Job Description
Overview
PepsiCo’s Global offensive Security Program is responsible for driving offensive Security testing and continuous monitoring to identify and manage security risks. Our mission is to make security risks visible and actionable to the business and ensure that vulnerabilities are addressed promptly and effectively. This role will be responsible for offensive Security Testing Functions and providing guidance on Vulnerability triage and remediation, and fostering a culture of proactive security across the organization. This role’s leadership will be key in defining plans, developing metrics and KPIs, and continuously improving our security practices to ensure the highest standards of protection for PepsiCo.
Responsibilities
- Drive the development and execution of the Offensive security strategy by translating high-level objectives into actionable plans. Lead and inspire the team to achieve these goals, ensuring alignment with overall organizational security initiatives and fostering a culture of proactive security.
- Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications).
- Contribute to defining the future state of cybersecurity within the organization by conducting technical assessments between current state and the desired state across security tools and services.
- Develop program metrics, continuously measure progress and Impact and drive improvements.
- Drive all phases of Penetration Tests and Red Team Engagements including Scoping, Planning, Communications, Timelines and execution of Key activities (reconnaissance, vulnerability identification, exploitation, and reporting).
- Collaborate with the Senior leadership and cross-functional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, Platform team, and sector functions.
- Integrate and operate a centralized findings management system to efficiently manage and track security vulnerabilities and remediation efforts.
- Define and implement a strategy to Offensive Security Capabilities are implemented. Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement.
- Provide triage and remediation guidance for security vulnerabilities. Assist and mentor team members and other engineering teams in understanding and addressing security issues.
- Foster a collaborative environment, promote knowledge sharing, and mentor junior engineers to build a strong, skilled security team.
- Continuously research and raise novel concepts to improve the security posture of the business. Stay updated with the latest security trends, tools, and practices.
- Execute projects, objectives, and deliverables in alignment with the team's vision, mission, and goals.
- Create and deliver training sessions; mentor junior team members; and engage in knowledge transfer sessions, Scoping engagements, and business review meetings.
Differentiating Behaviors
- Demonstrated ability to innovate and drive continuous improvement.
- Strong mentorship and coaching capabilities.
- Ability to handle high-pressure situations with a calm and methodical approach.
- Ability to lead globally dispersed teams to achieve a unified outcome.
- Experience driving large-scale risk reduction initiatives across Fortune 500 organizations.
- Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution.
- Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus.
- Ability to organize tasks, manage time, and prioritize actions to meet business needs.
Qualifications
Years of experience
- 7+ years in software development; or master’s degree in computer science/engineering or related cyber field, and 5 years of relevant experience.
- 2+ years in a leadership or senior role within Offensive security.
Mandatory Technical Skills
- Proficient in at least one programming language (Java, C#, Go) and scripting language (Python, bash, PowerShell).
- Proficient in at least one database management system and query language (MSSQL, PostgreSQL, etc.)
- Proficient in developing Offensive Capabilities and rapidly prototyping solutions to support automated data collection, aggregation, and analysis.
- Proficient in integrating and managing automated security tools within CI/CD pipelines.
- Proficient in application security vulnerabilities and remediation techniques (e.g., OWASP Top Ten).
- Proficient in developing and monitoring metrics and KPIs.
- Experience with security testing tools (Burp Suite, Metasploit, Cobalt Strike, Empire, Nmap, bloodhound, etc.) and multiple operating systems (e.g. Windows, Linux).
- Experience with public cloud services (Azure, AWS, Alibaba).
- Experience with Centralized Findings Management Systems (e.g., ServiceNow VR/AVR.
- Experience with generative AI, LLMs, NLP etc. is a plus.
- Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations).
Non-technical Skills
- Excellent leadership and team management skills.
- Strong communication skills, both verbal and written.
- Ability to translate strategic vision into actionable plans.
- High level of integrity and ethical standards.
- Ability to lead and mentor junior engineers.
- Excellent problem-solving, analytical, and critical thinking skills.
- Demonstrated ability to autonomously make high-judgment decisions and take calculated risks.
- A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
- Ability to establish trust relationships and influence others to positively impact the security posture and the business.
- Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity.
- Solid customer orientation with excellent oral and written communication skills in English.
- Must be able to operate extremely well under pressure.