Security Engineer Direct Experience

At PMI, we’ve chosen to do something incredible. We’re transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future. With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and have the space to move your career forward in many different areas/directions. IT Consumer at PMI The Digital Consumer Engagement Products portfolio plays a critical role in delivering PMI’s Smoke-Free Future. We are enabling digital services to our consumers and retailers by building platforms to communicate our vision to broader society. Together with talent from multiple business and technology functions across our footprint, we are delivering a premium experience for our consumers. When you join this team, you will work in a dynamic, diverse, and warm environment. You will be primarily focusing on defining your Digital Product vision, regularly engaging with your customers to gather feedback and understand their needs to improve value. You will be part of all stages of Digital Product incremental value delivery. When you join the team, you will work in a dynamic and diverse environment. You will primarily focus on being responsible for the delivery of websites with a variety of development teams, at the same time taking up hands-on development. On top of that, you will regularly engage with your internal customers to capture feedback and understand their needs to improve the value of our products. YOUR DAY-TO-DAY Working with the team to ensure the confidentiality, integrity, and availability of our customers and consumers facing information and systems. Review and implement processes and practices in the scope of application security together with the product teams and stakeholders. Understand, implement, and measure key Business and Engineering metrics within the security space. Review and implement tooling that support the CI/CD paradigm, as well as validate that secure coding best practices are being used (relevant languages: JavaScript, Python, Golang, React, TypeScript, .NET…) Coordinate external security assessments and remediations. Participate in the product features development with cybersecurity risk assessment. Directly contributing to engineering artifacts such as: Good practices /Standards/ Tooling/ Ways of Working Participating in design and requirement reviews and providing design solutions that allow the application to maintain security without losing functionality. Incorporate design solution in Development, DevOps, and Architectural best practices. Reviewing and improving security architecture of our Products. Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters. Help the organization in building a top-quality team by participating in hiring initiatives. What is needed to succeed in this Role? Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment Well versed in web application design, penetration testing, application risk assessment and risk categorization Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC) Ability to successfully integrate security into a developer’s world. Good stakeholder management, ability to build trust and rapport with internal and external stakeholders. Knowledge of Identity and Access Management (IAM) principles. Strong understanding of authentication protocols, encryption, and cloud architectures. Familiarity with security testing and vulnerability assessment tools. Vulnerability management and identification, including extensive OWASP knowledge, Familiarity with cloud security principles and best practices (AWS, Azure, etc.). Application security assessments (source code and dynamic). Technical writing proficiency and oral presentation. WHO ARE WE LOOKING FOR? University degree (Computer Sciences, Information Technology, or a related field). Over 4 years of relevant experience in a similar role. Understand key processes in cloud technology.  Experience working in an iterative approach to innovation.  Fluency in written and spoken English. What’s in it for you? There are many IT Organizations out there, so why should you join ours? We believe PMI IT’s true strength is fuelled by our people, and that our success depends on them coming to work every single day with a sense of purpose and an appetite for progress. We are a people-first organization committed to providing you with an outstanding employee journey. Here’s a glimpse of what’s in it for you upon joining us: Work-life balance: Wellbeing comes first. We offer a fantastic office environment and Smart working options to ensure you have the best work-life balance possible Learning & Development: Your growth is a priority. Our robust and multifaceted learning & development ecosystem will help you strengthen your technical skills and enhance your soft skills and eye for business. The capabilities you will acquire with us will support your lifetime employability within IT, PMI, and beyond Inclusion & Diversity: Our differences - much more than our similarities - generate the innovation we are looking for. We seek to build a diverse and inclusive organization to access the breadth and depth of thinking and sensitivity vital to thrive Every single IT colleague is part of our Transformation journey. Join us and pursue your ambitions – our staggering size and scale provide endless opportunities to progress. If this offer resonates with you, we look forward to receiving your application and getting to know you. Together, let’s deliver a smoke-free future.