Senior Application Security Engineer

PepsiCo

3.9

(195)

Plano, TX

Why you should apply for a job to PepsiCo:

  • Ranked as one of the Best Companies for Women in 2019
  • 4.2/5 in supportive management
  • 78% say women are treated fairly and equally to men
  • 78% would recommend this company to other women
  • 87% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Work that Works program offers balanced independence & support to create a flexible, adaptive and productive working environment
  • 6 weeks of paid Parental Leave to new moms and new dads after the birth or adoption of a child
  • Center-based and in-home, back-up childcare is available for up to 15 days per year per employee
  • #310982-en-us

    Position summary

    es. Ensure seamless integration and operation to enhance security posture. 2. Integrate and operate a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts. 3. Define and implement a strategy to ensure automated security tools are configured to operate in an optimal fashion. Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement. 4. Develop and maintain green field automation solutions and full stack applications to support and enhance application security. 5. Provide expert triage and remediation guidance for security vulnerabilities. Assist and mentor team members and other engineering teams in understanding and addressing security issues. 6. Foster a collaborative environment, promote knowledge sharing, and mentor junior engineers to build a strong, skilled security team. 7. Continuously research and raise novel concepts to improve the application security posture of the business. Stay updated with the latest security trends, tools, and practices. 8. Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications). 9. Contribute to defining the future state of cybersecurity within the organization by conducting technical assessments between current state and the desired state across security tools and services. 10. Develop program metrics, continuously measure progress and Impact and drive improvements. 11. Collaborate with the Senior leadership and cross-functional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, Platform team, and sector functions.

    Accountabilities:

    1. Implement and manage automated security tools within CI/CD pipelines. Ensure seamless integration and operation to enhance security posture.

    2. Integrate and operate a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts.

    3. Define and implement a strategy to ensure automated security tools are configured to operate in an optimal fashion. Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement.

    4. Develop and maintain green field automation solutions and full stack applications to support and enhance application security.

    5. Provide expert triage and remediation guidance for security vulnerabilities. Assist and mentor team members and other engineering teams in understanding and addressing security issues.

    6. Foster a collaborative environment, promote knowledge sharing, and mentor junior engineers to build a strong, skilled security team.

    7. Continuously research and raise novel concepts to improve the application security posture of the business. Stay updated with the latest security trends, tools, and practices.

    8. Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications).

    9. Contribute to defining the future state of cybersecurity within the organization by conducting technical assessments between current state and the desired state across security tools and services.

    10. Develop program metrics, continuously measure progress and Impact and drive improvements.

    11. Collaborate with the Senior leadership and cross-functional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, Platform team, and sector functions.

    12. Execute projects, objectives, and deliverables in alignment with the team's vision, mission, and goals.

    13. Create and deliver training sessions; mentor junior team members; and engage in knowledge transfer sessions, technical design reviews, security reviews, and business review meetings.

    Compensation & Benefits:

    • The expected compensation range for this position is between $85,200 - $142,650 based on a full-time schedule

    • Location, confirmed job-related skills and experience will be considered in setting actual starting salary

    • Bonus based on performance and eligibility; target payout is 10% of annual salary paid out annually

    • Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement

    • In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan

    Qualifications

    Years of experience

    • Master's degree in computer science, Engineering, or a related field, or a Bachelor's degree with a minimum of 4 years of relevant experience

    Mandatory Technical Skills

    • Proficient in at least one programming language (Java, C#, Go) and scripting language (Python, bash, PowerShell).

    • Proficient in at least one database management system and query language (MSSQL, PostgreSQL, etc.)

    • Proficient in developing full-stack applications and rapidly prototyping solutions to support automated data collection, aggregation, and analysis.

    • Proficient in integrating and managing automated security tools within CI/CD pipelines.

    • Proficient in application security vulnerabilities and remediation techniques (e.g., OWASP Top Ten).

    • Proficient in developing and monitoring metrics and KPIs.

    • Experience with application security testing tools (Synopsys, OpenText Fortify, Invicti, Snyk, Semgrep, etc.)

    • Experience with modern CI/CD tools and practices, and their integration into the development lifecycle (Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku, etc.)

    • Experience with public cloud services (Azure, AWS, Alibaba).

    • Experience with Centralized Findings Management Systems (e.g., ServiceNow VR/AVR, PlexTrac, DefectDojo, ThreatFix).

    • Experience with implementing and managing Web Application Firewalls (Fortinet FortiWeb, Imperva Cloud WAF, Cloudflare WAF, Akamai Kona, MS Azure WAF, AWS WAF, etc.) is a plus.

    • Experience with CMS application security (Wordpress, Drupal, Joomla, Elementor, OpenText TeamSite, Concrete CMS, etc.) is a plus.

    • Experience with generative AI technologies is a plus.

    Non-technical Skills

    • Strong communication skills, both verbal and written.

    • High level of integrity and ethical standards.

    • Ability to lead and mentor junior engineers.

    • Excellent problem-solving, analytical, and critical thinking skills.

    • Demonstrated ability to autonomously make high-judgment decisions and take calculated risks.

    • A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.

    • Ability to establish trust relationships and influence others to positively impact the security posture and the business.

    • Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity.

    • Must be able to operate extremely well under pressure.

    Differentiating Behaviors

    • Demonstrated ability to innovate and drive continuous improvement.

    • Strong mentorship and coaching capabilities.

    • Ability to handle high-pressure situations with a calm and methodical approach.

    • Ability to lead globally dispersed teams to achieve a unified outcome.

    • Experience driving large-scale risk reduction initiatives across Fortune 500 organizations.

    • Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution.

    • Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus.

    EEO Statement

    All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

    PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

    If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy.

    Please view our Pay Transparency Statement

    Why you should apply for a job to PepsiCo:

  • Ranked as one of the Best Companies for Women in 2019
  • 4.2/5 in supportive management
  • 78% say women are treated fairly and equally to men
  • 78% would recommend this company to other women
  • 87% say the CEO supports gender diversity
  • Ratings are based on anonymous reviews by Fairygodboss members.
  • Work that Works program offers balanced independence & support to create a flexible, adaptive and productive working environment
  • 6 weeks of paid Parental Leave to new moms and new dads after the birth or adoption of a child
  • Center-based and in-home, back-up childcare is available for up to 15 days per year per employee