Job Description
Info Sec - TCOE - Sr. Administrator(
Job Number:
INF0006+8)
About BNP Paribas Group:
BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 1++ 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.
About Businessline/Function :
Job Title:
Sr. Security Test Engineer
Date:
06-Feb-23
Department:
India IT Security
Location:
Mumbai
Business Line / Function:
Security Testing
Reports to:
Grade:
(if applicable)
Number of Direct Reports:
NA
Directorship / Registration:
NA
Position Purpose
The purpose of the position is to help with the security testing activities mentioned in the direct responsibilities
Responsibilities
Direct Responsibilities
• To perform Penetration testing (Gray Box and/or Black Box), SAST, SCA for Web applications, Thick Client, API, and mobile applications.
• Understand and deep knowledge of application security engineering principles to follow secure development practices which includes secure build processes, secure code review, security testing
• Understanding of the security tools in DevOps Processes
• Knowledge of one or more scripting languages for automation
• Collaborate with the developers to help them understand the vulnerabilities reported in application
• To understand the application's security requirements and identify & document the scope of the test
• Ensure execution of the documented security scenarios for the application under test.
• Document and report all findings
• Escalate issues to the local management and onshore stakeholders in case it affects the testing progress
• Ensure processes for the project is followed for the assessments
• Help review peer's work and mentor junior members in the team
Contributing Responsibilities
Technical & Behavioral Competencies
• Clear understanding of OWASP Top 10 - application security risks
• Tools/OS: Burp Suite, OWASP ZAP, Kali Linux
• Manual Security Testing & Analysis, Security Test Designing
• Excellent Inter personal and presentation skills
• Strong in verbal and written communication
• Good analytical skills
• Strong Time Management
• Must be flexible, independent, self-motivated
• Team player
Specific Qualifications (if required)
• CSSLP/CEH / ECSA or equivalent certification preferred
Skills Referential
Behavioural Skills: (Please select up to 4 skills)
Ability to collaborate / Teamwork
Attention to detail / rigor
Adaptability
Communication skills - oral & written
Transversal Skills: (Please select up to 5 skills)
Analytical Ability
Ability to develop and adapt a process
Ability to develop others & improve their skills
Ability to understand, explain and support change
Ability to manage / facilitate a meeting, seminar, committee, training...
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 5 years
Other/Specific Qualifications (if required)
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 15 years
Other/Specific Qualifications (if required)
• Good to have industry recognized Information Security Certifications ( CSSLP , CEH, ECSA