Senior Security Automation Engineer

ABOUT THE ROLE

Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do. 

The Senior Security Automation Engineer is instrumental in building a frictionless and integrated developer experience with cutting edge security tools that results in the right security engineering choices being the most easy ones. The candidate will help to define architecture and overall security tooling posture and portfolio for Peloton. 

Reporting directly to the Director of Security Engineering, the candidate will drive the selection, development, and implementation of security tooling and services at Peloton that inform Peloton risk owners and enable them to remediate at scale. 

The Senior Security Automation Engineer will work with external technology providers and security vendors.  They will evaluate and assess the applicability of various solutions to determine their capability to mitigate potential security risks. They will work closely with partner teams to integrate solutions, build custom tooling, and champion wide adoption.

The role plays a critical function in constantly evolving Peloton’s security automation capabilities and ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services. 

The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners to identify security requirements, opportunities for improvements, and developing custom tooling for reducing risk. They are a proven security technology and methodology expert with experience developing automation within large-scale cloud hybrid environments.

YOUR DAILY IMPACT AT PELOTON

• Integrate security tooling and security automation solutions into Peloton’s build pipelines to proactively identify and remediate high impact security vulnerabilities and defects.
• Work with platform and security engineering leadership to interactively improve Peloton’s Security Development Lifecycle investments. Identify opportunities and engage targeted application of security tools at each phase to eradicate prevalent and targeted classes of security defects.
• Design, engineer, deploy, and maintain custom automation products and tools
• Optimize automation solutions for scalability, efficiency, and cost effectiveness
• Identify/Gather metrics data and develop detection and alerting capabilities based on known attacker tactics and techniques.

YOU BRING TO PELOTON

• 10+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code.
• 7+ years of experience in an SRE, automation, software development, and/or engineering role with a focus on security.
• 5+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
• Extensive experience and strong understanding with securing diverse environments over multiple cloud, on-prem, and mobile environments. To include, but not limited to AWS, GCP, Azure, Android, IOS, etc.
• Deep understanding of securing large scale AWS environments leveraging services including but not limited to Organizations, Security Hub/Guard Duty, Config, IAM, Inspector, SCPs, and Macie.
• Knowledge and Hands on Skills with Docker, ECS, Kubernetes, and Container Security at scale.
• Extensive understanding MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Solid understanding of information security issues, automation/software engineering technologies, cloud architecture, and threat landscape concepts
• Deep understanding of one or more general purpose programming/scripting languages including but not limited to:  Python, JavaScript, PowerShell, Bash.
• Excellent relationship building skills across diverse cross-functional teams.
• Exceptional written/oral communication skills.
• Exceptional bias for action and ownership.
• Humble, hardworking, forward-thinking and embodies a “hands on” leadership mindset.
• Key stakeholder in defining and refining the remediation workflows to ensure that issues are addressed in a timely manner.

#LI-Remote #LI-CM1