Senior Security Engineer – Vulnerability Management & Automation

Overview

We are looking for an experienced and highly technical Senior Security Engineer with 6 to 7 years of expertise in Vulnerability Management, Security Automation, and Enterprise Security Operations. This role demands advanced coding skills (Python, PowerShell, Bash, or equivalent) to develop automation frameworks, integrate security tools, and optimize vulnerability remediation workflows.

The ideal candidate will have a deep understanding of SAP security, Onapsis, and Tenable, along with hands-on experience in ServiceNow Vulnerability Response (VR) module, Configuration Compliance, and third-party security platforms (Okta, Salesforce, M365, SAP, etc.). This role will focus on enterprise vulnerability management, integrating security findings into ServiceNow, automating compliance reporting, and enhancing risk visibility across on-prem and cloud environments.

As a seasoned professional, you will lead strategic security automation initiatives, design scalable security architectures, drive SAP vulnerability remediation, and mentor junior analysts.

Responsibilities

• Advanced Security Automation & API Development
• Develop, optimize, and scale automation scripts (Python, PowerShell, Bash) to improve vulnerability detection, tracking, and remediation.
• Design custom API integrations between Tenable, Onapsis, ServiceNow VR, and ITSM platforms to automate security workflows.
• Implement security automation playbooks that reduce manual efforts and accelerate response times.
• Engineer custom security solutions to streamline vulnerability scanning and compliance reporting.
• Enterprise Vulnerability Management & Risk Prioritization
• Lead enterprise-wide vulnerability assessments using Tenable, Onapsis, Qualys, or Nexpose.
• Implement automated risk-based prioritization models, leveraging AI/ML-driven insights where applicable.
• Oversee and optimize the ServiceNow VR module for scalable vulnerability tracking, exception management, and automated ticketing.
• Work closely with IT and business stakeholders to define remediation SLAs, risk thresholds, and compliance requirements.
• SAP Security & Onapsis Integration
• Lead the security assessment of SAP environments, ensuring compliance with industry standards and best practices.
• Automate the ingestion of Onapsis vulnerability findings into ServiceNow VR for enhanced tracking and resolution.
• Work with SAP teams to remediate misconfigurations, unauthorized access risks, and compliance gaps.
• Develop automation frameworks to monitor SAP security posture and streamline remediation workflows.
• Security Platform & ServiceNow Integration
• Manage the full integration of Tenable, Onapsis, and Configuration Compliance findings into ServiceNow VR.
• Enhance Configuration Compliance monitoring by automating the processing of audit findings and risk exceptions.
• Ensure that security data is accurate, actionable, and seamlessly integrated with ITSM and GRC platforms.
• Deep Network & Security Protocols Expertise
• Apply expert-level knowledge of networking and security protocols (, TCP/IP, HTTP/S, SSH, FTP, DNS, SSL/TLS, VPNs, RDP).
• Assess security implications of common ports (, 443 (HTTPS), 22 (SSH), 3389 (RDP), 53 (DNS), 445 (SMB)) and automate network security controls.
• Work on firewall rule reviews, segmentation strategies, and security policy enforcement.
• Compliance Automation & Security Governance
• Design automation workflows for PCI-DSS, NIST, ISO 27001, and CIS benchmarks compliance.
• Develop tools to generate real-time compliance reports, track remediation progress, and reduce audit preparation time.
• Stay ahead of emerging threats, regulatory changes, and vulnerability trends, continuously refining security automation strategies.
• Strategic Leadership & Mentorship
• Provide technical leadership in vulnerability management, SAP security, and security automation.
• Drive strategic discussions with IT, business, and leadership teams to align security initiatives with organizational goals.
• Mentor junior and mid-level security analysts, sharing best practices in automation, API development, and risk prioritization.
• Develop comprehensive security documentation, playbooks, and process improvements.

Compensation & Benefits:

• The expected compensation range for this position is between $89,000 - $149,000.
• Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
• Bonus based on performance and eligibility target payout is 10% of annual salary paid out annually.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.

Qualifications

• Strong programming skills in Python, PowerShell, Bash, or equivalent languages for security automation.
• Deep expertise in SAP security and Onapsis vulnerability management.
• Advanced API development skills, integrating security platforms (Tenable, Onapsis, ServiceNow, ITSM).
• Strong experience with ServiceNow VR module, including automation, custom workflows, and integrations.
• Hands-on experience with Tenable, Qualys, or Nexpose for enterprise vulnerability scanning.
• Expert-level understanding of network security protocols and common port numbers.
• Experience securing third-party platforms (Okta, SAP, ServiceNow, Salesforce, M365).
• Proven ability to lead security automation initiatives and mentor junior analysts.
• Strong analytical, troubleshooting, and problem-solving skills.

Preferred Qualifications:

• Experience with cloud security automation (AWS, Azure, GCP).
• Infrastructure-as-Code (Terraform, Ansible) for security automation.
• Familiarity with SAP Basis, HANA security, and GRC compliance.
• Experience with machine learning-driven security automation.
• Security certifications (CISSP, OSCP, GIAC, AWS Security Certs, Onapsis Certified Expert) are a plus.

EEO Statement

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity / Age

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy.

Please view our Pay Transparency Statement