The security team at Peloton has oversight into the security practices of the entire organization, instantiating security policies & best practices, as well as automation of these policies/practices where possible. We are looking for an Application Security Engineer to join our growing team to work across the company. As an Application Security Engineer, you would ensure the security of Peloton's products & services.
- Integrate security into the CI/CD pipeline
- Perform penetration testing & code reviews of web & mobile applications
- Perform design reviews & threat modeling of web & mobile applications
- Provide remediation guidance to respective development teams
- Create & maintain application security best practices
- Work with engineering teams in the design phase of new products & features
- Institute Security training & outreach to Peloton engineering teams
- Develop & automate security tools & process
- You have 4+ years of experience working on a security team performing technical security assessments on modern web applications, APIs, & mobile applications within cloud hosted environments such as AWS & GCP
- Experience building security into the SDLC.
- Experience with CICD platforms: Jenkins, CircleCI, etc.
- Experience developing with common scripting languages Python, BASH, etc.
- Familiarity with common web application testing tools for DAST, SAST, & IAST analysis such as Burp Suite, Snyk, Checkmarx, & NetSparker
- Knowledge of software security testing procedures across multiple platforms & Operating Systems
- Understanding of Agile software development methods & familiarity with enterprise productivity tools such as JIRA, Confluence
- Experience instituting organizational change with respect to security
- Effective spoken & written communicator to multiple audiences
Bonus points for:
- Experience with securing mobile platforms, iOS, Android, & associated frameworks
- Experience with hacking IoT devices
- Experience & familiarity with NIST, PCI, et. al. frameworks.
- Experience with bug bounty programs
- Experience with CDNs such as Fastly, Cloudflare, Cloudfront, Akamai
Founded in 2012, Peloton is a global interactive fitness platform that brings the energy & benefits of studio-style workouts to the convenience & comfort of home. We use technology & design to bring our Members immersive content through the Peloton Bike, the Peloton Tread, & Peloton Digital, which provide comprehensive, socially-connected fitness offerings anytime, anywhere. We believe in taking risks & challenging the status quo by continuously innovating & improving. Our team is made up of passionate brand ambassadors, & we know that together, we go far.
Headquartered in New York City, with offices, warehouses & retail showrooms in the US, UK & Canada, Peloton is changing the way people get fit. Peloton has been named to many prestigious industry lists, including Fast Company's Most Innovative Companies, CNBC's Disruptor 50, Crain's New York Business' Tech25 & Fast50, as well as TIME's Genius Companies. Visit www.onepeloton.com/careers to learn more about joining our team.