Attack Surface Management Director

Job Description

Auto req ID: 182107BR

Job Description

Imagine when YOUR “Creative Solutions” MEETS OUR Thirst for Innovation

At PepsiCo it takes a global team to solve some of the most complex problems. And our InfoSec group is no exception! From Plano to Poland - we have a collaborative team comprised of two structures, a Center of Excellence, and a Consultancy, that are consistently innovating and supporting one another across borders. Influencing and driving our security agenda is no small task, and recognize the everyday contributions our talented security professionals make.

The Attack Surface Management Director is responsible for the global identification and assessment of vulnerabilities, scope and execution of security penetration tests, and the remediation of resulting vulnerabilities. Set the global strategy and direction for Attack Surface Management with the sole goal to reduce vulnerabilities and ensure the protection of PepsiCo assets.

  • Set strategy and direction for Attack Surface Management Team
  • Run day to day operations including vulnerability assessments and remediation efforts
  • Generate reports on assessment findings and summarize to facilitate remediation tasks
  • Liaise with asset owners and business partners to ensure timely remediation
  • Conduct annual penetration test using independent 3rd party
  • Operationalize PepsiCo internal Red Team to deliver periodic and ad-hoc penetration tests
  • Set strategy for vulnerability assessment and configuration assessment tools
  • Recommend security controls and/or corrective actions for mitigating technical and business risk
  • Produce vulnerability, configuration, and coverage metrics and reporting to demonstrate assessment coverage and remediation effectiveness
  • Deliver multi-year road maps for the Attack Surface Management function
  • Lead and manage team of subject matter experts including staffing and day to day management


  • Bachelor’s degree in Computer Science, Cyber Security, or other STEM disciplines preferred or equivalent related work experience.
  • 10+ years of experience in information security
  • 5+ years of experience in information security vulnerability management role
  • 5+ years securing operations technology environments
  • Proven experience developing and managing Red Teams
  • Experience with large scale and complex environments similar to PepsiCo
  • Demonstrated ability to perform independent analysis of complex problems and distill relevant findings and root causes
  • A broad and deep understanding of cyber-security threats, vulnerabilities, controls and remediation strategies
  • Strong technical knowledge in information technology, to include hardware, networking, architecture, protocols, files systems and operating systems.
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and the associated impact on the organization
  • Excellent interpersonal skills and strong verbal and written communication
  • Relevant Technical Security Certifications. CISSP required; others are desired, including GCISP, GPEN, CEH.

Nice to have knowledge of the following:
  • Windows, UNIX, Linux, and mobile operating systems
  • Programming Languages, e.g. C, C++, C#, Java, PHP, PERL
  • Scanning tools (e.g. Qualys WAS, Qualys VM, HP Fortify, Intel MVM, nMAP, etc.)
  • Web-based and mobile applications
  • Security frameworks (e.g. ISO 27001/27002, NIST, SOX, etc.)
  • Operations Technology / Industrial Control Systems
  • Vulnerability assessment
  • Metasploit framework

Relocation Eligible: Eligible for Standard Relocation
Job Type: Regular

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901 - 4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy

Please view our Pay Transparency Statement