This listing has expired and therefore is not publicly viewable.
|Preferred GIAC Certifications||GPEN, GCED, GPYC, GWAPT|
|Contact Name||Matthew Frick|
The Infrastructure Security Assessment Team Lead will have a wide range of vulnerability assessment responsibilities covering diverse technologies - including operating systems, hypervisors, storage, applications, databases, and network devices. The essence of this role is articulate risk assessment of vulnerability exposures and/or insecure configurations against attacker methodology, in consideration of possible mitigations, and in relation to business impact. As team lead, mentoring junior team members will be an emphasis for this role.
The ideal candidate will have deep expertise in one or more technical areas and a proven track record as a self-starter capable of quickly getting up to speed in new technologies. This will be necessary to research new vulnerabilities as well as troubleshoot possible issues that may occur with scan engines, remediation workflow tools, and/or reporting features. The role requires data analysis skills, the capability to identify, suggest, and implement process improvements, and a willingness to document key configurations and procedures for knowledge capture purposes. An ability to perform scripted automation is a plus.
Perform regular vulnerability scans of environment and recommend prioritized remediation of vulnerabilities found
Work closely with adjacent constituents to resolve complex security issues
Evaluate current systems and procedures, researching trend, and anticipate requirements
Design, recommend, and implement security improvements
Identify abnormalities, flag problems, and report violations
Perform analysis and correlation of security events from multiple vulnerability assessment sources
Provide reporting and metrics to management
Mentor junior staff
Bachelor's degree in Computer Science or related discipline
7+ years of prior IT experience with progressive responsibility
3+ years of prior security experience with progressive responsibility
Understanding of security architecture, security controls, and security assurance methodologies
Understanding of relational database concepts, data schema, and data analysis techniques
Ability to identify and articulate the merits of various risk mitigation strategies pertinent to given vulnerabilities
Technical expertise in one or more of: operating systems, hypervisors, storage, applications, databases, and network devices
Requires a strong background in network protocols, software stacks, encryption, authentication and authorization mechanisms, and security monitoring and response techniques
Must possess excellent communication skills (written, verbal) and be able to work with technical and non-technical individuals alike
Ability to mentor other employees to improve their skills and effectiveness
At least one security certification (e.g. CEH, OSCP, CISSP, GPEN, GCED, GPYC, GWAPT, etc.)
Demonstrated experience implementing automation via scripting (e.g. bash, Python, etc.)
PepsiCo values diversity. The Attack Surface Management team values grit over pedigree. If you're concerned this description may not describe you exactly, please apply anyway!