Senior Cloud Security Engineer
Peloton Interactive
- New York City, NY
- Permanent
- Full-time
- Work closely with product engineering/development teams as a security champion to drive security initiatives and be a point of contact for security concerns.
- Collaborate with the Security Automation and Tooling team and cloud security team to identify and implement security tooling to identify vulnerabilities and risks at scale.
- Proficiency with containerization and orchestration technologies such as Docker, Kubernetes or equivalent
- Proficiency in CI/CD using Jenkins, GitHub Actions or similar systems
- Experience integrating security practices into all stages of the software development lifecycle
- Provide remediation guidance to respective development teams for security related issues.
- Have a pulse on the business and intelligently prioritize security initiatives across products and new upcoming features
- Develop and maintain security policies, standards and best practice documentation to guide engineering partners to build secure systems.
- 4+ years of hands-on experience in working with cloud/devops/security teams on design and implementation of best practices in cloud environments
- 1+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, encryption, container configuration, bastion host setup, etc.
- Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell.
- Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs.
- Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security.
- Technical depth to review infrastructure to identify risks. Capable of assessing underlying components, AWS cloud infrastructure configuration and security access controls.
- Understanding of MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
- Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security.
- Working knowledge of one or more general purpose programming/script languages, preferably Python
- Excellent relationship building skills across diverse cross-functional teams.
- Exceptional written/oral communication skills.
- Exceptional bias for action and ownership.