Software Engineer (AppSec Platform Development)

at  PepsiCo

Overview:
PepsiCo’s Global Application Security Program is responsible for integrating security at scale in all development workflows to identify and manage application security risks. Our mission is to make security risks visible and actionable by the business to ensure security findings are addressed promptly and effectively.
This role is responsible for contributing to the development of our core automated application security posture management platform and fostering a culture of proactive security across the organization.

Responsibilities:

• Design, develop, implement, test, and maintain components of our platform, including APIs, container services, queues, databases, and UIs.
• Design, stand up, integrate, implement, deploy, configure, and test cloud services to support platform scalability, performance, and reliability.
• Design, develop, implement, test, and maintain IaC components in the code to automate and optimize component deployments.
• Implement scalable integrations with third-party application security scanning tools, source code management systems, and work item/issue trackers.
• Ensure code quality through robust functional testing, unit testing, and code reviews.
• Take responsibility for delivering specific features or modules within project timelines.
• Track and manage work in agile workflows, including creating and updating stories, story pointing, sprint planning, backlog grooming, and daily stand-ups to ensure timely and efficient delivery of tasks.
• Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement.
• Foster a collaborative environment and promote knowledge sharing to help the team grow.
• Continuously research and raise novel concepts to improve the application security posture of the business. Stay updated with the latest security trends, tools, and practices.
• Support 24/7 hour on-call, including weekends/holidays, on a rotating basis.
• Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications).
• Develop program metrics, continuously measure progress/impact, and drive improvements.
• Research and raise novel concepts to improve the resiliency and efficiency of the system. Stay updated with the latest development practices, patterns, and paradigms.
• Collaborate with the leadership and cross-functional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, platform teams, and sector functions.
• Execute projects, objectives, and deliverables in alignment with the team’s vision, mission, and goals.
• Create and deliver training sessions; mentor junior team members; and engage in knowledge transfer sessions, technical design reviews, and business review meetings.

MANDATORY TECHNICAL SKILLS:

• Bachelor’s degree in computer science, engineering, or a related field, with 3-4 years of relevant experience
• Proficient in Python and/or Go.
• Proficient in SQL and at least one relational database framework (MSSQL, PostgreSQL, etc.).
• Proficient with design patterns & principles.
• Proficient with public cloud services (AWS Preferred).
• Hands-on experience with IaC development (Terraform preferred).
• Hands-on experience developing full-stack applications and rapidly prototyping solutions.
• Hands-on experience with modern CI/CD tools and practices (GitHub Enterprise, Azure DevOps, Jenkins, etc.)
• Experience with developing and monitoring metrics and KPIs.
• Understanding of the OWASP Top 10.
• Experience with generative AI technologies is a plus.

NON-TECHNICAL SKILLS:

• Strong communication skills, both verbal and written.
• Excellent presentation skills.
• High level of integrity and ethical standards.
• Excellent problem-solving, analytical, and critical thinking skills.
• Demonstrated ability to autonomously make decisions and take calculated risks.
• A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
• Ability to establish trust relationships and influence others.
• Flexible and adaptive to support a dynamic, global environment with diverse stakeholders and ambiguity.
• Must be able to operate extremely well under pressure.

• Design, develop, implement, test, and maintain components of our platform, including APIs, container services, queues, databases, and UIs.
• Design, stand up, integrate, implement, deploy, configure, and test cloud services to support platform scalability, performance, and reliability.
• Design, develop, implement, test, and maintain IaC components in the code to automate and optimize component deployments.
• Implement scalable integrations with third-party application security scanning tools, source code management systems, and work item/issue trackers.
• Ensure code quality through robust functional testing, unit testing, and code reviews.
• Take responsibility for delivering specific features or modules within project timelines.
• Track and manage work in agile workflows, including creating and updating stories, story pointing, sprint planning, backlog grooming, and daily stand-ups to ensure timely and efficient delivery of tasks.
• Establish and monitor key performance indicators (KPIs) to constantly measure effectiveness and make necessary adjustments for continuous improvement.
• Foster a collaborative environment and promote knowledge sharing to help the team grow.
• Continuously research and raise novel concepts to improve the application security posture of the business. Stay updated with the latest security trends, tools, and practices.
• Support 24/7 hour on-call, including weekends/holidays, on a rotating basis.
• Develop technical documentation (i.e. system design, architecture diagrams, data flows, functional specifications).
• Develop program metrics, continuously measure progress/impact, and drive improvements.
• Research and raise novel concepts to improve the resiliency and efficiency of the system. Stay updated with the latest development practices, patterns, and paradigms.
• Collaborate with the leadership and cross-functional teams including DevOps, development teams, security operations, data and analytics, enterprise architecture, platform teams, and sector functions.
• Execute projects, objectives, and deliverables in alignment with the team’s vision, mission, and goals.
• Create and deliver training sessions; mentor junior team members; and engage in knowledge transfer sessions, technical design reviews, and business review meetings