Info Security Specialist

Overview
We Are PepsiCo
Join PepsiCo and Dare for Better We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place.

Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries.

Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years.

A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world.

Know more:
PepsiCoJobs
Join PepsiCo, dare for better.
Responsibilities
The Opportunity
Within the Cyber Fusion Center, the Offensive Security Team continuously evaluates PepsiCo's cyber security posture through penetration tests and red team engagements to proactively identify gaps and drive mitigations to minimize PepsiCo's cyber risk exposure. This position serves as the technical function lead for perimeter security testing activities.

Your Impact
As
Offensive Security-Function Lead-Perimeter Security
your scope would consist:

• Serve as the technical function lead for perimeter security testing activities including external penetration testing and vulnerability disclosure.
• Research new vulnerabilities and offensive security capabilities.
• Own and drive process and documentation improvements.
• Own and drive completion for projects related to the perimeter security function.
• Contribute to and execute against strategic plans.
• Report on metrics and KPIs to leadership.
• Identify opportunities for, and drive improvements in, automation.
• Drive innovation to expand testing coverage depth and breadth.
• Conduct complex black, gray box, and white box penetration tests across multiple technologies including web applications, mobile application, APIs, infrastructure, cloud environments, and devices. Chain multiple exploits and apply defense evasion techniques as needed.
• Generate accurate, concise, and actionable penetration test reports.
• Validate the effectiveness of remediation efforts.
• Peer review reports for quality and accuracy.
• Triage and schedule incoming penetration test requests.
• Lead scoping calls.
• Manage third-party pen test and red team engagements to ensure high-quality products and deliverables.
• Support testing automation through the creation of complex scripts or applications in one or more languages.
• Support Incident Response during security incidents as needed.
• Validate bug bounty findings.
• Validate perimeter assets for exposure to known vulnerabilities.
• Perform OSINT and related discovery activities.
• Establish and grow relationships with key stakeholders inside and outside of Information Security.
• Serve as SME for at least one technology.
• Coach lower levels.
• Update the team's operational processes as needed and participate in overall knowledge base improvement.
• Provide feedback about and update as needed the operational processes and procedures.
• Maintain a professional communicative relationship with other associates and management.
• Provide timely, comprehensive and accurate information to Information Security leadership in both written and verbal communications.
• Develop the requisite expertise, knowledge, and ability to perform independently.
• Participation in after-hours activities when required.
• Collaborate with CFC teams on project execution and PepsiCo security improvements.
• Ensure team success through organizational, functional, and team alignment towards team mission and objectives.

Qualifications
Who Are We Looking For?
Education

• Bachelor's degree in information technology, related field or equivalent work experience in a hands-on

Experience

• Technical role plus 10+ years of experience in a hands-on, technical information security role. At least 4 years of experience in offensive security, DFIR, Application Security, or Vulnerability Management. At least 2 years in a senior or lead role within offensive security. Experience across multiple IT and Cybersecurity domains strongly preferred.

Mandatory Technical Skills

• Working knowledge of aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP.
• Information Security certifications such as OSCP, OSCE, GPEN, GWAPT or GXPN are required.
• Proficient with security tools (Burp Suite, Metasploit, Nmap, bloodhound, etc.).
• Proficient in at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C().
• Proficient with Linux and/or Windows server management.
• Proficient with one or more C2 frameworks.
• Proficient with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA).
• Working knowledge of public cloud services (Azure, AWS, Alibaba) configuration and hardening.
• Experience with generative AI, LLMs, NLP etc. is a plus.
• Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations).

If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements.
What can you expect from us:

• Opportunities to learn and develop every day through a wide range of programs.
• Internal digital platforms that promote self-learning.
• Development programs according to Leadership skills.
• Specialized training according to the role.
• Learning experiences with internal and external providers.
• We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others.
• Financial wellness programs that will help you reach your goals in all stages of life.
• A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle.
• And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others.

We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.