The bank for a changing world

We are looking for

Security Test Architect- Lead

Apply REF: TES001009

About BNP Paribas Group:

BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

About Businessline/Function :

TCoE provides testing services for the BNP Paribas Group. The Non-Functional Testing - Security testing team is responsible to execute source code review, Gray box and Penetration tests and highlight vulnerabilities for the applications under test.

Job Title:

Security Test Architect





Infinity IT Park, Malad, Mumbai

Business Line / Function:


Reports to:




(if applicable)



Number of Direct Reports:


Directorship / Registration:



Position Purpose

The security testing architect would be responsible to create and drive best practices for security testing while ensuring that the team is operating efficiently by keeping the team current in terms of test practices, process and too


Direct Responsibilities


·         Champion & lead adoption of security testing practices, techniques, tools for multiple applications

·         Serve as an expert to guide & review security testing requirements

·         Benchmark applications against OWASP best practices

·         Provide assurance of adherence to best practices in security

·         Understand Security Test Requirements, Prepare SOP, Security Test Scenarios & supervise Test execution

·         Review and publish Test Reports

·         Perform tool evaluation for security testing tools and make appropriate recommendations. Introduce tools to improve time to market and alignment for CI-CD implementation

·         Prepare Security Test Strategy, Test Plan and Test Specifications for services

·         Contribute to all aspects of the delivery lifecycle to provide guidance that ensures security of applications

·         Help creation and implementation of a secure development lifecycle

·         Expertise in performing security code review using tools like Fortify SCA

·         Prepare security testing guidelines, standards and develop robust processes to ensure quality

·         Provide technical expertise in security testing to project teams 

·         Mentor team members

·         Participate in recruitment activities

Contributing Responsibilities

·         Assist in project planning, roadmap management, scheduling, budgeting and tracking activities.

Technical & Behavioral Competencies

·         Good knowledge of OWASP, OSSTMM, SANS and other application security standards and best practices

·         Must have good experience in HP Fortify / Checkmarx, BurpSuite Pro / Acunetix  and other Security testing tools.

·         Expert level understanding of application security practices

·         Keen desire to be at the leading edge of technology and process practices

·         Extensive hands on experience in active development, test automation related practices

·         Ability to work under minimal supervision

·         Strong analytical, interpersonal skills

·         Must have the ability to interact professionally with a diverse group of developers, tester engineers, and managers. Ability to work well with culturally diverse global teams

·         Excellent written and oral communication skills

Specific Qualifications (if required)

Minimum 7 years of experience and proven accomplishments in application security testing for enterprise applications in Web/ Thick client / Mobile technologies

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to deliver / Results driven

Attention to detail / rigor


Ability to share / pass on knowledge

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to anticipate business / strategic evolution

Ability to manage a project

Ability to manage / facilitate a meeting, seminar, committee, training…

Ability to inspire others & generate people's commitment

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 7 years

Other/Specific Qualifications (if required)

Relevant industry recognized security testing industry certifications like CISSP / CISM / OSCP / ECSA ,etc



Primary Location: IN-MH-MumbaiJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 7 yearsSchedule: Full-time Behavioural competency: Ability to share / pass on knowledgeTransversal competency: Ability to inspire others & generate people's commitmentReference: TES001009