17 ene
Pepsico Deutschland
Xico
OverviewAre you ready to shape the future of secure applications at PepsiCo? PepsiCo's Global Application Security Program is at the forefront of integrating automated security testing into our CI/CD pipelines and ensuring continuous monitoring to identify and manage security risks.
As an Application Security Engineer, you will be responsible for driving the integration of these automated security tools into our pipelines while developing scalable full-stack solutions, middleware, and automation systems.
You'll play a critical role in executing strategic application security objectives, offering expert guidance on vulnerability triage and remediation, and fostering a culture of proactive security across the organization.
Our mission is to make security risks visible and actionable, ensuring vulnerabilities are addressed promptly and effectively.
ResponsibilitiesYour day-to-day with us: Implementing and managing automated security tools within CI/CD pipelines, ensuring seamless integration and enhanced security posture.Integrating and operating a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts.Defining and implementing strategies to configure automated security tools for optimal performance.
You'll also establish and monitor KPIs to measure effectiveness and drive continuous improvement.Developing and maintaining greenfield automation solutions and full-stack applications to support and enhance application security.Tuning rule sets and detections for automated security tools to improve detection capabilities and reduce false positives.Providing expert guidance in triaging and remediating security vulnerabilities,
and mentoring team members and engineering teams in understanding and addressing security issues.Fostering a collaborative environment that promotes knowledge sharing, and mentoring junior engineers to build a skilled security team.Continuously researching and presenting new concepts to improve the business's application security posture, staying up to date with the latest security trends and practices.Developing technical documentation such as system designs, architecture diagrams, data flows, and functional specifications.Contributing to the future state of cybersecurity by conducting technical assessments between the current and desired states across security tools and services.Developing program metrics to continuously measure progress and impact, and driving improvements.Collaborating with senior leadership and cross-functional teams, including DevOps, development teams, security operations, data & analytics, enterprise architecture,
platform teams, and sector functions.Executing projects, objectives, and deliverables in alignment with the team's vision, mission, and goals.Engaging in knowledge transfer sessions, technical design reviews, security reviews, and business review meetings.QualificationsWhat you will need to succeed: Technical Skills: Deeply experienced in at least one programming language (Java, C#, Go) and scripting language (Python, Bash, PowerShell).Highly skilled in at least one database management system and query language (e.g., MSSQL, PostgreSQL).Strong experience in developing full-stack applications and rapid prototyping to support automated data collection, aggregation,
and analysis.Skilled in integrating and managing automated security tools within CI/CD pipelines.Expertise in application security vulnerabilities and remediation techniques (e.g., OWASP Top Ten).Experience with application security testing tools (e.g., Synopsys, OpenText Fortify, Snyk, Semgrep).Familiarity with modern CI/CD tools and practices (e.g., Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku).Experience with public cloud services (e.g., Azure, AWS, Alibaba).Nice-to-Have: Experience writing custom vulnerability detection patterns/rules.Experience implementing and managing Web Application Firewalls (e.g., Fortinet, Imperva, Cloudflare, Akamai, Azure WAF, AWS WAF).Experience with CMS security (e.g., WordPress, Drupal, Joomla, OpenText TeamSite, Concrete CMS).Familiarity with generative AI technologies.Information Security certifications (e.g., CISSP, OSCP, GPEN, GWAPT, GXPN, GSE).Experience with Centralized Findings Management Systems (e.g., Azure DevOps, Jira, ServiceNow VR/AVR,
PlexTrac, DefectDojo, ThreatFix).Proficient in developing and monitoring metrics and KPIs to measure security effectiveness.Soft Skills: Demonstrated ability to innovate and drive continuous improvement.Ability to handle high-pressure situations with a calm and methodical approach.Strong organizational skills, with the ability to prioritize tasks and manage time effectively.Experience collaborating with globally dispersed teams to achieve unified outcomes.Strong decision-making skills, with the ability to weigh costs/benefits/trade-offs and find optimal resolutions.
#J-18808-Ljbffr
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.