Apply now »

Position Title:  Principal InfoSec Engineer Application Security

Date:  Jun 22, 2026
Requisition ID:  29084
Work Location: 

Tampa, FL, US, 33609

Principal InfoSec Engineer Application Security – Tampa, FL

 

At PMI U.S., we are building a modern nicotine business—focused on helping make a future without cigarettes a reality in America. As the U.S. businesses of Philip Morris International, we are investing in new products, science, and capabilities to provide the approximately 25 million legal age adults who still smoke with better alternatives. 

 

Our approach is rooted in innovation, responsible marketing, and a growing U.S. footprint that spans manufacturing, technology, and commercial operations across the country. 

 

That creates real opportunity. You’ll have the space to take ownership, develop new ideas, and contribute to work that is shaping our business and the category. We’re looking for people who are curious, collaborative, and motivated by progress—because the scale of what we’re building creates room to grow in different directions. 

 

Your ‘day to day’:

  • Identify cybersecurity gaps in new and existing applications and systems used by the PMI U.S. business unit via a wide variety of methods (e.g., threat modeling, architecture reviews, access model reviews, configuration reviews, static and dynamic application security testing).

 

  • Take ownership for execution of security assurance for the most critical or complex projects in the PMI U.S. business unit (e.g., a major system implementation or a multi-state rollout). Plan and deliver the security engagement – from initial risk scoping, ongoing design checkpoints, to final pre-go-live assessments. Ensure all security requirements are addressed throughout the project lifecycle, not just at the end.

 

  • Develop tailored assurance plans for projects in the PMI U.S. business unit that deviate from the standards. For example, if a project is adopting a new technology, determine what additional assessment steps are needed (specialized testing, extra reviews) and deliver them in coordination with other specialized InfoSec teams or external experts.

 

  • Describe and demonstrate identified issues in various forms (e.g., reports, technical debt definitions) and ensure that relevant stakeholders understand the risk that those vulnerabilities pose to the Company. Advise technology teams on how to replicate identified cybersecurity issues and remediate them in the most effective and cost-efficient way.

 

  • Coordinate with other Application Security teams to get specialized input as needed. For instance, bring in Offensive Security specialists for targeted ethical hacking activities and integrate their findings into the overall advisory for projects in the PMI U.S. business unit. Also, feedback common project pain points into the AppSec baseline evolution (e.g., if many projects struggle with a certain policy requirement, flag this to potentially clarify or enhance that standard in future).

 

  • Support creation of global application security strategies and implementation of strategic application security plans and initiatives for PMI U.S

 

  • Partner with Information Security leaders to ensure that the PMI U.S. business unit follows best practices in the application security domain by continuously optimizing tools, techniques and methodologies.

 

  • Keep up to date with the constantly evolving cyber threat landscape and the latest developments in technology and cyber risk management.

 

 

 

Key Skills:

  • 10+ years of experience in Information Security, preferably in the IT risk or assurance function (e.g., IT Security, IT Audit, Application Security, Offensive Security) of a large organization or consulting company.

 

  • Proven track record in autonomously executing complex IT security assessments or IT audits for large scale technology solutions, including technical reviews such as architecture reviews, configuration reviews, automated testing (SAST, DAST).

 

  • Broad familiarity with various IT domains such as application development, cloud and infrastructure.

 

  • Understanding of technical depth to challenge design decisions when needed (e.g., questioning why a certain legacy protocol is used, or whether a proposed architecture meets segmentation requirements).

 

  • Risk evaluation and articulation skills with ability to foresee project constraints and pragmatically suggest risk mitigations that fit within those constraints (balancing ideal security vs. practical delivery).

 

  • Excellent communication skills (up and down). Ability to lead meetings with project managers and architects to discuss findings and also brief upper management on the residual risks of a project. Strong negotiation skills to ensure necessary security changes are made.

 

  • Strong report writing skills for executive-level summaries and detailed risk registers. Also adept at improving team processes and refining existing methodologies (e.g., creating a standardized threat model template for all advisors to use).

 

  • Professional security certifications: CISA (mandatory), CISSP (mandatory), CISM (optional, but preferred)

 

Annual Base Salary Range: $160,000 - $200,000

 

What we offer:

  • We offer a competitive base salary, annual bonus (applicable based on level of position), great medical, dental and vision coverage, 401k with a generous company match, incredible wellness benefits, commuter benefits, pet insurance, generous PTO, and much more!   
  • We have implemented Smart Work, a hybrid model of working that promotes flexibility in the workplace.  
  • Seize the freedom to define your future and ours. We’ll empower you to take risks, experiment and explore. 
  • Be part of an inclusive, diverse culture where everyone’s contribution is respected; Collaborate with some of the world’s best people and feel like you belong. 
  • Pursue your ambitions and develop your skills with a global business – our staggering size and scale provides endless opportunities to progress. 
  • Take pride in delivering our promise to society: To improve the lives of millions of smokers. 

 

PMI is an Equal Opportunity Employer. 

PMI is headquartered in Stamford, Conn., and its U.S. affiliates have more than 3,000 employees.  

 

PMI has been an entirely separate company from Altria and Philip Morris USA since 2008. PMI’s affiliates first entered the U.S. market following the company’s acquisition of Swedish Match in late 2022. Philip Morris International and its U.S. affiliates are working to deliver a smoke-free future. Since 2008, PMI has invested $12.5 billion globally to develop, scientifically substantiate and commercialize innovative smoke-free products for adults who would otherwise continue to smoke with the goal of transitioning legal-age consumers who smoke to better alternatives. In 2022, PMI acquired Swedish Match – a leader in oral nicotine delivery – creating a global smoke-free champion led by the IQOS and ZYN brands. The U.S. Food and Drug Administration has authorized versions of PMI’s IQOS electronically heated tobacco devices and Swedish Match’s General snus as Modified Risk Tobacco Products and renewal applications for these products are presently pending before the FDA. For more information, please visit www.pmi.com/us and www.pmiscience.com.

 

#PMIUS  

#LI-AC1

 


Nearest Major Market: Tampa

Apply now »