Staff Software Engineer, Connected Device

About The Position

Requirements

• Strong software development background with 7+ years experience writing code in languages like Java, Kotlin, Swift or Python.
• Proficient with the Android Software Development Kit (SDK), covering the full app lifecycle, integration of permissions, manifest configurations, inter-app communication, user authentication, secure storage, and app signing practices.
• Solid grasp of the Android Native Development Kit (NDK) for analyzing and securing native code (C/C++), understanding JNI interactions, memory management, and mitigating native code vulnerabilities.
• Understanding of Android platform internals, custom ROM development, system-level modifications, access control architecture, permission models, and relevant security configuration across OS layers.
• Experience with tools for static and dynamic analysis (e.g., MobSF, Frida, Burp Suite), decompiling and reverse engineering APKs and shared libraries, vulnerability discovery and remediation.
• Knowledge of how Java/Kotlin app layers communicate with underlying native components, including security issues introduced by third-party SDKs, native libraries, and IPC mechanisms.
• Ability to identify and assess security misconfigurations unique to customized Android OS, differential analysis of ROM images, and review of device-, kernel-, and system-level security features.
• Familiarity with cryptography, secure storage, authentication methods (OAuth, JWT, biometrics), certificate pinning, and networking security (TLS/SSL).
• Familiarity with AWS cloud environments.
• Excellent problem-solving skills, with the ability to work independently and handle multiple tasks.
• Exhibits a results-oriented mindset, consistently delivering measurable improvements to the security posture of applications and systems.
• Excellent relationship building skills across diverse cross-functional teams.
• Exceptional written/oral communication skills.
• Exceptional bias for action and ownership.

Nice To Haves

• Experience in a security engineering role.

Responsibilities

• Perform in-depth security assessments and threat modeling of Peloton's hardware and software architecture, from the bootloader to the application layer.
• Provide guidance and education to engineering and product teams on available security controls and their appropriate use to help prevent vulnerabilities.
• Design, build, and implement security controls, services, and frameworks to proactively prevent security vulnerabilities in our embedded/Android-based environment.
• Build and deploy automated security tooling within the CI/CD pipeline/QA pipeline to integrate security seamlessly into the development lifecycle.
• Collaborate directly with engineering teams to review code, identify security flaws, and provide concrete guidance for remediation.

Benefits

• Medical, dental and vision insurance
• Generous paid time off policy
• Short-term and long-term disability
• Access to Employee Assistance Program; including access to mental health services
• 401(k) including employer match
• Pet insurance