Application Security Engineer

The Application Security Engineer plays a pivotal role in leading the charge to integrate automated security testing into our CI/CD pipelines to enable continuously monitoring of application risks. You will be at the forefront of developing full-stack applications and automation solutions that directly enhance our security posture. Your mission will be to build and manage tools and capabilities that make security findings visible and actionable. You’ll guide teams in triage and remediation, configure and optimize automated security tools, and foster a proactive security culture across the organization. This role is for someone passionate about building scalable software solutions and driving real impact by embedding security seamlessly into the development lifecycle. You're a part of an application security team in Poland with a manager in our site in Plano, Texas.

Why should you join this team?

• you will have maximum autonomy & 100% ownership
• this is a high-impact role which will affect all future applications at PepsiCo

How do we work and what do we offer?

• we work in a hybrid model (1 day per week from the office in Warsaw, Plac Konesera)
• we offer a contract of employment
• the most important benefits of this position: annual bonus, private healthcare, life insurance, Multisport, private pension plan, employee assistance program

What are your daily tasks?

• you're developing and maintaining full-stack applications and automation tools to support security testing in CI/CD pipelines.
• you're building and managing systems that track, report, and centralize key security metrics and findings.
• you're customizing and tuning detection rules for automated security tools to enhance detection accuracy and reduce false positives.
• you're helping drive triage efforts, providing clear guidance on remediation to cross-functional teams.
• you're implementing and integrating generative AI technology to revolutionize application security.
• you're playing a crucial role in shaping the security framework and practices within the organization, impacting thousands of developers and a multitude of applications globally
• you're engaging in continuous research to stay abreast of the latest trends and developments in application security and software development

Technologies & tools we use:

Python/Typescript/Go, Microsoft Azure, Amazon AWS, GitHub Enterprise, DAST/SAST/Secret/SCA/Container scanning (Invicti/Semgrep/Snyk), API security (Noname), Web application Firewall (Imperva WAF), ELK Stack, Postgresql

What will you bring to the team?

• 2-3 years of relevant experience
• working experience in Python / C# / Go / Java or any modern programming languages
• experience in full-stack development
• Experience with OWASP Top 10 findings in code
• exceptional problem-solving skills, with a creative and innovative mindset
• excellent communication and collaboration skills
• ability to work autonomously