Auto req ID: 267354BR
passionate about their craft.
The successful Application Security Engineer plays a chief role in keeping PepsiCo’s Global Portfolio
of web, mobile, and brand sites protected from constantly evolving cyber threats by:
- Performing vulnerability assessments on PepsiCo internal and 3rd party developed source
code and systems.
- Serving internal customers by advising and providing expert guidance on remediation
strategies for identified vulnerabilities.
- Partnering with PepsiCo’s bug bounty and external threat research partners to communicate
externally identified vulnerabilities and ensure remediation outcomes.
- Working across PepsiCo’s Global DevSecOps and Information Security organizations to
scale Application Security through expanding our toolsets, automation capabilities, and
integration into PepsiCo’s CI/CD pipeline.
- Proposing change and process improvements to the team by challenging the status quo
through new ideas and novel concepts.
- COVID-19 vaccination is a condition of employment for this role. Please note that all such company vaccine requirements provide the opportunity to request an approved accommodation or exemption under applicable law
- Execute SAST, DAST, and SCA assessments as part of the Application Security Teams
- Participate in digesting, translating, and communicating vulnerabilities discovered by bug
bounty and external research partner sources.
- Generate and communicate reports on assessments findings.
- Summarize and advise on remediation strategies for identified vulnerabilities.
- Translate application vulnerability risk into business risk and work with internal customers to
- Scale Application Security to support PepsiCo’s Global Portfolio of applications through
automation and integration into CI/CD pipelines
Support other Information Security teams by advising on security related incidents where
- Bachelor’s degree in Computer Science, Software Development, Information Security, a
related discipline, or equivalent working experience.
- 3 years’ experience in agile full-stack web or mobile application development is strongly
- Programming experience with one or more of the following
- Understanding of the OWASP Top 10.
- Experience with Application Security Vulnerability Testing Tools (Fortify, Veracode,
Synopsys, WhiteSource, Snyk, etc.).
- Experience with Application Security Vulnerability Management Tools (ServiceNow,
DefectDojo, PlexTrac, ThreadFix, etc.).
- Knowledge of Threat Modeling and Threat Intelligence Tools (RiskIQ, RecordedFuture,
RiskRecon, CrowdStrike, ZeroFOX, Trellix, etc.).
Relocation Eligible: Not Eligible for Relocation
Job Type: Regular
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity
Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 – 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.
If you’d like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy
Please view our Pay Transparency Statement
- Address Plano, TX, USA
- Salary Offer $50.000 ~ $100.000
- Experience Level Junior
- Total Years Experience 0-5