Senior InfoSec Engineer Application Security

Be a part of a revolutionary change! 

At Philip Morris International (PMI), we’ve chosen to do something incredible. We’re totally transforming our business and building our future on one clear purpose – to deliver a smoke-free future. 

With huge change, comes huge opportunity. So, if you join us, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions. Our success depends on people who are committed to our purpose and have an appetite for progress.  

PMI’s journey to a smoke-free future is fueled by technology.

The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.

Join us in this role and you’ll be part of our Global InfoSec Application Security team.

Your 'day To Day'

• Identify cybersecurity gaps in PMI applications and systems using a wide variety of methods, e.g. threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testing
• Evaluate the security posture of the third party solutions using TPCRM methodologies with cybersecurity focus
• Analyze the scope, methodology and results of cybersecurity activities (e.g. ethical hacking) performed by third parties around the presence of vulnerabilities in systems used or to be used by PMI
• Follow up with third parties on any inconsistency and ambiguity in the reports to have a reasonable level of assurance over security testing deliverables provided by vendors
• Describe and demonstrate identified issues in various forms (e.g. reports, technical debt definitions) and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company
• Advise IT teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way
• Partner with other Information Security leaders to ensure that PMI follows best practices in the application security testing domain by continuously optimizing tools, techniques and methodologies
• Create and implement global application security strategies
• Keep up to date with the constantly evolving cyber threat landscape and the latest developments in IT risk management and contribute to PMI’s security standards
  
  

Who We’re Looking For

• At least 5 years of experience, preferably in a large organization or consulting companies, in IT Assurance functions (e.g. IT Security, IT Audit, IT Controls, Offensive Security, Vulnerability Management)
• Proven track record in performing IT security assessments or IT audits for large scale solutions (including technical reviews, e.g. architecture reviews, automated testing (SAST, DAST), configuration reviews)
• Professional security certifications (e.g. CISA, CISSP, CRISC, CISM, OSCP, GPEN, GWEB, CEH)
• Good knowledge of typical application design patterns and their attack vectors (e.g. web, mobile, thick client, etc.)
• Strong understanding of modern application architectures including microservices, containers, APIs, serverless technologies, and cloud environments
• Knowledge of basic identity and access management concepts (e.g. single-sign on, identity federation) and standards (e.g. SAML, OAuth 2.0, OpenID)
• Knowledge of cloud security concepts (incl. Salesforce and AWS)
• Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
• Considerable technical writing proficiency and oral presentation skills
• Fluent in English
• Legally authorized to work in the U.S.
  
  

Annual Base Salary Range: $113,000-$134,000

What We Offer

• We offer a competitive base salary, annual bonus (applicable based on level of position), great medical, dental and vision coverage, 401k with a generous company match, incredible wellness benefits, commuter benefits, pet insurance, generous PTO, and much more!
• We have implemented Smart Work, a hybrid model of working that promotes flexibility in the workplace.
• Seize the freedom to define your future and ours. We’ll empower you to take risks, experiment and explore.
• Be part of an inclusive, diverse culture where everyone’s contribution is respected; Collaborate with some of the world’s best people and feel like you belong.
• Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress.
• Take pride in delivering our promise to society: To improve the lives of millions of smokers.
  
  

PMI is an Equal Opportunity Employer.

PMI is headquartered in Stamford, Conn., and its U.S. affiliates have more than 2,300 employees.

PMI has been an entirely separate company from Altria and Philip Morris USA since 2008. PMI’s affiliates first entered the U.S. market following the company’s acquisition of Swedish Match in late 2022.

Philip Morris International and its U.S. affiliates are working to deliver a smoke-free future. Since 2008, PMI has invested $12.5 billion globally to develop, scientifically substantiate and commercialize innovative smoke-free products for adults who would otherwise continue to smoke with the goal of transitioning legal-age consumers who smoke to better alternatives. In 2022, PMI acquired Swedish Match – a leader in oral nicotine delivery – creating a global smoke-free champion led by the IQOS and ZYN brands. The U.S. Food and Drug Administration has authorized versions of PMI’s IQOS electronically heated tobacco devices and Swedish Match’s General snus as Modified Risk Tobacco Products and renewal applications for these products are presently pending before the FDA. For more information, please visit www.pmi.com/us and www.pmiscience.com

6858