Senior Information Security Engineer

Overview Within the Cyber Fusion Center (CFC), the Infrastructure Security Team is seeking a highly skilled and experienced Information Security Analyst with 3 to 4 years of experience in Vulnerability Management, Security Automation, and Risk Mitigation. This role requires strong programming skills (Python, Power Shell, Bash, or equivalent) to develop scalable automation solutions for vulnerability detection, remediation, and reporting. The ideal candidate will have deep expertise in Tenable, Service Now Vulnerability Response (VR) module, Configuration Compliance (CC) module, cloud security, SAP/Onapsis, and third-party security platforms (Okta, SAP, Service Now, Salesforce, M365).

As a senior analyst, you will be responsible for leading vulnerability management initiatives, driving security automation strategies, integrating security data into Service Now, and providing technical guidance to junior analysts. You will also play a key role in maturing the vulnerability management program, enhancing risk visibility, and improving remediation efficiency through automation. Responsibilities Security Automation & API Development Develop, optimize, and maintain automation scripts in Python, Power Shell, or Bash to streamline vulnerability management and remediation.

Design API-driven integrations between Tenable, Service Now VR, and ITSM platforms for automated vulnerability tracking and reporting. Automate security workflows, including vulnerability ingestion, prioritization, ticketing, and remediation orchestration. Develop and maintain custom security tools to enhance scanning, reporting, and response capabilities. Vulnerability Management & Risk Prioritization Lead enterprise-wide vulnerability assessments using Tenable, Qualys, or Nexpose, ensuring comprehensive risk identification. Implement risk-based prioritization models using automation to focus on critical security threats.

Maintain and optimize the Service Now Vulnerability Response (VR) module for seamless vulnerability lifecycle management. Work closely with IT and development teams to ensure timely and effective remediation efforts. Security Platform & Service Now Integration Oversee the full integration of Tenable vulnerability data into Service Now VR for enhanced tracking and automation. Improve Configuration Compliance monitoring by developing automated controls for audit findings and remediation workflows.

Ensure that security data is accurate, actionable, and seamlessly integrated with IT operations. Network & Security Protocols Expertise Apply expert knowledge of networking and security protocols to identify security risks. Understand common port numbers and assess their security implications. Collaborate with network and firewall teams to enhance segmentation, reduce attack surfaces, and enforce security policies. Security Operations & Compliance Automation Lead compliance automation initiatives to align with PCI-DSS, NIST, ISO 27001, and CIS benchmarks.

Develop scripts and automation tools to generate compliance reports, track remediation progress, and reduce manual overhead. Stay ahead of emerging threats, vulnerabilities, and regulatory requirements, continuously improving security automation strategies. Leadership & Mentorship Provide technical leadership to junior security analysts, guiding them in security automation best practices. Collaborate with cross-functional teams to define security automation strategies and implement scalable solutions.

Document automation workflows, vulnerability management playbooks, and security integration processes to enhance team knowledge. Accountabilities Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals. Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape. Develop automation to scale global offensive capabilities and operational resiliency. Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.

Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required. Compensation and Benefits:
The expected compensation range for this position is between $80,200 - $134,250. Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process. Bonus based on performance and eligibility target payout is 8% of annual salary paid out annually. Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.

In addition to salary, Pepsi Co offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility:
Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement…