refresh

HomeJobsBlogPricing

Trending companies

Trending companies

JobsPepsiCo
PepsiCo
PepsiCo

Senior Penetration Tester & Red Team Operator

RoleSecurity
LevelSenior
LocationMiguel Hidalgo, Mexico
WorkOn-site
TypeFull-time
Posted1 week ago
Apply now

About the role

  • Overview CAREERS TO SMILE ABOUT At Pepsi Co, you’ll discover a place where our mission is to create smiles around the world. With a portfolio of more than 500 beloved brands including, Gatorade, Lay’s and Quaker, our work touches millions of people every day. At the heart of the company is a team of thinkers, creators, and problem-solvers who collaborate to innovate and turn ideas into action. Driven by innovation and a focus on creating joyful moments through food and drinks, our decisions are guided by consumer centricity, creating opportunities for our associates to do meaningful work and make a lasting impact in the communities we serve. Whatever your role, you’ll be part of a global community that values your ideas and empowers you to make an impact, on your career and on the world around you. Our product portfolio, which includes 22 of the world's most iconic brands, such as Sabritas, Gamesa, Quaker, Pepsi, Gatorade and Sonrics, has been a part of Mexican homes for more than 116 years. A career at Pepsi Co means working in a culture where all people are welcome. Here, you can dare to be you. No matter who you are, where you're from, or who you love, you can always influence the people around you and make a positive impact in the world. Responsibilities The Opportunity Within the Cyber Fusion Center, the Offensive Security Team continuously evaluates Pepsi Co’s cyber security posture through penetration tests and red team engagements to proactively identify gaps and drive mitigations to minimize Pepsi Co's cyber risk exposure. This role will focus on supporting perimeter security, vulnerability disclosure, and bug bounty. Your Impact As Senior Penetration Tester & Red Team Operator your scope would consist of … Conduct complex black, gray box, and white box penetration tests across multiple technologies including web applications, mobile application, APIs, infrastructure, cloud environments, and devices. Chain multiple exploits and apply defense evasion techniques as needed. Generate accurate, concise, and actionable penetration test reports. Peer review reports for quality and accuracy. Validate the effectiveness of remediation efforts. Triage and schedule incoming penetration test requests. Lead scoping calls. Participate in purple team exercises by reproducing techniques of known threat actors across multiple tactics categories. Apply defense evasion techniques using observed methods. Lead complex red team exercises across complex environments and all phases of the kill chain. Design, deploy, monitor and maintain resilient C2 infrastructure. Design and execute social engineering engagements. Generate red team reports. Create custom malware. Manage third-party pen test and red team engagements to ensure high-quality products and deliverables. Support testing automation through the creation of complex scripts or applications in one or more languages. Support Incident Response during security incidents as needed. Validate bug bounty findings. Validate perimeter assets for exposure to known vulnerabilities. Perform OSINT and related discovery activities. Establish and grow relationships with key stakeholder inside and outside of Information Security. Serve as SME for at least one technology. Coach lower levels. Update the team’s operational processes as needed and participate in overall knowledge base improvement. Provide feedback about and update as needed the operational processes and procedures. Maintain a professional communicative relationship with other associates and management. Provide timely, comprehensive and accurate information to Information Security leadership in both written and verbal communications. Develop the requisite expertise, knowledge, and ability to perform independently. Participation in after-hours activities when required. Collaborate with CFC teams on project execution and Pepsi Co security improvements. Ensure team success through organizational, functional, and team alignment towards team mission and objectives. Accountabilities Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals. Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape. Develop automation to scale global offensive capabilities and operational resiliency. Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings. Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required. Qualifications Who Are We Looking For? Bachelor's degree in information technology, related field or equivalent work experience in a hands-on, technical role plus 5 years of experience in a hands-on, technical information security role. At least 3 years of experience in offensive security, DFIR, Application Security, or Vulnerability Management Working knowledge of aligning threat and vulnerability management efforts to frameworks and control objectives
  • MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP. Information Security certifications such as OSCP, OSCE, GPEN, GWAPT or GXPN are required. Proficient with security tools (Burp Suite, Metasploit, Nmap, bloodhound, etc.). Proficient in at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++). Proficient with Linux and/or Windows server management. Proficient with one or more C2 frameworks. Proficient with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). Working knowledge of public cloud services (Azure, AWS, Alibaba) configuration and hardening. Demonstrated experience participating in social engineering engagements. Demonstrated experience applying host and network-based defense evasion techniques in support of red team activities. Experience with generative AI, LLMs, NLP etc. is a plus. Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations). A team-focused mentality with the proven ability to work effectively with diverse stakeholders. Solid customer orientation with excellent oral and written communication skills in English. An ability to effectively influence others to modify their opinions, plans, or behaviors. Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business. Decision-making capabilities, with an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. An ability to work extremely well under pressure while maintaining a professional image and approach. Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity. Ability to lead globally dispersed teams to achieve a unified outcome. Experience driving large-scale risk reduction initiatives across Fortune 500 organizations. Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution. Active community engagement: Bug Bounty program engagements, participation in CTFs, or contributions to open source, etc. Ability to organize tasks, manage time, and prioritize actions to meet business needs. If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements. What can you expect from us: Opportunities to learn and develop every day through a wide range of programs. Internal digital platforms that promote self-learning. Development programs according to Leadership skills. Specialized training according to the role. Learning experiences with internal and external providers. We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others. Financial wellness programs that will help you reach your goals in all stages of life. A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle. And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others. We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.
    The Opportunity Within the Cyber Fusion Center, the Offensive Security Team continuously evaluates Pepsi Co’s cyber security posture through penetration tests and red team engagements to proactively identify gaps and drive mitigations to minimize Pepsi Co's cyber risk exposure. This role will focus on supporting perimeter security, vulnerability disclosure, and bug bounty. Your Impact As Senior Penetration Tester & Red Team Operator your scope would consist of … Conduct complex black, gray box, and white box penetration tests across multiple technologies including web applications, mobile application, APIs, infrastructure, cloud environments, and devices. Chain multiple exploits and apply defense evasion techniques as needed. Generate accurate, concise, and actionable penetration test reports. Peer review reports for quality and accuracy. Validate the effectiveness of remediation efforts. Triage and schedule incoming penetration test requests. Lead scoping calls. Participate in purple team exercises by reproducing techniques of known threat actors across multiple tactics categories. Apply defense evasion techniques using observed methods. Lead complex red team exercises across complex environments and all phases of the kill chain. Design, deploy, monitor and maintain resilient C2 infrastructure. Design and execute social engineering engagements. Generate red team reports. Create custom malware. Manage third-party pen test and red team engagements to ensure high-quality products and deliverables. Support testing automation through the creation of complex scripts or applications in one or more languages. Support Incident Response during security incidents as needed. Validate bug bounty findings. Validate perimeter assets for exposure to known vulnerabilities. Perform OSINT and related discovery activities. Establish and grow relationships with key stakeholder inside and outside of Information Security. Serve as SME for at least one technology. Coach lower levels. Update the team’s operational processes as needed and participate in overall knowledge base improvement. Provide feedback about and update as needed the operational processes and procedures. Maintain a professional communicative relationship with other associates and management. Provide timely, comprehensive and accurate information to Information Security leadership in both written and verbal communications. Develop the requisite expertise, knowledge, and ability to perform independently. Participation in after-hours activities when required. Collaborate with CFC teams on project execution and Pepsi Co security improvements. Ensure team success through organizational, functional, and team alignment towards team mission and objectives. Accountabilities Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals. Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape. Develop automation to scale global offensive capabilities and operational resiliency. Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings. Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.
  • Who Are We Looking For? Bachelor's degree in information technology, related field or equivalent work experience in a hands-on, technical role plus 5 years of experience in a hands-on, technical information security role. At least 3 years of experience in offensive security, DFIR, Application Security, or Vulnerability Management Working knowledge of aligning threat and vulnerability management efforts to frameworks and control objectives
  • MITRE ATT&CK, NIST CSF, ISO27001, CIS, OWASP. Information Security certifications such as OSCP, OSCE, GPEN, GWAPT or GXPN are required. Proficient with security tools (Burp Suite, Metasploit, Nmap, bloodhound, etc.). Proficient in at least one scripting language (Python, bash, PowerShell) or one programming language (Java, C#, C++). Proficient with Linux and/or Windows server management. Proficient with one or more C2 frameworks. Proficient with defensive and monitoring technologies such as Intrusion prevention/detection systems (IPS/IDS), Web application firewalls (WAF), security information and event management systems (SIEMs), and endpoint detection/response (EDR) tools, as well as user and entity behavior analytics (UEBA). Working knowledge of public cloud services (Azure, AWS, Alibaba) configuration and hardening. Demonstrated experience participating in social engineering engagements. Demonstrated experience applying host and network-based defense evasion techniques in support of red team activities. Experience with generative AI, LLMs, NLP etc. is a plus. Experience in multiple security domains (e.g. Network security, Application Security, Infrastructure Security, Cloud Security, Security operations). A team-focused mentality with the proven ability to work effectively with diverse stakeholders. Solid customer orientation with excellent oral and written communication skills in English. An ability to effectively influence others to modify their opinions, plans, or behaviors. Proactive attitude, seeking for improvement opportunities which can positively impact the security posture and the business. Decision-making capabilities, with an ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. An ability to work extremely well under pressure while maintaining a professional image and approach. Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity. Ability to lead globally dispersed teams to achieve a unified outcome. Experience driving large-scale risk reduction initiatives across Fortune 500 organizations. Ability to weigh the relative costs/benefits/trade-offs of potential actions and identify the best resolution. Active community engagement: Bug Bounty program engagements, participation in CTFs, or contributions to open source, etc. Ability to organize tasks, manage time, and prioritize actions to meet business needs. If this is an opportunity that interests you, we encourage you to apply even if you do not meet 100% of the requirements. What can you expect from us: Opportunities to learn and develop every day through a wide range of programs. Internal digital platforms that promote self-learning. Development programs according to Leadership skills. Specialized training according to the role. Learning experiences with internal and external providers. We love to celebrate success, which is why we have recognition programs for seniority, behavior, leadership, moments of life, among others. Financial wellness programs that will help you reach your goals in all stages of life. A flexibility program that will allow you to balance your personal and work life, adapting your working day to your lifestyle. And because your family is also important to us, they can also enjoy benefits such as our Wellness Line, thousands of Agreements and Discounts, Scholarship programs for your children, Aid Plans for different moments of life, among others. We are an equal opportunity employer and value diversity at our company. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We respect and value diversity as a work force and innovation for the organization.

About PepsiCo

MIGUEL HIDALGO

Headquarters