Principal InfoSec Engineer Application Security

Philip Morris International U.S.Tampa, FL
$160,000 - $200,000Hybrid

About The Position

At PMI U.S., we are building a modern nicotine business—focused on helping make a future without cigarettes a reality in America. As the U.S. businesses of Philip Morris International, we are investing in new products, science, and capabilities to provide the approximately 25 million legal age adults who still smoke with better alternatives. Our approach is rooted in innovation, responsible marketing, and a growing U.S. footprint that spans manufacturing, technology, and commercial operations across the country. That creates real opportunity. You’ll have the space to take ownership, develop new ideas, and contribute to work that is shaping our business and the category. We’re looking for people who are curious, collaborative, and motivated by progress—because the scale of what we’re building creates room to grow in different directions.

Requirements

  • 10+ years of experience in Information Security, preferably in the IT risk or assurance function (e.g., IT Security, IT Audit, Application Security, Offensive Security) of a large organization or consulting company.
  • Proven track record in autonomously executing complex IT security assessments or IT audits for large scale technology solutions, including technical reviews such as architecture reviews, configuration reviews, automated testing (SAST, DAST).
  • Broad familiarity with various IT domains such as application development, cloud and infrastructure.
  • Understanding of technical depth to challenge design decisions when needed (e.g., questioning why a certain legacy protocol is used, or whether a proposed architecture meets segmentation requirements).
  • Risk evaluation and articulation skills with ability to foresee project constraints and pragmatically suggest risk mitigations that fit within those constraints (balancing ideal security vs. practical delivery).
  • Excellent communication skills (up and down). Ability to lead meetings with project managers and architects to discuss findings and also brief upper management on the residual risks of a project. Strong negotiation skills to ensure necessary security changes are made.
  • Strong report writing skills for executive-level summaries and detailed risk registers. Also adept at improving team processes and refining existing methodologies (e.g., creating a standardized threat model template for all advisors to use).
  • Professional security certifications: CISA (mandatory), CISSP (mandatory), CISM (optional, but preferred)

Responsibilities

  • Identify cybersecurity gaps in new and existing applications and systems used by the PMI U.S. business unit via a wide variety of methods (e.g., threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testing).
  • Take ownership for execution of security assurance for the most critical or complex projects in the PMI U.S. business unit (e.g., a major system implementation or a multi-state rollout). Plan and deliver the security engagement – from initial risk scoping, ongoing design checkpoints, to final pre-go-live assessments. Ensure all security requirements are addressed throughout the project lifecycle, not just at the end.
  • Develop tailored assurance plans for projects in the PMI U.S. business unit that deviate from the standards. For example, if a project is adopting a new technology, determine what additional assessment steps are needed (specialized testing, extra reviews) and deliver them in coordination with other specialized InfoSec teams or external experts.
  • Describe and demonstrate identified issues in various forms (e.g., reports, technical debt definitions) and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company. Advise technology teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way.
  • Coordinate with other Application Security teams to get specialized input as needed. For instance, bring in Offensive Security specialists for targeted ethical hacking activities and integrate their findings into the overall advisory for projects in the PMI U.S. business unit. Also, feedback common project pain points into the AppSec baseline evolution (e.g., if many projects struggle with a certain policy requirement, flag this to potentially clarify or enhance that standard in future).
  • Support creation of global application security strategies and implementation of strategic application security plans and initiatives for PMI U.S
  • Partner with Information Security leaders to ensure that the PMI U.S. business unit follows best practices in the application security domain by continuously optimizing tools, techniques and methodologies.
  • Keep up to date with the constantly evolving cyber threat landscape and the latest developments in technology and cyber risk management.

Benefits

  • competitive base salary
  • annual bonus
  • great medical, dental and vision coverage
  • 401k with a generous company match
  • incredible wellness benefits
  • commuter benefits
  • pet insurance
  • generous PTO
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service