Senior Security Engineer - Security - OMNI

Philip Morris International

  • Portugal
  • Permanente
  • Horário completo
  • Há 16 dias
PMI'S JOURNEY TO A SMOKE-FREE FUTURE IS FUELED BY TECHNOLOGYWe are seeking an Integration Engineer who will help in adopting and supporting established IT architecture principles, standards & patterns that can be leveraged across 'IT products, in alignment with the overall architectural vision and direction and provide insights for PMI architecture services and related technologies, data and security components in related domain(s), adopt standards and guidelines for the implementation.Can you make the right bets while meeting business innovation needs with speed and agility? If you are looking for space to innovate and experiment as well as apply the newest technology solutions on an enterprise level, join us in our transformation journey.The TeamOur team is part of the wider IT Consumer & Commercial (ITC&C) function responsible for designing, building, running, and improving business solutions and services globally. The technologies we are interested in range from omnichannel, commerce, digital marketing, social media and trade, both within a B2C and B2B context - all our solutions are customer and/or consumer-facing and are the real growth engine and future of our organization.The ITCC Omnichannel & Cross Functional Services, department is responsible for providing services for multiple channels across consumer and commercial experiences while ensuring our first line of defence and service excellence in operations of these services and platforms. The Team's focus is on providing seamless and consistent consumer and customer experiences across multiple channels and touchpoints through decomposition of common capabilities.Our customers are two-fold as we help delivery teams to accelerate by providing stable technology enablement solutions and support our affiliates who consume the technology we centrally deliver. In total, we serve around eighty-nine affiliates worldwide who use a mixture of B2C and B2B technology and enable delivery teams in Direct, Indirect, and Omnichannel & Cross-Function Services.We are hiring a Senior Security Engineer for our Omni-Channel and Cross-Functional Subplatform (OMNI-X for short) to support our Product Teams increasing the maturity of our Digital Products in terms of Application and Information Security.We are a very international team and currently spread across six cities worldwide: Lausanne is our head office and operating centre, and we have teams in London, Lisbon, Jakarta, Buenos Aires and Krakow.Role Summary
  • Identify potential threats by performing threat modeling, architectural design review, source code review, dynamic application security tests (pen test) for the web, mobile and infrastructure
  • Coordinate Security Assessments and Remediations with internal and external Software Engineering Teams
  • Engage in product features development by leveraging your Security Expertise to shift left activities related to cybersecurity risk assessment
  • Engage with the Community of Security Engineers to drive standards and ensure its adoption within OMNI Subplatform
  • Keep yourself updated on trends and risks related to Information and Application Security and provide guidance for security policies and standards.
  • Ensure applicable IT Policy Framework (ITPF) controls, regulatory and statutory requirements are addressed early in the development lifecycle.
  • Directly contribute to engineering artifacts such as: Good practices /Standards/ Tooling/ Ways of Working
  • Collaborate with other Software Security experts in the organization to support the configuration of automation tools (e.g static code analysis)
  • Coach and support Engineers in Product Teams on automating security checks in the CI/CD pipelines for their products
  • Participate in design and requirement reviews and providing design solutions that allow the application to maintain security without losing functionality. Incorporate design solution in Development, DevOps and Architectural best practices.
  • Participate in awareness initiatives to educate and influence a technical audience on Application Security matters.
  • Review and improve security architecture of our Products.
  • Perform Security Assessments of our Products on a recurring basis to ensure security requirements are being met.
  • Conduct source code and dynamic application security reviews in relevant programming languages and frameworks (Python, Go, TypeScript, JavaScript, React).
  • Define security test cases during test automation and develop new tools to improve the security of the group gaming application
  • To enhance product security, foster expertise, and continuous awareness within the development team, and coordinate necessary security training to proactively address concerns.
  • Share high-level plans for sprint planning and present epics with potential security impact to information and the application, including assumed Major Changes.
Experience, Skills, And Capabilities
  • Technical degree and/or relevant confirmed experience in IT
  • Experience of operating across functions and geographies in large, complex and sometimes uncertain IT environments
  • Experience of analysing sophisticated data and turning this into important and practical insights
  • Ability to work well in diverse, multinational teams and proven track record to influence others to achieve positive outcomes
  • Good presentation, communication & facilitation skills
  • Deep understanding of OWASP Top 10 and CWE 25; with proven track record and experience in implementing and integrating remediation strategies
  • Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment
  • Well versed in web application design, penetration testing, application risk assessment and risk categorization
  • Well versed (experience preferred) with driving and implementing secure development practices in to SDLC (SSDLC)
  • Ability to successfully integrate security into a developer's world.
  • Knowledge of Identity and Access Management (IAM) principles.
  • Strong understanding of authentication protocols, encryption, and cloud architectures.
  • Vulnerability management and identification, including extensive OWASP knowledge, Familiarity with cloud security principles and best practices (AWS, Azure, etc.).
Desirable:
  • University degree (Computer Sciences, Information Technology, or a related field).
  • Over 7 years of relevant experience in a similar role.
  • Understand key processes in cloud technology.
  • Experience working in an iterative approach to innovation.
  • Fluency in written and spoken English.
  • Industry Certifications:
  • AWS Certified Security - Specialty
  • CSSLP - Certified Secure Software Lifecycle Professional.

Philip Morris International

Empregos similares

  • Senior Systems Engineer - Data Center & Cloud

    Warpcom Services

    • Lisboa
    • Porto
    O que procura nos candidatos A nossa oferta inclui serviços geridos, NOC (Network Operations Center) e SOC (Security Operations Center), desenho e fornecimento de soluções à medi…
    • Há 1 dia

  • Senior Systems Engineer - Data Center & Cloud

    Warpcom

    • Lisboa
    A Warpcom é líder de mercado na implementação de soluções de comunicações unificadas e colaboração, contact center, mobilidade, cibersegurança e soluções de data center e cloud. …
    • Há 3 dias

  • IP Network & Security Engineer

    Wondercom

    • Lisboa
    WONDERCOM | Creating the future Together Acompanhamos o Futuro das Tecnologias. Abraçamos Desafios. Entregamos Soluções. Vem criar o futuro connosco! Procuramos um@ IP Ne…
    • Há 1 mês