Security Incident Response Analyst

Peloton continues to grow and deliver the connected fitness platform of the future to help our members be the best version of themselves. As a technology-enabled business, our approach to security operations must evolve and grow alongside our services and members.  We are looking for a Security Incident Response Analyst with a diverse set of skills that can thrive in a challenging, fast-paced, and rewarding environment. We do not have a traditional SOC tier structure, so you can expect to go from tier 1 to tier 3 in the space of an hour, while helping us improve our detections, build automations, and research & help define the solutions roadmap to achieve scale. The right candidate should have a strong focus on results, be self-driven, and be excited by working on a diverse set of problems, alerts, and incidents.  This position is available for remote work in most US states.   

Job Responsibilities: 

• Directly support Peloton’s Security Program while conducting in-depth strategic analysis of intelligence data from various sources.
• Provide triage support for incident response and investigation efforts alongside Peloton’s Enterprise Technology team and other internal teams.
• Work with Security Engineering and the Security Operations Center to baseline user behaviors and events as well as build out new detections and response workflows.
• Recommend and build countermeasures based on threat analysis, intelligence, and forecasting.
• Collect and analyze logging capabilities of internal services, SaaS systems,  determine gaps in audit trails, and work with internal engineering teams/SaaS providers in improving log data.
• Develop, implement, and maintain security incident playbooks and runbooks.
• Prepare and present analysis with findings and recommendations in the form of briefings, reports, and dashboards to managers, various team leads and senior leadership as required.

Requirements:

• Minimum 3 years in Information Security
• Experience in incident response required; we value in-depth knowledge of forensics, cloud environments (AWS, GCP, Azure), SaaS platforms, or IAM)
• Strong knowledge of Information Security design, principles, and processes
• Experience with Splunk, reports and data correlation; Bonus for in-depth knowledge of Splunk’s underpinnings
• Excellent written and verbal communication skills
• Excellent analytical and problem solving skills
• A learning mindset and excitement for learning new technologies or security areas
• Bonus points for:
• Previous experience in cloud-native or tech environments
• Network or MacOS forensics/analysis 
• Experience with Insider Threat tooling (UEBA, DLP, Canary tokens, deception technology)

• Experience with OSINT, as well as Threat Intelligence services for investigations
• Security certifications such as GCIH, GCIA, GPEN, etc. 

ABOUT PELOTON:

Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.

“Together We Go Far” means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. In order to be the best version of Peloton, we are deeply committed to building a diverse workforce and inclusive culture where all of our team members can be the best version of themselves. This work has no endpoint; it is the constant work of running an organization that strives to reach its full potential. As a first step in our commitment, we announced the Peloton Pledge to invest $100 million over the next four years to fight racial injustice and inequity in our world, and to promote health and wellbeing for all, from the inside out.

Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email:  applicantaccommodations@onepeloton.com

 

Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address. 

If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email applicantaccommodations@onepeloton.com before taking any further action in relation to the correspondence.

 

Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.