Info Security Assoc Analyst

Overview

Within the Cyber Fusion Center, the Infrastructure Security Team is looking for a motivated Entry-Level Information Security Analyst to join our Vulnerability Management & Automation team. This role focuses on identifying, analyzing, and mitigating security vulnerabilities while leveraging automation to enhance efficiency. The ideal candidate should have strong scripting skills (Python, PowerShell, Bash), a solid understanding of basic network and security protocols with associated port numbers, and familiarity with third-party platforms such as Okta, SAP, ServiceNow, Salesforce, and M365. Additionally, the candidate will support the ServiceNow Vulnerability Response (VR) module for Tenable and assist with Configuration Compliance and audit findings

Responsibilities

Vulnerability Management & Risk Assessment:

• Assist in scanning, analyzing, and prioritizing vulnerabilities across cloud and on-prem environments.
• Utilize security tools such as Tenable, Qualys, or Nexpose to monitor and assess risks.
• Work with IT teams to track and ensure timely remediation of vulnerabilities.
• Support the integration and management of Tenable findings in the ServiceNow Vulnerability Response (VR) module.

Automation & Scripting:

• Develop and maintain Python, PowerShell, or Bash scripts to automate vulnerability detection and remediation workflows.
• Create API integrations between security tools, ServiceNow VR & CC Modules, and ITSM platforms.
• Automate reporting and ticketing processes to improve operational efficiency.
• ServiceNow Vulnerability Response & Compliance:
• Support the ServiceNow Vulnerability Response (VR) module for Tenable, ensuring accurate ingestion and tracking of vulnerabilities.
• Assist in Configuration Compliance monitoring by analyzing audit findings and tracking remediation efforts.
• Work with IT and security teams to address compliance gaps related to frameworks like PCI-DSS, NIST, and ISO 27001.

Network & Security Protocols:

• Understand and apply basic network and security protocols (e.g., TCP/IP, HTTP/S, SSH, FTP, DNS, SSL/TLS, VPNs, RDP).
• Be familiar with common port numbers and their security implications.
• Support network segmentation and firewall rule reviews.
• Third-Party Platform Security:
• Assess security configurations and vulnerabilities in Okta, SAP, ServiceNow, Salesforce, and M365.
• Help identify misconfigurations and recommend security best practices.
• Security Best Practices:
• Stay up to date with security trends, vulnerabilities, and exploits.
• Assist in compliance initiatives related to PCI-DSS, NIST, ISO 27001, and CIS benchmarks.
• Document security findings and automation workflows clearly for team reference.

Accountabilities

• Execute on projects, objectives, and deliverables in alignments with team vision, mission, and goals.
• Routinely develop and update offensive security documentation, processes, and technologies to adapt to emerging threat landscape.
• Develop automation to scale global offensive capabilities and operational resiliency.
• Collaborate with partner teams, service owners, and senior leadership to influence, prioritize, and drive the resolution of discovered security findings.
• Create and deliver trainings; and participate in security reviews, audits, on-site engagements, and support incidents after-hours when required.

Compensation and Benefits:

• The expected compensation range for this position is between $64,300 - $107,650.
• Location, confirmed job-related skills, experience, and education will be considered in setting actual starting salary. Your recruiter can share more about the specific salary range during the hiring process.
• Paid time off subject to eligibility, including paid parental leave, vacation, sick, and bereavement.
• In addition to salary, PepsiCo offers a comprehensive benefits package to support our employees and their families, subject to elections and eligibility: Medical, Dental, Vision, Disability, Health, and Dependent Care Reimbursement Accounts, Employee Assistance Program (EAP), Insurance (Accident, Group Legal, Life), Defined Contribution Retirement Plan.

Qualifications

Years of experience

• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or a related field (or equivalent hands-on experience).

Mandatory Technical Skills

• Strong scripting and automation skills using Python, PowerShell, or Bash.
• Understanding of basic security and networking protocols and their associated port numbers.
• Exposure to vulnerability management tools like Tenable, Qualys, or Nexpose.
• Experience with ServiceNow Vulnerability Response (VR) module for managing Tenable findings.
• Familiarity with third-party platforms (Okta, SAP, ServiceNow, Salesforce, M365).
• Strong problem-solving skills and ability to work in a fast-paced environment.

Preferred Qualifications (Nice to Have):

• Experience with APIs to automate security workflows.
• Basic knowledge of cloud security (AWS, Azure, GCP).
• Understanding of security frameworks like MITRE ATT&CK, NIST, CIS Benchmarks.
• Security certifications (CompTIA Security+, CEH, GIAC) are a plus but not required.

Non-technical Skills

• A proactive and positive team player who is impact-focused, driven, curious, analytical, and a self-starter.
• Demonstrated ability to autonomously make high-judgment decisions and take calculated risks.
• Ability to establish trust relationships and influence others to positively impact the security posture and the business.
• Flexible and adaptive to support a dynamic and global environment with diverse stakeholders and ambiguity.
• Solid customer orientation with excellent oral and written communication skills in English.
• Must be able to operate extremely well under pressure while maintaining a professional.

Differentiating behaviors

• Ability to organize tasks, manage time, and prioritize actions to meet business needs.
• Driven and Focused

>

Our Company will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the Fair Credit Reporting Act, and all other applicable laws, including but not limited to, San Francisco Police Code Sections 4901-4919, commonly referred to as the San Francisco Fair Chance Ordinance; and Chapter XVII, Article 9 of the Los Angeles Municipal Code, commonly referred to as the Fair Chance Initiative for Hiring Ordinance.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

PepsiCo is an Equal Opportunity Employer: Female / Minority / Disability / Protected Veteran / Sexual Orientation / Gender Identity

If you'd like more information about your EEO rights as an applicant under the law, please download the available EEO is the Law & EEO is the Law Supplement documents. View PepsiCo EEO Policy.

 Please view our Pay Transparency Statement