Staff Application Security Engineer

ABOUT THE ROLE
The Staff Application Security Engineer is instrumental in ensuring Peloton applications, services and systems are implemented and secured with industry standard processes. This Engineer is an expert in the area of technical analysis, design and penetration testing. You will help define the application security program, security policy and standards and will coordinate with engineering partners to ensure the security bar is upheld. Reporting directly to the CISO, the candidate will work with multiple and teams with varied strengths across Peloton including, but not limited to Product, Platform, and Ecommerce Engineering, Legal, Enterprise IT Operations and Security Response. They will coordinate the actions of each and ensure collectively we are working as "one Peloton" to protect our members and the team. The role plays a critical function in constantly evolving Peloton’s security penetration testing and security review capabilities, ensuring the underlying data related to security defects is used to constantly improve the security of Pelotons products and services. The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs.

YOUR DAILY IMPACT AT PELOTON
● Security Design Reviews/threat models: Ensure security guarantees are integrated into products by conducting thorough reviews of design and implementations.
● Developer Guidance: Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
● Collaboration with Engineering Teams: Partner closely with product and engineering teams to design solutions that are secure by default.

● Expertise in Web and Mobile Security: Serve as a trusted advisor, offering web and mobile security expertise to enable engineering and product teams to make informed decisions.
● Automated Analysis and Secure Frameworks: Scale security efforts by integrating automation for the identification, prioritization, and remediation of vulnerabilities. Empower engineering teams through automation, security guidance, tooling, patterns, and training to scale security practices across the organization. Partner with cloud security and incident response teams to identify and implement security tooling to detect security vulnerabilities and risks at scale.

YOU BRING TO PELOTON
● 4+ years of application security experience
● 2+ years experience with applications development on AWS cloud
● 3+ years experience with software development preferred but not required
● Working knowledge of one or more general purpose programming/script languages, preferably Python
● Contributions to the security community (public research, blogging, presentations, bug bounty, etc.) would be a plus
● Has a strong understanding of cybersecurity threats, vulnerabilities, and mitigations.
● Has experience in security automation, DevSecOps, SRE, or a similar role.
● Has excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
● Experience writing software that enables security processes
● Breadth of applied knowledge across application and infrastructure security
● Drive high impact, cross-team security initiatives
● The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
● An ability to think creatively and holistically about reducing risk in a complex environment
● Exhibits a results-oriented mindset, consistently delivering measurable improvements to
the security posture of applications and systems.
● Excellent relationship building skills across diverse cross-functional teams.
● Exceptional written/oral communication skills.
● Exceptional bias for action and ownership.