|Preferred GIAC Certifications||GPEN, GCED, GPYC, GWAPT|
|Contact Name||Matthew Frick|
The Infrastructure Security Assessment Associate Specialist will have a wide range of vulnerability assessment responsibilities covering diverse technologies - including operating systems, hypervisors, storage, applications, databases, and network devices. The essence of this role is articulate risk assessment of vulnerability exposures and/or insecure configurations against attacker methodology, in consideration of possible mitigations, and in relation to business impact. Defining and risk-assessing security hardening standards will be an emphasis for this role.
The ideal candidate will have deep expertise in one or more technical areas and a proven track record as a self-starter capable of quickly and autonomously getting up to speed in new technologies. This will be necessary to research new vulnerabilities as well as troubleshoot possible issues that may occur with scan engines, remediation workflow tools, and/or reporting features. The role requires data analysis skills, the capability to identify, suggest, and implement process improvements, and a willingness to document key configurations and procedures for knowledge capture purposes. An ability to perform scripted automation is a plus.
Perform regular vulnerability scans of environment and recommend prioritized remediation of vulnerabilities found
Work closely with adjacent constituents to resolve complex security issues
Evaluate current systems and procedures, researching trend, and anticipate requirements
Design, recommend, and implement security improvements
Identify abnormalities, flag problems, and report violations
Perform analysis and correlation of security events from multiple vulnerability assessment sources
Provide reporting and metrics to management
Bachelor's degree in Computer Science or related discipline
5+ years of prior IT experience with progressive responsibility
2+ years of prior security experience with progressive responsibility
Understanding of security architecture, security controls, and security assurance methodologies
Understanding of relational database concepts, data schema, and data analysis techniques
Experience referencing, researching, and utilizing system and application hardening standards (e.g. CIS benchmarks, DISA STIGs, etc.)
Ability to identify and articulate the merits of various risk mitigation strategies pertinent to given vulnerabilities
Technical expertise in one or more of: operating systems, hypervisors, storage, applications, databases, and network devices
Requires a strong background in network protocols, software stacks, encryption, authentication and authorization mechanisms, and security monitoring and response techniques
Must possess excellent communication skills (written, verbal) and be able to work with technical and non-technical individuals alike
Must be able to guide technical conversations to an understanding of technical ground truth and feasibility of technical implementation details
Ability to design, resource, status, and complete projects independently, with minimal supervision
PepsiCo values diversity. The Attack Surface Management team values grit over pedigree. If you're concerned this description may not describe you exactly, please apply anyway!