Remediation Expert

  • Company: PepsiCo
  • Posted: January 20, 2017
  • Reference ID: 111347BR
The Remediation Expert seeks out weaknesses of the company's infrastructure (systems, applications, and networks) and finds creative ways to protect it. The Remediation Expert is responsible for analyzing attack and vulnerability data and recommending changes to management (not authorizing and implementing changes). The Remediation Expert will work with security engineers, administrators, and developers (whose primary roles is to ensure that systems are working as designed (i.e. make changes, apply patches and set up new admin users, etc.). Prior experience coordinating efforts between various IT and security teams is a plus.

Key Responsibilities:
  • Drive remediation of security risks including tracking of issues, action plans, partnering with patch coordination teams, technology/application owners, and business areas to prioritize and enhance remediation efforts
  • Lead technology vulnerability remediation efforts through cross functional working committees
  • Manage enterprise vulnerability assessment and configuration assessment tools
  • Research industry best practices for most effective tactical security practices
  • Group and prioritize remediation findings in a manner that increases efficiency
  • Asses implementation efforts required for successful testing and deployment of remedial actions
  • Assess vulnerabilities; determine and initiate the required remedial action
  • Track attestation of controls and update attack surface reporting data
  • Identify operational roadblocks to ensure timely remediation and countermeasures
  • Conduct internal and external security audits of security controls
  • Verify protection levels against end user threats as it relates desktop, laptops and mobile devices


Minimum Qualifications:
  • BS degree in Computer Engineering or CS or a technical field preferred
  • CEH, ECSA, GSEC/GCIH/GCIA - GIAC, CISSP certifications desired
  • 7+ years of experience in two or more of the following: network vulnerability assessments, web application security testing, network penetration testing, red teaming, or security operations
  • Experience with security risk assessment, vulnerability triaging and remediation
  • Strong understanding of Windows, UNIX and Linux operating systems functions and security
  • Experience with Windows environments and Active Directory concepts
  • Knowledge of applications, database, and Web server design and implementation
  • Ability to clearly convey results in formal technical reports and deliver briefings to senior client staff

Desired Qualifications:
  • Strong understanding of network protocols and experience with packet analysis tools
  • Strong understanding of cloud computing and virtual infrastructure environments
  • Experience with programming at least one of the following: Perl, Python, ruby, bash, C or C++, C#, or Java, including scripting and editing existing code
  • An understanding of regulatory requirements: PCI, FFIEC, SOX, HIPAA, ISO 27002 standard

Relocation Eligible

Eligible for Standard Relocation

Share this Job