Application Security Engineer

Overview:
**We Are PepsiCo**

Join PepsiCo and Dare for Better We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place.

Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries.

Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years.

A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world.

**Know more**:PepsiCoJobs

**Join PepsiCo, dare for better.**

**Responsibilities**:
**Your Impact**

As** Application** Security Engineer** your responsibilities would consist of:

- Implement and manage automated security toolswithin CI/CD pipelines. Ensure seamless integration and operation to enhance security posture.
- Integrate and operate a centralized findings management system to manage and track security vulnerabilities and remediation efforts efficiently.
- Define and implement a strategy to ensure automated security tools are configured to operate
optimally. Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement.
- Develop and tune rule sets/detections for the automated security tools to increase detection capabilities and reduce false positives.
- Provide expert triage and remediation guidance for security vulnerabilities where needed. Assist and mentor team members and engineering teams in
- understanding and addressing security issues.
- Foster a collaborative environment, promote knowledge sharing, and mentor junior engineers to build a strong, skilled security team.
- Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications).
- Contribute to defining the future state of cybersecurity within the organization by conducting technical assessments between the current state and the desired state across security tools and services.
- Develop program metrics, continuously measure progress and Impact, and drive improvements.
- Collaborate with the Senior leadership and crossfunctional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, Platform team, and sector functions.
- Execute projects, objectives, and deliverables in alignment with the team's vision, mission, and goals.
- Engage in knowledge transfer sessions, technical design reviews, security reviews, and business review meetings

Qualifications:
**¿Who Are We Looking For?**

**Education**:

- Master’s degree in computer science, Engineering, or a related field, or a Bachelor’s degree with a minimum of 3 years of relevant experience

**Tech** **skills**:

- Proficient in at least one programming language (Java, C#, Go) and scripting language (Python, bash,
PowerShell).
- Proficient in at least one database management system and query language (MSSQL, PostgreSQL, etc.)
- Proficient in integrating and managing automated security tools within CI/CD pipelines.
- Proficient in developing and monitoring metrics and KPIs.
- Experience with modern CI/CD tools and practices, and their integration into the development lifecycle (Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku, etc.)
- Experience with public cloud services (Azure, AWS, Alibaba).
- Experience with Centralized Findings Management Systems (e.g., Azure DevOps, Jira, ServiceNow VR/AVR, PlexTrac, DefectDojo, ThreatFix).
- Experience with writing custom vulnerability detection patterns/rules is a plus.
- Experience with implementing and managing Web
- Application Firewalls (Fortinet FortiWeb, Imperva Cloud WAF, Cloudflare WAF, Akamai Kona, MS AzureWAF, AWS WAF, etc.) is a plus.
- Experience with generative AI technologies is a plus.

**Non **tech** **skills**:

- Demonstrated ability to innovate and drive continuous improvement.
- Ability to handle high-pressure situations with a calm and methodical approach.
- Ability to operate within globally dispersed teams to achieve a unified outcome.
- Experience driving large-scale risk reductio initiatives across Fortune 500 organizations.
- Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution.
- Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus.
- Ability to organize tasks, manage time, and prioritize actions to meet business needs.

**Competencies** **required**:

- Demonstrated ability to innovate and drive continuous improvement.
- Ability t