PepsiCo’s Global Application Security Program harmonizes security with all development workflows to identify and manage application security risks. Our mission is to make security risks visible and actionable for the business, promoting prompt and effective resolution of security findings, empowering our development teams to build securely by default, and encouraging continuous improvement.

This role focuses on implementing foundational security controls, tuning security tools, and ensuring security automation efforts are effectively supported. The ideal candidate will work on eliminating noise, ensuring scanners produce actionable findings, and helping enforce application security principles at scale. This position supports the broader security automation initiative by ensuring security fundamentals are in place.

In addition to daily operations, the ideal candidate must be willing to push their limits by completing a rigorous learning program designed to rapidly enhance their skillsets in this rare and niche market. The skills gained through this program will not only benefit PepsiCo but will also set the candidate up for lifelong success in a field where exceptional application security talent is exceedingly rare.

• Configure, tune, and maintain application security scanning tools to ensure accurate detection, minimal false positives, and efficient performance.
• Define, enforce, and continuously refine security baselines for all scanning tools, ensuring standardized coverage.
• Align security tool findings with business risk, making them actionable for remediation and prioritization.
• Maintain and improve risk-based prioritization models, ensuring teams focus on high-impact vulnerabilities first.
• Partner with the AppSec Platform development team to seamlessly integrate tool outputs into centralized findings management.
• Investigate false positives, validate legitimate findings, and track remediation, ensuring issues are properly addressed.
• Collaborate with development teams to embed secure-by-default coding patterns and adhere to security best practices.
• Evaluate the effectiveness of security tools, recommend improvements, and drive continuous enhancements.
• Oversee deployment and operational tuning of the WAF, contributing to CDN security strategies for DDoS prevention and performance optimization.
• Evaluate new security tools and refine processes to increase scanning effectiveness and coverage.
• Document configurations, best practices, and operational runbooks for all security tooling to ensure clarity and consistency.
• Share security scanning insights with engineering teams, ensuring issues are clearly communicated and promptly addressed.
• Participate in incident response and remediation efforts for application security vulnerabilities as needed.
• Manage work within agile frameworks, including sprint planning, backlog grooming, and daily stand-ups.
• Define and monitor key performance indicators (KPIs) to measure security effectiveness and support ongoing optimization.
• Provide 24/7 on-call support, including weekends/holidays.

Compensation and Benefits:

• The expected compensation range for this position is between $64,300 - $107,650.
• Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.

Years of Experience:

• Bachelor’s degree in computer science, engineering, or a related field, with 1-2 years of relevant & recent experience.

Mandatory Technical Skills:

• Foundational experience assessing security scanner outputs with the ability to provide actionable remediation guidance.
• Introductory knowledge of secure software development with an emphasis on identifying vulnerabilities at the source code level.
• Familiarity with application security, vulnerability management, and overall security engineering best practices.
• Basic proficiency with Go and/or Python.
• Experience with deploying, configuring, managing & maintaining Web Application Firewalls.
• Willingness to learn and effectively use a variety of security scanning tools, including SAST, DAST, Secret, API, SCA, and Container scanning solutions.
• Working knowledge of the OWASP Top 10 vulnerabilities and effective triage techniques.
• Understanding of API security concepts, including OAuth, JWT validation, and access control best practices.
• Awareness of cloud-native security best practices in AWS, Azure, or GCP, including familiarity with relevant security frameworks.
• Familiarity with cryptography principles and basic key management practices.
• Exposure to policy-as-code frameworks (OPA, HashiCorp Sentinel).
• Basic understanding of CDN security, including bot mitigation, DDoS protection, and caching strategies.
• Basic experience integrating security tools into CI/CD pipelines.
• Familiarity with container security concepts and orchestration platforms such as Docker and Kubernetes.

Non-Technical Skills:

• Strong communication skills, both verbal and written.
• High level of integrity and ethical standards.
• Excellent problem-solving, analytical, and critical thinking skills.
• Demonstrated ability to make decisions and take calculated risks autonomously.
• A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
• Ability to establish trust relationships and influence others.
• Flexible and adaptive to support a dynamic, global environment with diverse stakeholders and ambiguity.
• Must be able to operate extremely well under pressure.

Differentiating Behaviors:

• Demonstrated ability to innovate and drive continuous improvement.
• Ability to handle high-pressure situations with a calm and methodical approach.
• Ability to evaluate trade-offs and identify the best resolution.
• Strong time management and prioritization skills to meet business needs.
• Commitment to life-long learning.

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy.

 Please view our Pay Transparency Statement