With huge change, comes huge opportunity. So, wherever you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.
PMI’s journey to a smoke-free future is fueled by technology.
The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.
Join us in this role and you’ll be part of our IT Information Security & Data Privacy international team in the beautiful city of Krakow, Poland.
Your “day to day”• Support IT teams on information security related topics during the design, development and maintenance of new or existing systems
• Perform detailed security assessments of applications and systems from multiple perspectives, e.g. by reviewing their overall architecture and attack surface, validating trust boundaries and data flows, understanding the integration with external systems, etc.
• Describe identified issues to relevant stakeholders in the form of reports and ensure that they understand the risk that those issues pose to the Company
• Embed cybersecurity into the systems development life cycle process, e.g. by leading the execution of threat modeling activities and fostering the adoption of DevSecOps principles
• Support hands-on the integration of security tools (e.g. SAST, DAST) within the continuous integration/continuous delivery (CI/CD) pipelines of the development teams
• Create and maintain secure application development patterns and secure coding standards to help IT teams minimizing the number of cybersecurity issues in their products
• Raise awareness across the organization by delivering trainings, webinars or similar activities that reduce the number of repeated application security weaknesses and technical vulnerabilities
• Keep up to date with the constantly evolving cyber threat landscape and the latest developments in application security
Who we’re looking for• Minimum 5 years of experience in web/mobile application security, preferably within a large organization
• Professional certifications in Information Security or Cybersecurity (e.g. CISSP, CISM)
• Proven track record in supporting development teams throughout all phases of systems development life cycle (design, threat modelling, development, maintenance)
• Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines
• Strong understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
• Practical knowledge on modern application architectures including microservices, containers, APIs and serverless technologies
• Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
• Considerable technical writing proficiency and oral presentation skills, in English
• Practical experience in Agile/DevOps organizations and cultures
• Highly collaborative, with ability to build relationships with colleagues from different cultures throughout the organization
• Experience with any of the following technologies/tools not mandatory but strongly preferred: AWS WAF, Salesforce Shield, HashiCorp Vault, Terraform, Ansible, Artifactory, Splunk, ELK
What we offerOur success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can:
• Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore
• Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong
• Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress
• Take pride in delivering our promise to society: to improve the lives of a billion smokers
JOIN A GLOBAL MARKET LEADERPMI is the world’s leading international tobacco company, with six of the world's top 15 international brands and products sold in more than 180 markets. In addition to the manufacture and sale of cigarettes, including the number one global cigarette brand, and other tobacco products, PMI is engaged in the development and commercialization of Reduced-Risk Products (“RRPs”). RRPs is the term we use to refer to products that present, are likely to present, or have the potential to present less risk of harm to smokers who switch to these products versus continued smoking. We have a range of RRPs in various stages of development, scientific assessment and commercialization. Because our RRPs do not burn tobacco, they produce far lower quantities of harmful and potentially harmful compounds than found in cigarette smoke. For more information, see www.pmi.com and www.pmiscience.com.