Senior Digital Security Engineer

ABOUT THE ROLE

Peloton inspires and motivates millions of people every day. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do.

The Senior Cloud Security Engineer is instrumental in ensuring Peloton’s cloud services and systems are implemented and secured with industry best practices. The candidate will help define the cloud security program, security policy and standards and will coordinate with engineering and platform partners to ensure the security bar is upheld.

Reporting to the director of digital security, the candidate will work with multiple and diverse teams across Peloton including, but not limited to Product, Platform, and Ecommerce Engineering, Legal, Enterprise IT Operations and Security Response. They will coordinate the actions of each and ensure collectively we are working as “one Peloton” to protect our customers and the company.

The role plays a critical function in constantly evolving Peloton’s risk assessment and security review capabilities, ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services.

The ideal candidate is a proven engineer that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs.

YOUR DAILY IMPACT AT PELOTON

• Designing, implementing, and maintaining security initiatives to protect the organization's cloud-based infrastructure and data.
• Be able to analyze incident patterns and identify gaps in security on the cloud.
• Work closely with development teams and platform teams to drive initiatives to achieve security objectives
• Collaborate with the Security Automation and Tooling team to identify and implement security tooling to identify vulnerabilities and risks at scale.
• Function as a cloud security SME and provide remediation guidance to respective teams for security related issues.
• Develop and maintain security standards and best practice documentation to guide engineering partners to build secure systems.

YOU BRING TO PELOTON

• 4+ years experience with AWS cloud security and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, RDS, EKS, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs.
• 2+ years experience with understanding devsecops pipelines and fixing infrastructure security problems
• Experience with CSPM and infrastructure vulnerability management
• Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security.
• Experience working with devops/platform teams to drive engineering remediations to externally identified threats and vulnerabilities.
• Working knowledge of one or more general purpose programming/script languages, preferably Python
• Excellent relationship building skills across diverse cross-functional teams.
• Exceptional written/oral communication skills.
• Exceptional bias for action and ownership.

#LI-AC1

#LI-Remote