Overview We Are PepsiCo Join PepsiCo and Dare for Better! We are the perfect place for curious people, thinkers and change agents. From leadership to front lines, we're excited about the future and working together to make the world a better place. Being part of PepsiCo means being part of one of the largest food and beverage companies in the world, with our iconic brands consumed more than a billion times a day in more than 200 countries. Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years. A career at PepsiCo means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world. Know more: PepsiCoJobs Join PepsiCo, dare for better. Responsibilities The Opportunity Within the Cyber Fusion Center, the Offensive Security Team continuously evaluates PepsiCo’s cyber security posture through penetration tests and red team engagements to proactively identify gaps and drive mitigations to minimize PepsiCo's cyber risk exposure. This position will develop and maintain software to integrate existing tools and automate workflows. Your Impact As Offensive Security – Development and Integrations Operator your responsibilities would consist of Responsibilities 1. Integrate, automate and extend existing tools to scale the reach of the Offensive Security team. 2. Serve as the SME for the design, deployment, monitoring and maintenance of cloud infrastructure used during red team exercises. 3. Conduct standard black and gray box penetration tests across multiple technologies including web applications, mobile applications, APIs, infrastructure, cloud environments, and devices. 4. Generate accurate, concise, and actionable penetration test reports. 5. Validate the effectiveness of remediation efforts. 6. Triage and schedule incoming penetration test requests. 7. Peer review reports for quality and accuracy. 8. Participate in purple team exercises by reproducing techniques of known threat actors across multiple tactics categories. 9. Participate in red team exercises. 10. Generate red team reports. 11. Support Incident Response during security incidents as needed. 12. Validate bug bounty findings. 13. Validate perimeter assets for exposure to known vulnerabilities. 14. Perform OSINT and related discovery activities. 15. Coach lower levels. 16. Update the team’s operational processes as needed and participate in overall knowledge base improvement. 17. Provide feedback about and update as needed the operational processes and procedures. 18. Maintain a professional communicative relationship with other associates and management. 19. Provide timely, comprehensive and accurate information to Information Security leadership in both written and verbal communications. 20. Develop the requisite expertise, knowledge, and ability to perform independently. 21. Participation in after-hours activities when required. 22. Collaborate with CFC teams on project execution and PepsiCo security improvements. 23. Ensure team success through organizational, functional, and team alignment towards team mission and objectives. Accountabilities 1. Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals. 2. Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape. 3. Develop automation to scale global offensive capabilities and operational resiliency. 4. Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings. 5. Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required. Qualifications ¿Who Are We Looking For? Years of experience 1. Bachelor's degree in information technology, related field or equivalent work experience in a hands-on, technical role plus 3-4 years of experience in a hands-on, technical information security role. At least 1 year in offensive security, DFIR, Application Security, or Vulnerability Management. Mandatory Technical Skills 1. Demonstrated experience deploying and managing cloud infrastructure and services in an automated and repeatable manner. 2. Demonstrated experience automating workflows using at least one high level scripting or programming language. 3. Familiar with aligning threat and vulnerability management efforts to frameworks and control objectives - MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP. 4. Information Security certifications such as OSCP, OSCE, GPEN, GWAPT or GXPN are required. 5. Proficient with security tools (Burp Suite, Metasploit, Nmap, bloodhound, etc.). 6. Proficient in) at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++). 7. Working knowledge of Linux and/or Windows server management. 8. Familiar with one or more C2 frameworks. 9. Familiar with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). 10. Working knowledge of public cloud services (Azure, AWS, Alibaba) configuration and hardening. Non-technical Skills 1. A team-focused mentality with the proven ability to work effectively with diverse stakeholders. 2. Solid customer orientation with excellent oral and written communication skills in English. 3. An ability to effectively influence others to modify their opinions, plans, or behaviors. 4. Proactive attitude, seeking improvement opportunities which can positively impact the security posture and the business. 5. Decision-making capabilities, with an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. 6. An ability to work extremely well under pressure while maintaining a professional image and approach. 7. Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity. Differentiating behaviors 1. Ability to lead globally dispersed teams to achieve a unified outcome. 2. Experience driving large-scale risk reduction initiatives across Fortune 500 organizations. 3. Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution. 4. Active community engagement: Bug Bounty program engagements, participation in CTFs, or contributions to open source, etc. 5. Ability to organize tasks, manage time, and prioritize actions to meet business needs. If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements. What can you expect from us: Opportunities to learn and develop every day through a wide range of programs. Internal digital platforms that promote self-learning. Development programs according to Leadership skills. Specialized training according to the role. Learning experiences with internal and external providers. We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others. Financial wellness programs that will help you reach your goals in all stages of life. A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle. And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others. We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.