Senior Information Security Engineer

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent hands-on experience).
• 3 to 4 years of experience in cybersecurity, vulnerability management, and security automation.
• Strong coding skills in Python, PowerShell, Bash, or equivalent languages (ability to write, optimize, and maintain scripts for security automation).
• Expertise in API development and integration between security tools (Tenable, ServiceNow, ITSM platforms).
• Advanced experience with vulnerability management tools such as Tenable, Qualys, or Nexpose.
• Deep knowledge of ServiceNow VR module, including configuration, automation, and integration.
• Strong understanding of network security protocols and common port numbers.
• Experience managing security configurations for third-party platforms (Okta, SAP, ServiceNow, Salesforce, M365).
• Proven ability to lead security automation initiatives and mentor junior analysts.
• Strong analytical, troubleshooting, and problem-solving skills.
• A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
• Demonstrated ability to autonomously make high-judgment decisions and take calculated risks.
• Ability to establish trust relationships and influence others to positively impact the security posture and the business.
• Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity.
• Solid customer orientation with excellent oral and written communication skills in English.
• Must be able to operate extremely well under pressure while maintaining a professional.
• Experience driving large-scale risk reduction initiatives across Fortune 500 organizations.
• Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution.
• Ability to organize tasks, manage time, and prioritize actions to meet business needs.

Nice To Haves

• Experience with cloud security automation (AWS, Azure, GCP).
• Knowledge of infrastructure-as-code (Terraform, Ansible) for security automation.
• Familiarity with security frameworks like MITRE ATT&CK, NIST, CIS Benchmarks.
• Security certifications (CISSP, OSCP, GIAC, AWS Security Certs) are a plus

Responsibilities

• Security Automation & API Development
• Develop, optimize, and maintain automation scripts in Python, PowerShell, or Bash to streamline vulnerability management and remediation.
• Design API-driven integrations between Tenable, ServiceNow VR, and ITSM platforms for automated vulnerability tracking and reporting.
• Automate security workflows, including vulnerability ingestion, prioritization, ticketing, and remediation orchestration.
• Develop and maintain custom security tools to enhance scanning, reporting, and response capabilities.
• Vulnerability Management & Risk Prioritization
• Lead enterprise-wide vulnerability assessments using Tenable, Qualys, or Nexpose, ensuring comprehensive risk identification.
• Implement risk-based prioritization models using automation to focus on critical security threats.
• Maintain and optimize the ServiceNow Vulnerability Response (VR) module for seamless vulnerability lifecycle management.
• Work closely with IT and development teams to ensure timely and effective remediation efforts.
• Security Platform & ServiceNow Integration
• Oversee the full integration of Tenable vulnerability data into ServiceNow VR for enhanced tracking and automation.
• Improve Configuration Compliance monitoring by developing automated controls for audit findings and remediation workflows.
• Ensure that security data is accurate, actionable, and seamlessly integrated with IT operations.
• Network & Security Protocols Expertise
• Apply expert knowledge of networking and security protocols to identify security risks.
• Understand common port numbers and assess their security implications.
• Collaborate with network and firewall teams to enhance segmentation, reduce attack surfaces, and enforce security policies.
• Security Operations & Compliance Automation
• Lead compliance automation initiatives to align with PCI-DSS, NIST, ISO 27001, and CIS benchmarks.
• Develop scripts and automation tools to generate compliance reports, track remediation progress, and reduce manual overhead.
• Stay ahead of emerging threats, vulnerabilities, and regulatory requirements, continuously improving security automation strategies.
• Leadership & Mentorship
• Provide technical leadership to junior security analysts, guiding them in security automation best practices.
• Collaborate with cross-functional teams to define security automation strategies and implement scalable solutions.
• Document automation workflows, vulnerability management playbooks, and security integration processes to enhance team knowledge.
• Accountabilities
• Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals.
• Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape.
• Develop automation to scale global offensive capabilities and operational resiliency.
• Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
• Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.

Benefits

• The expected compensation range for this position is between $80,200 - $134,250.
• Bonus based on performance and eligibility target payout is 8% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.