Tech Lead - Security

MAKE HISTORY WITH US! At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and you will have the space to move your career forward in many different areas/directions. IT at PMI PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer facing organization. Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Our environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career. Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new ideas to life in a global function that is a key driver of the success of our business. IT HUB Krakow With a team of over 300 and more than 20 nationalities, the IT HUB Krakow plays a critical role in creating a smoke-free future around the world. Become a part of a team of engineers, technicians, experts, solid IT freaks, researchers and game changers and create new IT work standards with us! Joining the Digital Products Portfolio The Digital Consumer Engagement Products portfolio plays a critical role in delivering PMI’s Smoke-Free Future. We are enabling digital services to our consumers and retailers by building platforms to communicate our vision to broader society. Together with talent from multiple business and technology functions across our footprint, we are delivering a premium experience for our consumers. When you join this team, you will work in a dynamic, diverse, and warm environment. You will be primarily focusing on defining your Digital Product vision, regularly engaging with your customers to gather feedback and understand their needs in order to maximize value. You will be part of all stages of Digital Product incremental value delivery. JOIN US! WHO ARE WE LOOKING FOR? ● Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies ● Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks and protocols with respect to application development and deployment ● Well versed in web application design, penetration testing, application risk assessment and risk categorisation ● Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC); ability to successfully integrate security into a developer’s world ● Good stakeholder management, ability to build trust and rapport with internal and external stakeholders WHAT WE OFFER YOU? ● Wide range of trainings, optional language classes, further education and professional qualification support possibility ● Private medical and dental care, life insurance ● Lunch card (Sodexo), Multisport & Cafeteria program ● Hybrid model of work and flexible working arrangements ● Employee pension plan ● Free bike and car parking for all employees ● Eligibility to participate in Copyrighted Work program (possibility to increase tax-deductable costs) HOW WILL YOU MAKE HISTORY WITH US? ● Leading the security chapter, working with the team to ensure the security of our applications facing customers and consumers ● Review and implement processes and practices in the scope of application security together with the product teams and stakeholders ● Understand, implement and measure key Business and Engineering metrics within the security space ● Review and implement tooling that support the CI / CD paradigm (static code analysis, predictive security, etc) ● Develop security training and socialise the material with internal development teams. ● Lead in development of automated security testing to validate that secure coding best practices are being used. ● Help the organization in building a top-quality team by participating in hiring initiatives Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted.