Position Title:  Federated Data Platform Security Engineer

Be part of a revolutionary change

At PMI, we’ve chosen to do something incredible. We’re totally transforming our business and building our future on smoke‑free products with the power to improve the lives of a billion smokers worldwide.

With huge changes come huge opportunities. By joining us, you’ll enjoy the freedom to dream up, build better and brighter solutions—and the space to move your career forward in endlessly different directions.

PMI’s journey to a smoke‑free future is fueled by technology

The disruptive transformation we’re going through means you’ll find many unique IT projects that match all levels of skills and ambitions—from pacesetting global initiatives to ‑mission critical‑ platform operations. Whether you want to pursue a personal passion or build an international career, there’s space here to develop in many directions.

To join us in PMI Tech, you’ll need to be driven and equally comfortable taking a strategic view or diving deep into technical details. Our culture is agile and collaborative, and we genuinely believe our people are among the best you’ll ever work with.

Role Summary

We are looking for a skilled, security-focused Federated Data Platform Security Engineer to join our Federated Data Platform (FDP) team. In this role, you will be responsible for designing, implementing, and operating FDP security controls to ensure data confidentiality, integrity, resilience and compliance across PMI’s global, federated data landscape.

In this role, you will design, implement, and operate security principles/controls for PMI’s federated data ecosystem, ensuring confidentiality, integrity, and compliance across multiple domains, environments, and geographies.

You will work hands‑on with Snowflake, Matillion DPC, and dbt Cloud, embedding security‑by‑design into platform usage while enabling scalable, self‑service analytics. You will serve as the primary engineering counterpart to the Data Platform Security Analysts (1st LoD) and partner closely with Platform Engineers, Data Engineers, Solution Architects, IAM teams, and Risk & Compliance stakeholders to balance strong governance with developer productivity.

This role combines deep technical security engineering, data governance enablement, and operational ownership in a highly regulated, enterprise environment.

Responsibilities

• Act as the security champion for the Federated Data Platform, accountable for the effectiveness of security controls across platform services and domains
• Act as the primary product‑side counterpart to Data Platform Security Analysts (1st LoD), providing design inputs, evidence, and remediation ownership
• Design, implement, and maintain platform security architecture aligned with enterprise and regulatory requirements, ensuring security controls support IT resilience objectives, including secure backup, restore, and disaster recovery design, documentation, and testing
• Own and govern role-based‑ access control (RBAC) models across Snowflake accounts, environments, and domains
• Implement and enforce least privilege access, segregation of duties (SoD‑), and environment isolation (DEV / QA / PROD)
• Integrate FDP Platform with enterprise Identity & Access Management (IAM) solutions and SSO
• Define and manage data access patterns, including secure data sharing, row level security, masking policies, and ‑classification-based‑ controls
• Enable and monitor security logging, auditing, and observability capabilities to enable continuous monitoring, reporting, and governance of FDP security posture
• Proactively support solution outline reviews, access model reviews, integration reviews, and platform evolution initiatives by providing security‑by‑design inputs
• Collaborate with platform and data teams to ensure secure onboarding of new domains, users, and data products
• Define, document, and maintain security standards, guardrails, patterns, and runbooks for FDP usage
• Maintain up‑to‑date security documentation and runbooks to support audits, DPIAs, SOX controls, and internal reviews
• Own the technical remediation of security findings, risks, and audit issues related to the Federated Data Platform. Ensure agreed risk treatment plans are technically feasible, implemented on time, and verifiable through evidence
• Participate in incident response, vulnerability management, root cause analysis, and timely remediation of security findings, ensuring vulnerabilities are addressed within agreed SLAs
• Support key rotation, secret management, and credential lifecycle management
• Work in Agile and DevOps ways of working, embedding security controls into automated provisioning and CI/CD pipelines

Background and Qualifications

• Bachelor’s Degree or higher in Computer Science, Cybersecurity, Information Systems, or related field (or equivalent experience)
• Minimum 3–5 years of experience in data platform, cloud security, or database security roles
• Proven hands-on experience securing Snowflake, Matillion or dbtCloud ‑in enterprise environments
• Strong understanding of RBAC, IAM, access governance, and segregation of duties concepts
• Experience implementing data protection controls such as masking, row level‑ security, and secure data sharing
• Familiarity with cloud security principles and SaaS security models
• Experience working with security logging, audit trails, and monitoring tools
• Ability to translate security and compliance requirements into practical technical controls
• Experience operating in a regulated enterprise environment with formal risk, audit, and assurance processes
• Experience working in Agile teams and collaborating with engineering and architecture stakeholders
• Strong communication skills, with the ability to explain security concepts to technical and non‑technical audiences
• Passion for building secure, scalable, and compliant data platforms

Additional Experience Preferred or Helpful

• Experience with federated data platforms or data mesh architectures
• Knowledge of advanced security features (eg. Snowflake secure views, data sharing, dynamic data masking)
• Familiarity with AWS security concepts and cloud networking fundamentals
• Experience supporting audits, risk management, or regulatory compliance initiatives
• Exposure to DevSecOps practices and security automation
• Experience with Atlassian tools such as Jira and Confluence
• Knowledge of FinOps or usage observability from a security or governance perspective

What we offer:

Seize the freedom to shape your future and ours! We’ll empower you to take risks, experiment and explore

Be part of an inclusive, diverse culture, where everyone’s contribution is respected; collaborate with some of the world’s best people and feel like you belong

Pursue your ambitions and develop your skills with a global business –our staggering size and scale provides endless opportunities to progress

Take pride in delivering our promise to society to deliver a smoke-free future!