SECURITY SOFTWARE ENGINEER

Overview Are you ready to shape the future of secure applications at PepsiCo? PepsiCo’s Global Application Security Program is at the forefront of integrating automated security testing into our CI/CD pipelines and ensuring continuous monitoring to identify and manage security risks.
As an Application Security Engineer, you will be responsible for driving the integration of these automated security tools into our pipelines while developing scalable full-stack solutions, middleware, and automation systems.
You’ll play a critical role in executing strategic application security objectives, offering expert guidance on vulnerability triage and remediation, and fostering a culture of proactive security across the organization.
Our mission is to make security risks visible and actionable, ensuring vulnerabilities are addressed promptly and effectively.
Responsibilities Your day-to-day with us.
Implementing and managing automated security tools within CI/CD pipelines, ensuring seamless integration and enhanced security posture.
Integrating and operating a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts.
Defining and implementing strategies to configure automated security tools for optimal performance.
You’ll also establish and monitor KPIs to measure effectiveness and drive continuous improvement.
Developing and maintaining greenfield automation solutions and full-stack applications to support and enhance application security.
Tuning rule sets and detections for automated security tools to improve detection capabilities and reduce false positives.
Providing expert guidance in triaging and remediating security vulnerabilities, and mentoring team members and engineering teams in understanding and addressing security issues.
Fostering a collaborative environment that promotes knowledge sharing, and mentoring junior engineers to build a skilled security team.
Continuously researching and presenting new concepts to improve the business's application security posture, staying up to date with the latest security trends and practices.
Developing technical documentation such as system designs, architecture diagrams, data flows, and functional specifications.
Contributing to the future state of cybersecurity by conducting technical assessments between the current and desired states across security tools and services.
Developing program metrics to continuously measure progress and impact, and driving improvements.
Collaborating with senior leadership and cross-functional teams, including DevOps, development teams, security operations, data & analytics, enterprise architecture, platform teams, and sector functions.
Executing projects, objectives, and deliverables in alignment with the team's vision, mission, and goals.
Engaging in knowledge transfer sessions, technical design reviews, security reviews, and business review meetings.
Qualifications What you will need to suceed.
Technical Skills.
Deeply experienced in at least one programming language (Java, C#, Go) and scripting language (Python, Bash, PowerShell).
Highly skilled in at least one database management system and query language (e.
., MSSQL, PostgreSQL).
Strong experience in developing full-stack applications and rapid prototyping to support automated data collection, aggregation, and analysis.
Skilled in integrating and managing automated security tools within CI/CD pipelines.
Expertise in application security vulnerabilities and remediation techniques (e.
., OWASP Top Ten).
Experience with application security testing tools (e.
., Synopsys, OpenText Fortify, Snyk, Semgrep).
Familiarity with modern CI/CD tools and practices (e.
., Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku).
Experience with public cloud services (e.
., Azure, AWS, Alibaba).
Nice-to-Have.
Experience writing custom vulnerability detection patterns/rules.
Experience implementing and managing Web Application Firewalls (e.
., Fortinet, Imperva, Cloudflare, Akamai, Azure WAF, AWS WAF).
Experience with CMS security (e.
., WordPress, Drupal, Joomla, OpenText TeamSite, Concrete CMS).
Familiarity with generative AI technologies.
Information Security certifications (e.
., CISSP, OSCP, GPEN, GWAPT, GXPN, GSE).
Experience with Centralized Findings Management Systems (e.
., Azure DevOps, Jira, ServiceNow VR/AVR, PlexTrac, DefectDojo, ThreatFix).
Proficient in developing and monitoring metrics and KPIs to measure security effectiveness.
Soft Skills.
Demonstrated ability to innovate and drive continuous improvement.
Ability to handle high-pressure situations with a calm and methodical approach.
Strong organizational skills, with the ability to prioritize tasks and manage time effectively.
Experience collaborating with globally dispersed teams to achieve unified outcomes.
Strong decision-making skills, with the ability to weigh costs/benefits/trade-offs and find optimal resolutions.
We Are PepsiCo Join PepsiCo and Dare for Better! We are the perfect place for curious people, thinkers and change agents.
From leadership to front lines, we're excited about the future and working together to make the world a better place.
Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries.
Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years.
A career at PepsiCo means working in a culture where all people are welcome.
Here, you can dare to be you.
No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world.
What can you expect from us.
Opportunities to learn and develop every day through a wide range of programs.
Internal digital platforms that promote self-learning.
Development programs according to Leadership skills.
Specialized training according to the role.
Learning experiences with internal and external providers.
We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others.
Financial wellness programs that will help you reach your goals in all stages of life.
A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle.
And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others.
We are an equal opportunity employer and value diversity at our company.
We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
We respect and value diversity as a work force and innovation for the organization.