PMI - Security Engineer (DevSecOps)

Lisbon

OWASP, SDLC, DevOps, IAM

PMI is recruiting a Security Engineer

MAKE HISTORY WITH PMI!

At PMI, they have chosen to do something incredible. They are totally transforming our business and building our future on smoke-free products with the power to deliver a smoke-free future.
With huge change, comes huge opportunity. So, wherever you join them, you’ll enjoy the freedom to dream up and deliver better, brighter solutions and the space to move your career forward in endlessly different directions.

Their future is Tech based. To build it, they need your help.
 
IT Consumer at PMI
The Digital Consumer Engagement Products portfolio plays a critical role in delivering PMI’s Smoke-Free Future. We are enabling digital services to our consumers and retailers by building platforms to communicate our vision to broader society. Together with talent from multiple business and technology functions across our footprint, we are delivering a premium experience for our consumers. When you join this team, you will work in a dynamic, diverse, and warm environment. You will be primarily focusing on defining your Digital Product vision, regularly engaging with your customers to gather feedback and understand their needs to improve value. You will be part of all stages of Digital Product incremental value delivery.

When you join the team, you will work in a dynamic and diverse environment. You will primarily focus on being responsible for the delivery of websites with a variety of development teams, at the same time taking up hands-on development. On top of that, you will regularly engage with your internal customers to capture feedback and understand their needs to improve the value of our products.
 
Your day to day:
  • Working with the team to ensure the confidentiality, integrity, and availability of our customers and consumers facing information and systems.
  • Review and implement processes and practices in the scope of application security together with the product teams and stakeholders.
  • Understand, implement, and measure key Business and Engineering metrics within the security space.
  • Review and implement tooling that support the CI/CD paradigm, as well as validate that secure coding best practices are being used (relevant languages: JavaScript, Python, Golang, React, TypeScript, .NET…)
  • Coordinate external security assessments and remediations.
  • Participate in the product features development with cybersecurity risk assessment.
  • Directly contributing to engineering artifacts such as: Good practices /Standards/ Tooling/ Ways of Working
  • Participating in design and requirement reviews and providing design solutions that allow the application to maintain security without losing functionality. Incorporate design solution in Development, DevOps, and Architectural best practices.
  • Reviewing and improving security architecture of our Products.
  • Customer-oriented person, with the ability to educate and influence a technical audience on Application Security matters.
  • Help the organization in building a top-quality team by participating in hiring initiatives.
 
Requirements: 
  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization
  • Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC)
  • Ability to successfully integrate security into a developer’s world.
  • Good stakeholder management, ability to build trust and rapport with internal and external stakeholders.
  • Knowledge of Identity and Access Management (IAM) principles.
  • Strong understanding of authentication protocols, encryption, and cloud architectures.
  • Familiarity with security testing and vulnerability assessment tools.
  • Vulnerability management and identification, including extensive OWASP knowledge, Familiarity with cloud security principles and best practices (AWS, Azure, etc.).
  • Application security assessments (source code and dynamic).
  • Technical writing proficiency and oral presentation.
 
What's in it for you? 
Work-life balance: Wellbeing comes first. They offer a fantastic office environment and Smart working options to ensure you have the best work-life balance possible

Learning & Development: Your growth is a priority. Their robust and varied learning & development ecosystem will help you strengthen your technical skills and enhance your soft skills and eye for business. The capabilities you will acquire with them will support your life-time employability within IT, PMI, and beyond.

Inclusion & Diversity: Their differences - much more than our similarities - generate the innovation they are looking for. They aspire to build a diverse and inclusive organisation to access the breadth and depth of thinking and sensitivity necessary to thrive

Every single IT colleague is part of their Transformation journey. Join them and pursue your ambitions – their staggering size and scale provides endless opportunities to progress. If this offer resonates with you, they look forward to receiving your application and getting to know you.
 
Want to know more? Get in touch with us πŸ‘‡
I allow DAMIA GROUP to store and process my personal data. My information will be handled in accordance with DAMIA GROUP Privacy Policy*
Download 2024 Benchmark
× Reach out!