Overview We Are PepsiCo Join PepsiCo and Dare for Better! We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place. Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries. Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years. A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world. Know more: PepsiCoJobs Join PepsiCo, dare for better. Responsibilities Your Impact     As  Application Security Engineer your responsibilities would consist of: Implement and manage automated security toolswithin CI/CD pipelines. Ensure seamless integration and operation to enhance security posture. Integrate and operate a centralized findings management system to manage and track security vulnerabilities and remediation efforts efficiently. Define and implement a strategy to ensure automated security tools are configured to operate optimally. Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement. Develop and maintain green field automation solutions and full-stack applications to support and enhance application security. Develop and tune rule sets/detections for the automated security tools to increase detection capabilities and reduce false positives. Provide expert triage and remediation guidance for security vulnerabilities where needed. Assist and mentor team members and engineering teams in understanding and addressing security issues. Foster a collaborative environment, promote knowledge sharing, and mentor junior engineers to build a strong, skilled security team. Continuously research and raise novel concepts to improve the application security posture of the business. Stay updated with the latest security trends, tools, and practices. Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications). Contribute to defining the future state of cybersecurity within the organization by conducting technical assessments between the current state and the desired state across security tools and services. Develop program metrics, continuously measure progress and Impact, and drive improvements. Collaborate with the Senior leadership and crossfunctional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, Platform team, and sector functions. Execute projects, objectives, and deliverables in alignment with the team's vision, mission, and goals. Engage in knowledge transfer sessions, technical design reviews, security reviews, and business review meetings Qualifications ¿Who Are We Looking For?     Education: Master’s degree in computer science, Engineering, or a related field, or a Bachelor’s degree with a minimum of 3 years of relevant experience Tech skills: Proficient in at least one programming language (Java, C#, Go) and scripting language (Python, bash, PowerShell). Proficient in at least one database management system and query language (MSSQL, PostgreSQL, etc.) Proficient in developing full-stack applications and rapidly prototyping solutions to support automated data collection, aggregation, and analysis. Proficient in integrating and managing automated security tools within CI/CD pipelines. Proficient in application security vulnerabilities and remediation techniques (e.g., OWASP Top Ten). Proficient in developing and monitoring metrics and KPIs. Experience with application security testing tools (Synopsys, OpenText Fortify, Invicti, Snyk, Semgrep,etc.) Experience with modern CI/CD tools and practices, and their integration into the development lifecycle (Jenkins, Azure DevOps, GitHub Enterprise, Circle CI, Heroku, etc.) Experience with public cloud services (Azure, AWS, Alibaba). Experience with Centralized Findings Management Systems (e.g., Azure DevOps, Jira, ServiceNow VR/AVR, PlexTrac, DefectDojo, ThreatFix). Experience with writing custom vulnerability detection patterns/rules is a plus. Experience with implementing and managing Web Application Firewalls (Fortinet FortiWeb, Imperva Cloud WAF, Cloudflare WAF, Akamai Kona, MS AzureWAF, AWS WAF, etc.) is a plus. Experience with CMS application security (Wordpress, Drupal, Joomla, Elementor, OpenText TeamSite, Concrete CMS, etc.) is a plus. Experience with generative AI technologies is a plus.   Non tech skills: Demonstrated ability to innovate and drive continuous improvement. Ability to handle high-pressure situations with a calm and methodical approach. Ability to operate within globally dispersed teams to achieve a unified outcome. Experience driving large-scale risk reductio initiatives across Fortune 500 organizations. Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution. Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus. Ability to organize tasks, manage time, and prioritize actions to meet business needs. Competencies required: Demonstrated ability to innovate and drive continuous improvement. Ability to handle high-pressure situations with a calm and methodical approach. Ability to operate within globally dispersed teams to achieve a unified outcome. Experience driving large-scale risk reduction. initiatives across Fortune 500 organizations. Ability to weigh the relative costs/benefits/tradeoffs of potential actions and identify the best resolution. Information Security certifications such as CISSP, OSCP, GPEN, GWAPT, GXPN, GSE are a plus. Ability to organize tasks, manage time, and prioritize actions to meet business needs. If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements.     What can you expect from us:  Opportunities to learn and develop every day through a wide range of programs.   Internal digital platforms that promote self-learning.   Development programs according to Leadership skills.   Specialized training according to the role.   Learning experiences with internal and external providers.   We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others.   Financial wellness programs that will help you reach your goals in all stages of life.   A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle.  And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others.      We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.