Senior Application Security Engineer

$85,200 - $142,650/Yr

PepsiCo - Plano, TX

posted 2 months ago

Full-time - Mid Level
Plano, TX
Beverage and Tobacco Product Manufacturing

About the position

PepsiCo's Global Application Security Program is dedicated to integrating automated security testing into both CI/CD pipelines and continuous monitoring to identify and manage security risks in applications. The mission of this program is to make security risks visible and actionable to the business, ensuring that vulnerabilities are addressed promptly and effectively. The Senior Application Security Engineer will play a pivotal role in driving the integration of automated security tools into CI/CD pipelines, as well as developing innovative, scalable full-stack solutions, middleware, and automation solutions. This position is responsible for executing on strategic application security objectives, providing expert guidance on vulnerability triage and remediation, and fostering a culture of proactive security across the organization. In this role, the engineer will implement and manage automated security tools within CI/CD pipelines, ensuring seamless integration and operation to enhance the security posture of the organization. They will also integrate and operate a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts. The engineer will define and implement a strategy to ensure that automated security tools are configured optimally, establishing and monitoring key performance indicators (KPIs) to measure effectiveness and drive continuous improvement. The Senior Application Security Engineer will develop and maintain green field automation solutions and full stack applications to support and enhance application security. They will provide expert triage and remediation guidance for security vulnerabilities, assisting and mentoring team members and other engineering teams in understanding and addressing security issues. A collaborative environment will be fostered, promoting knowledge sharing and mentoring junior engineers to build a strong, skilled security team. Continuous research and raising of novel concepts to improve the application security posture of the business will be expected, along with staying updated with the latest security trends, tools, and practices. The engineer will also be responsible for developing technical documentation, contributing to defining the future state of cybersecurity within the organization, and executing projects in alignment with the team's vision and goals.

Responsibilities

  • Implement and manage automated security tools within CI/CD pipelines to enhance security posture.
  • Integrate and operate a centralized findings management system for managing and tracking security vulnerabilities.
  • Define and implement a strategy for optimal configuration of automated security tools, establishing KPIs for continuous improvement.
  • Develop and maintain green field automation solutions and full stack applications to support application security.
  • Provide expert triage and remediation guidance for security vulnerabilities, mentoring team members in security issues.
  • Foster a collaborative environment and promote knowledge sharing among team members.
  • Continuously research and raise novel concepts to improve application security posture.
  • Develop technical documentation including system design, architecture diagrams, and functional specifications.
  • Conduct technical assessments to define the future state of cybersecurity within the organization.
  • Develop program metrics to measure progress and drive improvements.
  • Collaborate with senior leadership and cross-functional teams including DevOps and development teams.
  • Create and deliver training sessions and engage in knowledge transfer sessions.

Requirements

  • Master's degree in computer science, Engineering, or a related field, or a Bachelor's degree with a minimum of 4 years of relevant experience.
  • Proficient in at least one programming language (Java, C#, Go) and scripting language (Python, bash, PowerShell).
  • Proficient in at least one database management system and query language (MSSQL, PostgreSQL, etc.).
  • Proficient in developing full-stack applications and rapidly prototyping solutions for automated data collection and analysis.
  • Proficient in integrating and managing automated security tools within CI/CD pipelines.
  • Proficient in application security vulnerabilities and remediation techniques (e.g., OWASP Top Ten).
  • Proficient in developing and monitoring metrics and KPIs.
  • Experience with application security testing tools (Synopsys, OpenText Fortify, Invicti, Snyk, Semgrep, etc.).
  • Experience with modern CI/CD tools and practices (Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku, etc.).
  • Experience with public cloud services (Azure, AWS, Alibaba).
  • Experience with Centralized Findings Management Systems (e.g., Azure DevOps, Jira, ServiceNow VR/AVR, PlexTrac, DefectDojo, ThreatFix).
  • Experience with implementing and managing Web Application Firewalls (Fortinet FortiWeb, Imperva Cloud WAF, Cloudflare WAF, etc.) is a plus.
  • Experience with CMS application security (Wordpress, Drupal, Joomla, etc.) is a plus.
  • Experience with generative AI technologies is a plus.
  • Strong communication skills, both verbal and written.
  • High level of integrity and ethical standards.
  • Ability to lead and mentor junior engineers.
  • Excellent problem-solving, analytical, and critical thinking skills.

Nice-to-haves

  • Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus.

Benefits

  • Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts.
  • Employee Assistance Program (EAP).
  • Insurance (Accident, Group Legal, Life).
  • Defined Contribution Retirement Plan.
  • Paid time off including paid parental leave, vacation, sick, and bereavement.
  • Bonus based on performance and eligibility; target payout is 10% of annual salary paid out annually.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service