PMI - Security Engineer

Lisbon

OWASP, API, OAuth

PMI is recruiting a Security Engineer

MAKE HISTORY WITH PMI!

At PMI, they have chosen to do something incredible. They are totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.
With huge change, comes huge opportunity. So, wherever you join them, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

Their future is Tech based. To build it, they need your help.
 
IT at PMI
PMI’s journey to a smoke-free future implies a shift from a tobacco manufacturer to a science and technology-based consumer-facing organization. Such a shift creates an abundance of unique and transformative IT projects to match all levels of skills and ambitions. You’ll feel like you’re working in a start-up – with the freedom to shape and define the future of digital, but with the support and scope of a vast global business. You’ll get a chance to work with cutting-edge technologies (e.g., Cloud, APIs, AI) as well as management practices (e.g., Agile, Design Thinking, Product Management). Their environment is fast-paced and highly collaborative. If you want the freedom to find new ways to connect with consumers, there’s no better place to progress your career.
Digital at PMI is dynamic, diverse, and disruptive. Join us and become a part of a top talent team where you can bring new insights to life in a global function that is a key driver of the success of our business.

They are seeking a SECURITY ENGINEER to join their INTEGRATION TEAM to evolve and focus on their security practices, standards & patterns across our APIs/Integrations portfolio.
 
Your day to day:
  • Work with the team to ensure the security of our applications facing customers and consumers.
  • Review and implement processes and practices in the scope of application security together with the product teams and stakeholders.
  • Understand, implement, and measure key Business and Engineering metrics within the security space.
  • Review and implement tooling that supports the CI/CD paradigm, as well as validate that secure coding best practices are being used (relevant languages: JavaScript, Python, Golang, Python, TypeScript, .NET…).
  • Have a good understanding of HTTP protocols, security controls, API design, and security testing.
  • Coordinate external security assessments and remediations.
  • Participate in the products' development with cybersecurity risk assessment.
  • Directly contributing to engineering artifacts such as good practices/standards/tooling/ Ways of Working.
  • Participate in design and requirement reviews and provide design solutions that allow the application to maintain security without losing functionality. Incorporate design solutions in Development, DevOps, and Architectural best practices.
  • Review and improve the security architecture of our products.
  • Be a customer-focused person, with the ability to educate and influence a technical audience on Application Security matters.
  • Help the organization in building a top-quality team by participating in hiring initiatives.
 
 
Requirements: 
• University degree (Computer Science, Information Systems, Engineering, Business Administration or equivalent).
• More than 3 years show experience in a similar role.
• Understand key processes in cloud technology.
• Experience working in an iterative approach to innovation.
• Proficiency in written and spoken English.
• Deep understanding of OWASP Top 10 and CWE 25; with a proven track record and experience in implementing and integrating remediation strategies.
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols for application/API development and deployment.
• Proficient in API/web application design, penetration testing, risk assessment, and risk categorization.
• Preferred experience with driving and implementing secure development practices into SDLC (SSDLC); ability to successfully integrate security into a developer’s world.
• Good stakeholder management, and ability to build trust and rapport with internal and external stakeholders.
• Identity and Authentication standards such as FIDO and OAuth.
• Understanding of cryptography.
• Understanding of cloud computing architectures.
• Testing skills both manual and automated.
• Vulnerability management and identification, including extensive OWASP knowledge.
• Application security assessments (source code and multifaceted).
• Technical writing proficiency and oral presentation.
 
What's in it for you? 
Work-life balance: Wellbeing comes first. They offer a fantastic office environment and Smart working options to ensure you have the best work-life balance possible

Learning & Development: Your growth is a priority. Their robust and varied learning & development ecosystem will help you strengthen your technical skills and enhance your soft skills and eye for business. The capabilities you will acquire with them will support your life-time employability within IT, PMI, and beyond.

Inclusion & Diversity: Their differences - much more than our similarities - generate the innovation they are looking for. They aspire to build a diverse and inclusive organisation to access the breadth and depth of thinking and sensitivity necessary to thrive

Every single IT colleague is part of their Transformation journey. Join them and pursue your ambitions – their staggering size and scale provides endless opportunities to progress. If this offer resonates with you, they look forward to receiving your application and getting to know you.
 
Want to know more? Get in touch with us ๐Ÿ‘‡
I allow DAMIA GROUP to store and process my personal data. My information will be handled in accordance with DAMIA GROUP Privacy Policy*
Download 2024 Benchmark
× Reach out!