Advance Security Assessments Team Lead
Job Title: Advance Security Assessments Team Lead
Location: Plano, TX
Category: IT and Internet
The Advance Security Assessments Team Lead position is a highly technical hands-on role that plays a pivotal role in security risk management across PepsiCo. The mission of this role includes, but is not limited to, emulating advanced persistent threat (APT) and other sophisticated cyber attackers to perform internal/external attack testing, planning and coordinating attack campaigns involving PepsiCo pen testers from other teams to mimic known adversarial tactics, techniques and procedures (TTPs).
This role reports into the Information Security Group and maintains strong relations with all Line of Business technology groups. The lead must have an excellent working knowledge of all aspects of malware reverse engineering, offensive thinking/planning, intelligence analysis, penetration testing, tool/exploit development, social engineering, networking, operating systems and technical architectures. Patience and the willingness to work long hours are qualities that are well-suited for this position. The successful candidate will also possess strong written and verbal communication skills as customer facing and teaming skills will be used on a daily basis.
- Plan and conduct attacks on internally or externally hosted applications and infrastructure on a global scale with an emphasis on critical functions targeted by adversaries.
- Design and develop scripts, frameworks, tools and the methods required for facilitating and executing complex attacks and emulating adversarial TTPs.
- Interpret their impact on the business area operations, systems and processes with key fringe stakeholders within PepsiCo.
- Ensure effective knowledge management of findings and review results of any attack campaign in order to determine severity of findings and identify potential remediation or mitigation strategies.
- In-depth research of the latest adversarial TTPs and technologies to remain at the bleeding edge.
- Mentor and train more junior staff in attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
- Communicate effectively with representatives of the Lines of Business, technology specialists, and vendors.
- BS degree in Computer Engineering or CS or a technical field preferred
- OSCP, OSCE, or OSWE or SANS Certification
- 10+ years of experience in two or more of the following: network vulnerability assessments, Web application security testing, network penetration testing, red teaming, or security operations
- Experience with using, administering, and troubleshooting at least two major platforms of Linux, including Ubuntu and Red Hat
- Experience with Windows environments and Active Directory concepts
- Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code
- Experience with tools, including Qualys, Nessus, WebInspect, AppDetective, Hailstorm, Metasploit, Burp Suite Pro, Aircrack-ng, and Kismet
- Knowledge of applications, database, and Web server design and implementation
- Knowledge of open security testing standards and projects, including OWASP
- Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff
- Professional level understanding of TCP/IP fundamentals, network protocols, system administration and network architectures.
- Demonstrable skills in identifying and mitigating security vulnerabilities in operating systems and web applications.
- Ability to identify both tactical and strategic solutions.
- Ability to work independently and in a cross functional team.
- Experience in coordinating, working with and gaining the trust of business stakeholders, technical resources, and third-party vendors
- Experience in leading meetings, dividing responsibilities, and influencing people to take action to assist in the resolution of security incidents.
- Willing to travel to other PepsiCo locations as necessary to support security incidents and attack testing work
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.
PepsiCo is an equal opportunity employer Minorities/Females/People with Disabilities/Protected Veterans/Sexual Orientation/Gender Identity.
If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law (http://pep.jobs/eeo-poster) & EEO is the Law Supplement (http://pep.jobs/eeo-poster-supplement) documents by copying and pasting the appropriate URL in the address bar of your web browser.
To view our Pay Transparency Statement, please click here: Pay Transparency StatementJob Ref: 111254BR",
Performance with Purpose
Out performing ourselves is a rush. That's why we perform with purpose. Together, we blaze new trails, succeed, celebrate and then do something even bigger. We never settle for second best. At PepsiCo we're not just committed to performing well as individuals, but as a team, to strengthen the company as a whole.
Around the world, we're working hard to give people the tastes they crave and the nutrition they need. We dream globally and act locally, constantly innovating to sustain our planet, our people, our communities and our business practices. New markets mean new ways of doing business, and new ways of addressing health concerns, cultural differences and environmental challenges. Every day is an adventure, and an opportunity for personal and professional growth.