Offensive Security

Overview:**We Are PepsiCo**Join PepsiCo and Dare for Better We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place.Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries.Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years.A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world.Know more: PepsiCoJobsJoin PepsiCo, dare for better.**Responsibilities**:**The Opportunity**Within the Cyber Fusion Center, the Offensive Security Teamcontinuously evaluates PepsiCo’s cyber security posture throughpenetration tests and red team engagements to proactively identifygaps and drive mitigations to minimize PepsiCo's cyber risk exposure.This position will develop and maintain software to integrate existing tools and automate workflows.**Your Impact**As Offensive Security - Development and Integrations Operator your responsibilities would consist of**Responsibilities**:1. Integrate, automate and extend existing tools to scale the reach of the Offensive Security team.2. Serve as the SME for the design, deployment, monitoring and maintenance of cloud infrastructure used during red team exercises.4. Generate accurate, concise, and actionable penetration test reports.5. Validate the effectiveness of remediation efforts.6. Triage and schedule incoming penetration test requests.7. Peer review reports for quality and accuracy.8. Participate in purple team exercises by reproducing techniques of known threat actors across multiple tactics categories.9. Participate in red team exercises.10. Generate red team reports.11. Support Incident Response during security incidents as needed.12. Validate bug bounty findings.13. Validate perimeter assets for exposure to known vulnerabilities.14. Perform OSINT and related discovery activities.15. Coach lower levels.16. Update the team’s operational processes as needed and participate in overall knowledge base improvement.17. Provide feedback about and update as needed the operational processes and procedures.18. Maintain a professional communicative relationship with other associates and management.19. Provide timely, comprehensive and accurate information to Information Security leadership in both written and verbal communications.20. Develop the requisite expertise, knowledge, and ability to perform independently.21. Participation in after-hours activities when required.22. Collaborate with CFC teams on project execution and PepsiCo security improvements.23. Ensure team success through organizational, functional, and team alignment towards team mission and objectives.Accountabilities1. Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals.2. Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape.3. Develop automation to scale global offensive capabilities and operational resiliency.4. Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.5. Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.Qualifications:**¿Who Are We Looking For?**Years of experience1. Bachelor's degree in information technology, related field or equivalent work experience in a hands-on, technical role plus 3-4 years of experience in a hands-on, technical information security role. At least 1 year in offensive security, DFIR, Application Security, or Vulnerability Management.Mandatory Technical Skills1. Demonstrated experience deploying and managing cloud infrastructure and services in an automated and repeatable manner.2. Demonstrated experience automating workflows using at least one high level scripting or programming language.3. Familiar with aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP.4. Information Security certifications such as OSCP, OSCE, GPEN, GWAPT or GXPN are required.5. Proficient with security tools (Burp Suite, Metasploit, Nmap, bloodhound, etc.).6. Proficient in) at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++).7. Working knowledge of Linux and/or Windows server management.8. Familiar