but not limited to: web application firewalls, intrusion detection systems, EDR, SIEM and log management, secrets management, and vulnerability assessment technologies.
• Working experience with security vendor API integrations 
• Extensive experience and strong understanding with securing diverse environments over multiple cloud, on-prem, and mobile environments. To include, but not limited to AWS, GCP, Azure, Android, IOS, etc.
• Deep understanding of securing large scale AWS environments leveraging services including but not limited to Organizations, Security Hub/Guard Duty, Config, IAM, Inspector, SCPs, and Macie.
• Knowledge and Hands on Skills with Docker, ECS, Kubernetes, and Container Security at scale.
• Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Technical knowledge on operating system security leveraging configuration standards such as CIS, NIST, and DISA.
• Solid understanding of information security issues, automation/software engineering technologies, cloud architecture, and threat landscape concepts
• Deep understanding of one or more general purpose programming/scripting languages including but not limited to:  Python, JavaScript, PowerShell, Bash.
• Excellent relationship building skills across diverse cross-functional teams.
• Exceptional written/oral communication skills.
• Exceptional bias for action and ownership.
• Humble, hardworking, forward-thinking mindset.

Base Salary: $172,100.00  to $200,400.00

This range represents the low and high end of the anticipated base salary range for this NY - based position. 

The actual base salary will depend on numerous factors such as: experience, knowledge and skills, and if the location of the job changes. Our base salary is just one component of Peloton’s competitive total rewards strategy that also includes annual equity awards and an Employee Stock Purchase Plan as well as other region-specific health and welfare benefits.

As an organization, one of our top priorities is to maintain the health and wellbeing for our employees and their family. To achieve this goal, we offer robust and comprehensive benefits including:

• Medical, dental and vision insurance 
• Generous paid time off policy
• Short-term and long-term disability
• Access to mental health services
• 401k, tuition reimbursement and student loan paydown plans
• Employee Stock Purchase Plan
• Fertility and adoption support and up to 18 weeks of paid parental leave 
• Child care and family care discounts
• Free access to Peloton Digital App and apparel and product discounts
• Commuter benefits and Citi Bike Discount
• Pet insurance and so much more!

#LI-SW1 #LI-Remote

ABOUT PELOTON:

Peloton is the leading interactive fitness platform globally, with a passionate community of nearly 7 million Members in the US, UK, Canada, Germany, and Australia. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that motivate its Members to commit to their fitness journeys. An innovator at the nexus of fitness, technology, and media, Peloton reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, world-class streaming digital fitness and wellness content, and best-in-class fitness experts and Instructors..

Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: applicantaccommodations@onepeloton.com

Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address. 

If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email applicantaccommodations@onepeloton.com before taking any further action in relation to the correspondence.

Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.