(Senior) Application Security Specialist

(Senior) Application Security Specialist

PMI Service Center Europe
Online interview
Employment contract

Your tasks

Your “day to day”

  • Support IT teams on information security related topics during the design, development and maintenance of new or existing systems 
  • Perform detailed security assessments of applications and systems from multiple perspectives, e.g. by reviewing their overall architecture and attack surface, validating trust boundaries and data flows, understanding the integration with external systems, etc.
  • Describe identified issues to relevant stakeholders in the form of reports and ensure that they understand the risk that those issues pose to the Company 
  • Embed cybersecurity into the systems development life cycle process, e.g. by leading the execution of threat modeling activities and fostering the adoption of DevSecOps principles
  • Support hands-on the integration of security tools (e.g. SAST, DAST) within the continuous integration/continuous delivery (CI/CD) pipelines of the development teams
  • Create and maintain secure application development patterns and secure coding standards to help IT teams minimizing the number of cybersecurity issues in their products
  • Raise awareness across the organization by delivering trainings, webinars or similar activities that reduce the number of repeated application security weaknesses and technical vulnerabilities
  • Keep up to date with the constantly evolving cyber threat landscape and the latest developments in application security

Project description

PMI’s journey to a smoke-free future is fueled by technology.

The total transformation we’re going through means that there are unique IT projects here to match all levels of skills and ambitions – from pace-setting global pilot projects to vital local updates. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in any number of directions.

Join us in this role and you’ll be part of our IT Information Security & Data Privacy international team in the beautiful city of Krakow, Poland.

What we offer

Our success depends on the men and women who come to work every single day with a sense of purpose and an appetite for progress. Join PMI and you too can:

  • Seize the freedom to define your future and ours – we’ll empower you to take risks, experiment and explore 
  • Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong
  • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress
  • Take pride in delivering our promise to society: to improve the lives of a billion smokers

Who we're looking for?

Who we’re looking for

  • Minimum 5 years of experience in web/mobile application security, preferably within a large organization
  • Professional certifications in Information Security or Cybersecurity (e.g. CISSP, CISM)
  • Proven track record in supporting development teams throughout all phases of systems development life cycle (design, threat modelling, development, maintenance)
  • Hands-on experience with integration of SAST, DAST and SCA tools into CI/CD pipelines
  • Strong understanding of cloud computing architectures (e.g. SaaS, IaaS, PaaS, FaaS) and their corresponding characteristics in terms of information security
  • Practical knowledge on modern application architectures including microservices, containers, APIs and serverless technologies
  • Sound knowledge of impact and remediation techniques for vulnerabilities from and outside of OWASP Top 10
  • Considerable technical writing proficiency and oral presentation skills, in English
  • Practical experience in Agile/DevOps organizations and cultures
  • Highly collaborative, with ability to build relationships with colleagues from different cultures throughout the organization
  • Experience with any of the following technologies/tools not mandatory but strongly preferred: AWS WAF, Salesforce Shield, HashiCorp Vault, Terraform, Ansible, Artifactory, Splunk, ELK


  • Healthcare package
  • Pension Plan
  • Dental Care
  • Life Insurance
Leisure package
  • Multisport program
  • Cultural benefits
  • Discounter program (Discounter is a program in which its partners offer our employees discounts on their services and products.)
  • Snacks
  • Fruits
  • Hot beverages
  • Cold beverages
  • Subsidized meals in two company canteens
  • Further education and professional qualification support
  • Books
  • Conferences
  • Technical and soft skills workshops
  • On-line technical courses
  • Car parking
  • Bicycle parking
  • Social aid
  • Optional company kindergarden 
  • Integration events
  • Shower
  • Chill room
  • Table socker
  • Game room
  • Silent room
  • Gifts for life events (child birth, weeding, jubilee awards)

Our company

PMI Service Center Europe

Krakow 1700
Tech skills
  • Java
  • Scala
  • Python

Check out similar job offers