Sr Application Security Engineer
PelotonAccess high-energy workouts, instantly. Discover Peloton: streaming fitness classes to you live and on-demand.
ABOUT THE ROLE
Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do.
The Senior Application Security Engineer is instrumental in ensuring Peloton applications, services and systems are implemented and secured with industry best practices. The candidate is a technical expert in the area of technical analysis, design and penetration testing. The candidate will help define the application security program, security policy and standards and will coordinate with engineering partners to ensure the security bar is upheld.
Reporting directly to the Director of Security Engineering, the candidate will work with multiple and diverse teams across Peloton including, but not limited to Product, Platform, and Ecommerce Engineering, Legal, Enterprise IT Operations and Security Response. They will coordinate the actions of each and ensure collectively we are working as “one Peloton” to protect our customers and the company.
The role plays a critical function in constantly evolving Peloton’s security penetration testing and security review capabilities, ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services.
The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs.
YOUR DAILY IMPACT AT PELOTON
- Work with product, platform and security engineering leadership to interactively improve Peloton’s Security Development Lifecycle investments.
- Develop and maintain security policies, standards and best practice documentation to guide engineering partners to build secure systems.
- Perform penetration testing and code reviews of web and mobile applications.
- Evaluate and respond to submissions to the Peloton Coordinated Vulnerability Disclosure (CVD) program.
- Participate in design reviews and threat modeling of web and mobile applications.
- Provide remediation guidance to respective development teams for security related issues.
- Participate in the development and delivery of security training and outreach across Peloton engineering teams
- Partner with the Security Automation and Tooling team to identify and implement security tooling to identify security vulnerabilities and risks at scale.
YOU BRING TO PELOTON
- 5+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
- 3+ years of experience working with product security teams to drive engineering remediations to externally identified threats and vulnerabilities.
- 3+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
- Understanding of diverse regulatory standards such as PCI DSS requirements and SOX regulations.
- Experience with performing risk assessments to evaluate system risk and make appropriate recommendations on risk control.
Technical knowledge on operating system security leveraging configuration standards such as CIS, NIST, and DISA.
- Full-stack knowledge of IT infrastructure, including but not limited to: AWS cloud services, IP networks, applications, databases, operating systems.
- Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs.
- Knowledge and Hands on Skills with Docker, ECS, Kubernetes, and Container Security.
- Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
- Extensive experience with embedded software development and architectures, security protocols, applied cryptography and security standards
- Deep understanding of the TCP/IP protocol stack and major protocols.
- Excellent relationship building skills across diverse cross-functional teams.
- Exceptional written/oral communication skills.
- Exceptional bias for action and ownership.
- Humble, hardworking and forward-thinking
Base Salary: $172,100.00 to $200,400.00
This range represents the low and high end of the anticipated base salary range for this NY - based position.
The actual base salary will depend on numerous factors such as: experience, knowledge and skills, and if the location of the job changes. Our base salary is just one component of Peloton’s competitive total rewards strategy that also includes annual equity awards and an Employee Stock Purchase Plan as well as other region-specific health and welfare benefits.
As an organization, one of our top priorities is to maintain the health and wellbeing for our employees and their family. To achieve this goal, we offer robust and comprehensive benefits including:
- Medical, dental and vision insurance
- Generous paid time off policy
- Short-term and long-term disability
- Access to mental health services
- 401k, tuition reimbursement and student loan paydown plans
- Employee Stock Purchase Plan
- Fertility and adoption support and up to 18 weeks of paid parental leave
- Child care and family care discounts
- Free access to Peloton Digital App and apparel and product discounts
- Commuter benefits and Citi Bike Discount
- Pet insurance and so much more!
Peloton is the leading interactive fitness platform globally, with a passionate community of nearly 7 million Members in the US, UK, Canada, Germany, and Australia. Peloton makes fitness entertaining, approachable, effective, and convenient, while fostering social connections that motivate its Members to commit to their fitness journeys. An innovator at the nexus of fitness, technology, and media, Peloton reinvented the fitness industry by developing a first-of-its-kind subscription platform that seamlessly combines the best equipment, proprietary networked software, world-class streaming digital fitness and wellness content, and best-in-class fitness experts and Instructors..
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: email@example.com
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email firstname.lastname@example.org before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.
More jobs like this
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs