APPLY AS
(Senior) Application Security Tester
Location: Kraków
Be a part of a revolutionary change
At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide.
With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.
PMI’s journey to a smoke-free future is fueled by technology.
The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.
Join us in this role and you’ll be part of our IT Information Security & Data Privacy international team in the beautiful city of Krakow, Poland.
• Describe identified issues in the form of reports and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company
• Analyze the scope, methodology and results of ethical hacking activities performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI
• Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendors
• Advise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way
• Partner with other Information Security leaders to ensure that PMI follows best practices in the application security testing domain by continuously optimizing tools, techniques and methodologies
• Keep up to date with the constantly evolving cyber threat landscape and the latest developments in ethical
• Professional certifications in ethical hacking (e.g. OSCP, GIAC Penetration Tester, GIAC Web Application Penetration Tester, GIAC Mobile Device Security Analyst)
• Proven track record in performing web/mobile application security testing using well-known methodologies (OWASP, OSMMT or CREST) and techniques (SAST, DAST, IAST, SCA)
• Demonstrated experience with both automated and manual penetration testing using open source and/or commercial tools
• Knowledge of common web/mobile technologies (e.g. ASP.NET, C#, Java, JavaScript, Ruby, Python)
• Strong understanding of modern application architectures including microservices, containers, APIs and serverless technologies
• Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
• Considerable technical writing proficiency and oral presentation skills, in English
• Practical experience in Agile/DevOps organizations and cultures
• Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore
• Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong
• Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress
• Take pride in delivering our promise to society: to improve the lives of a billion smokers
At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke-free products with the power to improve the lives of a billion smokers worldwide.
With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.
PMI’s journey to a smoke-free future is fueled by technology.
The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.
Join us in this role and you’ll be part of our IT Information Security & Data Privacy international team in the beautiful city of Krakow, Poland.
Your “day to day”
• Identify cybersecurity vulnerabilities in PMI applications and systems using a wide variety of methods, e.g. static code analysis, dynamic/interactive testing, manual penetration testing and code review• Describe identified issues in the form of reports and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company
• Analyze the scope, methodology and results of ethical hacking activities performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI
• Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendors
• Advise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way
• Partner with other Information Security leaders to ensure that PMI follows best practices in the application security testing domain by continuously optimizing tools, techniques and methodologies
• Keep up to date with the constantly evolving cyber threat landscape and the latest developments in ethical
Who we’re looking for
• Minimum 5 years of experience in ethical hacking/penetration testing/vulnerability assessment, preferably in professional services or consulting companies• Professional certifications in ethical hacking (e.g. OSCP, GIAC Penetration Tester, GIAC Web Application Penetration Tester, GIAC Mobile Device Security Analyst)
• Proven track record in performing web/mobile application security testing using well-known methodologies (OWASP, OSMMT or CREST) and techniques (SAST, DAST, IAST, SCA)
• Demonstrated experience with both automated and manual penetration testing using open source and/or commercial tools
• Knowledge of common web/mobile technologies (e.g. ASP.NET, C#, Java, JavaScript, Ruby, Python)
• Strong understanding of modern application architectures including microservices, containers, APIs and serverless technologies
• Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
• Considerable technical writing proficiency and oral presentation skills, in English
• Practical experience in Agile/DevOps organizations and cultures
What we offer
Our success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can:• Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore
• Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong
• Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress
• Take pride in delivering our promise to society: to improve the lives of a billion smokers
JOIN A GLOBAL MARKET LEADER
PMI is the world’s leading international tobacco company, with six of the world's top 15 international brands and products sold in more than 180 markets. In addition to the manufacture and sale of cigarettes, including the number one global cigarette brand, and other tobacco products, PMI is engaged in the development and commercialization of Reduced-Risk Products (“RRPs”). RRPs is the term we use to refer to products that present, are likely to present, or have the potential to present less risk of harm to smokers who switch to these products versus continued smoking. We have a range of RRPs in various stages of development, scientific assessment and commercialization. Because our RRPs do not burn tobacco, they produce far lower quantities of harmful and potentially harmful compounds than found in cigarette smoke. For more information, see www.pmi.com and www.pmiscience.com.APPLY ON-LINE IN ENGLISH
Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted.
Please note that only on-line applications will be taken into consideration. Only selected candidates will be contacted.
IT
