Senior Cloud Security Engineer

Peloton Interactive

New York City, NY
Permanent
Full-time

16 days ago

ABOUT THE ROLEPeloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers' trust and safeguarding their data is key to everything we do.The Senior Cloud Security Engineer is instrumental in ensuring Peloton applications, services and systems are implemented and secured with industry best practices. The candidate is an expert in the area of technical analysis and design. The candidate will help define the cloud security program, security policy and standards and will coordinate with engineering partners to ensure the security bar is upheld.Reporting to the director of digital security, the candidate will work with multiple and diverse teams across Peloton including, but not limited to Product, Platform, and Ecommerce Engineering, Legal, Enterprise IT Operations and Security Response. They will coordinate the actions of each and ensure collectively we are working as “one Peloton” to protect our customers and the company. The role plays a critical function in constantly evolving Peloton's risk assessment and security review capabilities, ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services.The ideal candidate is a proven cloud engineer that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs.YOUR DAILY IMPACT AT PELOTON

Work closely with product engineering/development teams as a security champion to drive security initiatives and be a point of contact for security concerns.
Collaborate with the Security Automation and Tooling team and cloud security team to identify and implement security tooling to identify vulnerabilities and risks at scale.
Proficiency with containerization and orchestration technologies such as Docker, Kubernetes or equivalent
Proficiency in CI/CD using Jenkins, GitHub Actions or similar systems
Experience integrating security practices into all stages of the software development lifecycle
Provide remediation guidance to respective development teams for security related issues.
Have a pulse on the business and intelligently prioritize security initiatives across products and new upcoming features
Develop and maintain security policies, standards and best practice documentation to guide engineering partners to build secure systems.

YOU BRING TO PELOTON

4+ years of hands-on experience in working with cloud/devops/security teams on design and implementation of best practices in cloud environments
1+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, encryption, container configuration, bastion host setup, etc.
Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell.
Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs.
Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security.
Technical depth to review infrastructure to identify risks. Capable of assessing underlying components, AWS cloud infrastructure configuration and security access controls.
Understanding of MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security.
Working knowledge of one or more general purpose programming/script languages, preferably Python
Excellent relationship building skills across diverse cross-functional teams.
Exceptional written/oral communication skills.
Exceptional bias for action and ownership.

#LI-AC1#LI-Hybrid

Peloton Interactive

Apply Now