Staff Software Engineer, Connected Device

About The Role

Peloton inspires and motivates millions of people everyday. A key part of delivering on that mission is not only an amazing experience that our instructors and platforms provide, but also the data, telemetry, and insights that empower our customers to be the best version of themselves anywhere, anytime. Earning and maintaining our customers’ trust and safeguarding their data is key to everything we do. The Staff Software Engineer, Connected Device Security is instrumental in ensuring Peloton applications, devices and systems are implemented and secured with industry best practices. The candidate is an expert in the area of technical analysis, design.  The candidate will help define the application security program, security policy and standards and will coordinate with engineering partners to ensure the security bar is upheld. The candidate will be instrumental in safeguarding the software and hardware that power our connected fitness devices, including the Bike, Tread, and future products. You'll dive deep into our embedded systems architecture, identify potential vulnerabilities, and build robust security guardrails to protect our Members' data and experience. 

The ideal candidate is a proven engineering leader that has both exemplary engineering and communication skills. They have extensive experience collaborating with internal engineering partners. They are a proven security technology and methodology expert that scales through enabling other engineering partners to make the right security design decisions and trade-offs. They will work at the intersection of data science, cybersecurity, and software engineering to build intelligent defenses for modern digital threats.

Your Daily Impact At Peloton

• Architectural Security Review: Perform in-depth security assessments and threat modeling of Peloton's hardware and software architecture, from the bootloader to the application layer.
• Developer Guidance: Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
• Develop Security Guardrails: Design, build, and implement security controls, services, and frameworks to proactively prevent security vulnerabilities in our embedded/Android-based environment.
• Tooling & Automation: Build and deploy automated security tooling within the CI/CD pipeline/QA pipeline to integrate security seamlessly into the development lifecycle.
• Code & System Hardening: Collaborate directly with engineering teams to review code, identify security flaws, and provide concrete guidance for remediation. You will be hands-on in developing secure coding practices and hardening our systems.

You Bring To Peloton

• Strong software development background with 7+ years experience writing code in languages like Java, Kotlin, Swift or Python. You must be comfortable reading and writing code to identify and fix vulnerabilities.
• Android SDK: Proficient with the Android Software Development Kit (SDK), which covers the full app lifecycle, integration of permissions, manifest configurations, inter-app communication, user authentication, secure storage, and app signing practices.
• Android NDK: Solid grasp of the Android Native Development Kit (NDK) for analyzing and securing native code (C/C++), understanding JNI interactions, memory management, and mitigating native code vulnerabilities present in custom system components or high-performance apps.
• AOSP (Android Open Source Project): Understanding of Android platform internals, custom ROM development, system-level modifications, access control architecture, permission models, and relevant security configuration across OS layers.
• App Security and Assessment: Experience with tools for static and dynamic analysis (e.g., MobSF, Frida, Burp Suite), decompiling and reverse engineering APKs and shared libraries, vulnerability discovery and remediation, and OWASP MASVS or Mobile Top 10 standards.
• Framework and Native Interaction: Knowledge of how Java/Kotlin app layers communicate with underlying native components, including security issues introduced by third-party SDKs, native libraries, and IPC mechanisms.
• Custom ROM Security Practices: Ability to identify and assess security misconfigurations unique to customized Android OS, differential analysis of ROM images, and review of device-, kernel-, and system-level security features.
• Secure Coding: Familiarity with cryptography, secure storage, authentication methods (OAuth, JWT, biometrics), certificate pinning, and networking security (TLS/SSL), avoiding risky APIs, and enforcing proper app sandboxing.
• Familiarity with AWS cloud environments.
• Experience in a security engineering role is a nice to have, but not required 
• Excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
• The ability to drive clear next steps when encountering ambiguous spaces without clear lines of ownership
• Exhibits a results-oriented mindset, consistently delivering measurable improvements to the security posture of applications and systems.
• Excellent relationship building skills across diverse cross-functional teams.
• Exceptional written/oral communication skills.
• Exceptional bias for action and ownership.

The base salary range represents the low and high end of the anticipated salary range for this position based at our Woodinville, WA headquarters. The actual base salary offered for this position will depend on numerous factors including, without limitation, experience and business objectives, and if the location for the job changes. Our base salary is just one component of Precor’s total rewards strategy that also includes region-specific health and welfare benefits.

As an organization, one of our top priorities is to maintain the health and well-being of our employees and their families. To achieve this goal, we offer robust and comprehensive benefits including:

• Medical, dental and vision insurance
• Generous paid time off policy
• Short-term and long-term disability
• Access to Employee Assistance Program; including access to mental health services
• 401(k) including employer match
• Pet insurance and so much more!

Base Salary Range$215,050—$264,150 USD

About Peloton:

Peloton (NASDAQ: PTON) provides Members with expert instruction, and world class content to create impactful and entertaining workout experiences for anyone, anywhere and at any stage in their fitness journey. At home, outdoors, traveling, or at the gym, Peloton brings together innovative hardware, distinctive software, and exclusive content. Founded in 2012 and headquartered in New York City, Peloton has millions of Members across the US, UK, Canada, Germany, Australia, and Austria. For more information, visit www.onepeloton.com.

Peloton is an equal opportunity employer and complies with all applicable federal, state, and local fair employment practices laws. Equal employment opportunity has been, and will continue to be, a fundamental principle at Peloton, where all team members, applicants, and other covered persons are considered on the basis of their personal capabilities and qualifications without discrimination because of race, color, religion, sex, age, national origin, disability, pregnancy, genetic information, military or veteran status, sexual orientation, gender identity or expression, marital and civil partnership/union status, alienage or citizenship status, creed, genetic predisposition or carrier status, unemployment status, familial status, domestic violence, sexual violence or stalking victim status, caregiver status, or any other protected characteristic as established by applicable law. This policy of equal employment opportunity applies to all practices and procedures relating to recruitment and hiring, compensation, benefits, termination, and all other terms and conditions of employment.  If you would like to request any accommodations from application through to interview, please email: applicantaccommodations@onepeloton.com.

At Peloton, we embrace technology, including AI, to enhance productivity and accelerate innovation in the work we do for our members. However, in our hiring process, our priority remains in getting to know you and your unique qualifications. To ensure a fair and equitable process, we do not permit the use of AI tools during any stage of the application and interview process. In considering you as an applicant, we want to understand your skills, experiences, and motivations without mediation through an AI system. We also want to directly assess your communication skills without the use of an AI tool. 

Qualified applicants with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act, the City of Los Angeles Fair Chance Initiative for Hiring Ordinance and the San Francisco Fair Chance Ordinance, as applicable to applicants applying for positions in these jurisdictions.

Please be aware that fictitious job openings, consulting engagements, solicitations, or employment offers may be circulated on the Internet in an attempt to obtain privileged information, or to induce you to pay a fee for services related to recruitment or training. Peloton does NOT charge any application, processing, or training fee at any stage of the recruitment or hiring process. All genuine job openings will be posted here on our careers page and all communications from the Peloton recruiting team and/or hiring managers will be from an @onepeloton.com email address. 

If you have any doubts about the authenticity of an email, letter or telephone communication purportedly from, for, or on behalf of Peloton, please email applicantaccommodations@onepeloton.com before taking any further action in relation to the correspondence.

Peloton does not accept unsolicited agency resumes. Agencies should not forward resumes to our jobs alias, Peloton employees or any other organization location. Peloton is not responsible for any agency fees related to unsolicited resumes.