PepsiCo - Plano, TX
posted 2 months ago
PepsiCo's Global Application Security Program is dedicated to integrating automated security testing into both CI/CD pipelines and continuous monitoring to identify and manage security risks in applications. The mission of this program is to make security risks visible and actionable to the business, ensuring that vulnerabilities are addressed promptly and effectively. The Senior Application Security Engineer will play a pivotal role in driving the integration of automated security tools into CI/CD pipelines, as well as developing innovative, scalable full-stack solutions, middleware, and automation solutions. This position is responsible for executing on strategic application security objectives, providing expert guidance on vulnerability triage and remediation, and fostering a culture of proactive security across the organization. In this role, the engineer will implement and manage automated security tools within CI/CD pipelines, ensuring seamless integration and operation to enhance the security posture of the organization. They will also integrate and operate a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts. The engineer will define and implement a strategy to ensure that automated security tools are configured optimally, establishing and monitoring key performance indicators (KPIs) to measure effectiveness and drive continuous improvement. The Senior Application Security Engineer will develop and maintain green field automation solutions and full stack applications to support and enhance application security. They will provide expert triage and remediation guidance for security vulnerabilities, assisting and mentoring team members and other engineering teams in understanding and addressing security issues. A collaborative environment will be fostered, promoting knowledge sharing and mentoring junior engineers to build a strong, skilled security team. Continuous research and raising of novel concepts to improve the application security posture of the business will be expected, along with staying updated with the latest security trends, tools, and practices. The engineer will also be responsible for developing technical documentation, contributing to defining the future state of cybersecurity within the organization, and executing projects in alignment with the team's vision and goals.