PepsiCo is a food and beverage company. They are seeking a Junior Application Security Engineer to support their Global Application Security Program by implementing foundational security controls and ensuring effective security automation. The role involves configuring security tools, collaborating with development teams, and participating in incident response efforts.
Configure, tune, and maintain application security scanning tools to ensure accurate detection, minimal false positives, and efficient performance.
Define, enforce, and continuously refine security baselines for all scanning tools, ensuring standardized coverage.
Align security tool findings with business risk, making them actionable for remediation and prioritization.
Maintain and improve risk-based prioritization models, ensuring teams focus on high-impact vulnerabilities first.
Partner with the AppSec Platform development team to seamlessly integrate tool outputs into centralized findings management.
Investigate false positives, validate legitimate findings, and track remediation, ensuring issues are properly addressed.
Collaborate with development teams to embed secure-by-default coding patterns and adhere to security best practices.
Evaluate the effectiveness of security tools, recommend improvements, and drive continuous enhancements.
Oversee deployment and operational tuning of the WAF, contributing to CDN security strategies for DDoS prevention and performance optimization.
Evaluate new security tools and refine processes to increase scanning effectiveness and coverage.
Document configurations, best practices, and operational runbooks for all security tooling to ensure clarity and consistency.
Share security scanning insights with engineering teams, ensuring issues are clearly communicated and promptly addressed.
Participate in incident response and remediation efforts for application security vulnerabilities as needed.
Manage work within agile frameworks, including sprint planning, backlog grooming, and daily stand-ups.
Define and monitor key performance indicators (KPIs) to measure security effectiveness and support ongoing optimization.
Provide 24/7 on-call support, including weekends/holidays.
Qualification
Required
Bachelor’s degree in computer science, engineering, or a related field, with 1-2 years of relevant & recent experience.
Foundational experience assessing security scanner outputs with the ability to provide actionable remediation guidance.
Introductory knowledge of secure software development with an emphasis on identifying vulnerabilities at the source code level.
Familiarity with application security, vulnerability management, and overall security engineering best practices.
Basic proficiency with Go and/or Python.
Experience with deploying, configuring, managing & maintaining Web Application Firewalls.
Willingness to learn and effectively use a variety of security scanning tools, including SAST, DAST, Secret, API, SCA, and Container scanning solutions.
Working knowledge of the OWASP Top 10 vulnerabilities and effective triage techniques.
Understanding of API security concepts, including OAuth, JWT validation, and access control best practices.
Awareness of cloud-native security best practices in AWS, Azure, or GCP, including familiarity with relevant security frameworks.
Familiarity with cryptography principles and basic key management practices.
Exposure to policy-as-code frameworks (OPA, HashiCorp Sentinel).
Basic understanding of CDN security, including bot mitigation, DDoS protection, and caching strategies.
Basic experience integrating security tools into CI/CD pipelines.
Familiarity with container security concepts and orchestration platforms such as Docker and Kubernetes.
Strong communication skills, both verbal and written.
High level of integrity and ethical standards.
Excellent problem-solving, analytical, and critical thinking skills.
Demonstrated ability to make decisions and take calculated risks autonomously.
A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
Ability to establish trust relationships and influence others.
Flexible and adaptive to support a dynamic, global environment with diverse stakeholders and ambiguity.
Must be able to operate extremely well under pressure.
Demonstrated ability to innovate and drive continuous improvement.
Ability to handle high-pressure situations with a calm and methodical approach.
Ability to evaluate trade-offs and identify the best resolution.
Strong time management and prioritization skills to meet business needs.
Commitment to life-long learning.
Preferred
Benefits
Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
