Director of Security Automation & Tooling
THE ROLE
Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do.
The Director of Security Automation & Tooling is responsible for the selection, development, and implementation of tools and services inside of Peloton that identify security risks and enable Peloton’s risk owners to remediate them at scale. They help ensure a frictionless and integrated developer experience with cutting edge security tools that result in the right security engineering choices being the most easy ones. The candidate will drive the architecture and overall security tooling posture and portfolio for Peloton.
Reporting directly to the Vice President of Global Information Security, the candidate will work with multiple and diverse teams across Peloton including, but not limited to Product and Platform Engineering, Enterprise Information Technology, and Information Security risk owners across the company. They will work closely with partners to deeply understand their respective security automation and tooling needs and delight them with intuitive and scalable security automation solutions that exceed their expectations.
The Director of Security Automation & Tooling will work with internal customers and external security vendors to arrive at informed build vs. buy decisions and ultimately is responsible for the company’s security automation and tooling strategy. They will partner closely to augment our Security Operations Center and Security Response Team’s capabilities to detect and alert on emergent security threats.
The role plays a critical function in constantly evolving Peloton’s security automation capabilities and ensuring the underlying data related to security defects are used to constantly improve the security of Pelotons products and services.
The ideal candidate is a proven leader that has led diverse software development and security engineering organizations to build enterprise wide security automation. They have extensive experience working with internal and external infrastructure providers, the internal developer community, and security engineering teams. They are a proven people leader and have repeatedly demonstrated the ability to scale security tool development through the efforts of others.
RESPONSIBILITIES
- Ensure security tooling and security automation solutions are successfully integrated in Peloton’s CI/CD pipelines to proactively identify and remediate high impact security vulnerabilities and defects.
- Oversee the development and implementation of Information Security’s foundational infrastructure to facilitate the effective tracking and remediation of identified security vulnerabilities.
- Continually identify opportunities for security automation to lower the transactional cost of security operations, defect discovery, and remediation.
- Support Secure Development Lifecycle efforts though the targeted application of security tools at each phase to eradicate prevalent classes of security defects.
- Mature and oversee the development of detection and alerting capabilities based on known attacker tactics and techniques.
- Serve as the architect and subject matter expert for Information Security’s data, metrics, and telemetry infrastructure.
- Identify strategic automation investments and initiatives that blunt the actions of internal and external threat actors and disrupt the cyber kill-chain.
QUALIFICATIONS
- 10+ years of work experience building and leading security automation and security tools development teams.
- 10+ years of experience working with product security teams to drive engineering remediations to externally identified threats and vulnerabilities.
- 10+ years of hands-on experience with security threat classification models and methodologies.
- 10+ years of experience building security reporting and visualization tools and infrastructure.
- 5+ years experience building and implementing static and dynamic security automation.
- Excellent communication and data presentation skills that allow you to clearly, compellingly, and effectively influence audiences internally and externally, across organization boundaries.
- Deep technical knowledge of software development, large-scale data technologies, distributed computing, and AWS / Azure products and infrastructure.
- Humble, hardworking, forward-thinking and embodies a “hands on” leadership mindset.
- Excellent relationship building skills across diverse cross-functional teams.
- Exceptional written/oral communication skills.
- Extensive experience in building high performing and diverse cross functional teams.
- Exceptional bias for action and ownership.
ABOUT PELOTON:
Peloton uses technology + design to connect the world through fitness, empowering people to be the best version of themselves anywhere, anytime. We have reinvented the fitness industry by developing a first-of-its-kind subscription platform. Seamlessly combining hardware, software, and streaming technology, we create digital fitness and wellness content and products that Members love. In 2020 Peloton committed to becoming an antiracist organization with the launch of the Peloton Pledge. Learn more, here.
“Together We Go Far” means that we are greater than the sum of our parts, stronger collectively when each one of us is at our best. In order to be the best version of Peloton, we are deeply committed to building a diverse workforce and inclusive culture where all of our team members can be the best version of themselves. This work has no endpoint; it is the constant work of running an organization that strives to reach its full potential. As a first step in our commitment, we announced the Peloton Pledge to invest $100 million over the next four years to fight racial injustice and inequity in our world, and to promote health and wellbeing for all, from the inside out.
Peloton is an equal opportunity employer and committed to creating an inclusive environment for all of our applicants. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. If you would like to request any accommodations from application through to interview, please email: [email protected]
Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address.
If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email [email protected] before taking any further action in relation to the correspondence.
Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.