CybersecurityJobs.io
← Back to all jobs

Job Description

The Principal InfoSec Engineer, Application Security, is a Tampa, Florida based role focused on identifying cybersecurity gaps in PMI U.S. applications, owning security assurance for the most critical projects, and shaping global application security strategy.

Responsibilities

  • Identify cybersecurity gaps in new and existing PMI U.S. applications and systems using methods such as threat modeling, architecture reviews, access model reviews, configuration reviews, and both SAST and DAST testing.
  • Own the execution of security assurance for the most critical or complex PMI U.S. projects; plan and deliver the security engagement from initial risk scoping through design checkpoints to final pre-go-live assessments, ensuring security requirements are addressed throughout the project lifecycle.
  • Develop tailored assurance plans for projects that deviate from standards; determine additional assessment steps when adopting new technologies and coordinate with other specialized InfoSec teams or external experts to deliver them.
  • Describe and demonstrate identified issues via reports and risk definitions, ensuring stakeholders understand the risk. Advise technology teams on reproducing vulnerabilities and implementing effective remediation.
  • Coordinate with other Application Security teams to obtain specialized input, including bringing in Offensive Security for targeted ethical hacking and integrating findings into project advisories for PMI U.S.; share feedback to refine standards.
  • Support the creation of global application security strategies and the implementation of strategic AppSec plans for PMI U.S.
  • Partner with Information Security leaders to ensure PMI U.S. follows best practices in application security, continuously optimizing tools, techniques, and methodologies.
  • Maintain awareness of the evolving cyber threat landscape and latest developments in technology and risk management.

Requirements

  • 10+ years of Information Security experience, preferably within IT risk or assurance functions in large organizations or consulting firms.
  • Proven track record of autonomously conducting complex IT security assessments or IT audits for large-scale technology solutions, including architectural reviews, configuration reviews, and automated testing (SAST, DAST).
  • Broad familiarity with IT domains such as application development, cloud, and infrastructure.
  • Technical depth to challenge design decisions when needed, including questioning legacy protocols or architecture segmentation requirements.
  • Risk evaluation and articulation skills with the ability to anticipate constraints and pragmatically suggest mitigations that balance security with practical delivery.
  • Excellent communication skills at all levels; able to lead meetings with project managers and architects and brief senior management on residual risks, with strong negotiation capabilities to drive necessary security changes.
  • Strong report writing skills for executive-level summaries and detailed risk registers; ability to improve team processes and refine methodologies, such as standardized threat model templates.
  • Professional security certifications: CISA (mandatory), CISSP (mandatory), CISM (optional but preferred).

Technologies

  • SAST
  • DAST

Benefits

  • Annual bonus
  • Medical, dental, and vision coverage
  • 401k with a generous company match
  • Wellness benefits
  • Commuter benefits
  • Pet insurance
  • Generous paid time off
  • Hybrid work model (Smart Work) promoting flexibility
  • Inclusive, diverse culture
  • Opportunities to progress and develop skills in a global business
  • Autonomy to take risks, experiment, and explore
  • Mission-driven work contributing to society

Salary

Annual base salary range: USD 160,000 - 200,000

Location

Location: Tampa, FL (onsite)

Work arrangement: In person

Similar Jobs

Get Job Alerts

New jobs delivered to your inbox.