PepsiCo is a food and beverage company, and they are seeking an Entry-Level Information Security Analyst to join their Cyber Fusion Center's Infrastructure Security Team. The role focuses on identifying, analyzing, and mitigating security vulnerabilities while leveraging automation to enhance efficiency.
Assist in scanning, analyzing, and prioritizing vulnerabilities across cloud and on-prem environments.
Utilize security tools such as Tenable, Qualys, or Nexpose to monitor and assess risks.
Work with IT teams to track and ensure timely remediation of vulnerabilities.
Support the integration and management of Tenable findings in the ServiceNow Vulnerability Response (VR) module.
Develop and maintain Python, PowerShell, or Bash scripts to automate vulnerability detection and remediation workflows.
Create API integrations between security tools, ServiceNow VR & CC Modules, and ITSM platforms.
Automate reporting and ticketing processes to improve operational efficiency.
Support the ServiceNow Vulnerability Response (VR) module for Tenable, ensuring accurate ingestion and tracking of vulnerabilities.
Assist in Configuration Compliance monitoring by analyzing audit findings and tracking remediation efforts.
Work with IT and security teams to address compliance gaps related to frameworks like PCI-DSS, NIST, and ISO 27001.
Understand and apply basic network and security protocols (e.g., TCP/IP, HTTP/S, SSH, FTP, DNS, SSL/TLS, VPNs, RDP).
Be familiar with common port numbers and their security implications.
Support network segmentation and firewall rule reviews.
Assess security configurations and vulnerabilities in Okta, SAP, ServiceNow, Salesforce, and M365.
Help identify misconfigurations and recommend security best practices.
Stay up to date with security trends, vulnerabilities, and exploits.
Assist in compliance initiatives related to PCI-DSS, NIST, ISO 27001, and CIS benchmarks.
Document security findings and automation workflows clearly for team reference.
Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals.
Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape.
Develop automation to scale global offensive capabilities and operational resiliency.
Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.
Qualification
Required
Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent hands-on experience).
Strong scripting and automation skills using Python, PowerShell, or Bash.
Understanding of basic security and networking protocols and their associated port numbers.
Exposure to vulnerability management tools like Tenable, Qualys, or Nexpose.
Experience with ServiceNow Vulnerability Response (VR) module for managing Tenable findings.
Familiarity with third-party platforms (Okta, SAP, ServiceNow, Salesforce, M365).
Strong problem-solving skills and ability to work in a fast-paced environment.
A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
Demonstrated ability to autonomously make high-judgment decisions and take calculated risks.
Ability to establish trust relationships and influence others to positively impact the security posture and the business.
Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity.
Solid customer orientation with excellent oral and written communication skills in English.
Must be able to operate extremely well under pressure while maintaining a professional.
Ability to organize tasks, manage time, and prioritize actions to meet business needs.
Driven and Focused
Preferred
Experience with APIs to automate security workflows.
Basic knowledge of cloud security (AWS, Azure, GCP).
Understanding of security frameworks like MITRE ATT&CK, NIST, CIS Benchmarks.
Security certifications (CompTIA Security+, CEH, GIAC) are a plus but not required.
Benefits
Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.
