Senior Information Technology Security Analyst
• Work with IT project community and advice on application security standard controls and best practices;
• Integrating security tools, standards, and processes into the project life cycle;
• Improve and maintain secure development standards;
• Work closely with other IT operation groups, specially developer for identifying, advising and remediation of systems with security issues;
• Should have practical implementation knowledge to advise IT development and implementation teams on how to fix potential vulnerabilities;
• Advise senior management including business sponsors on Security risks and should be able to translate security risks to business impact;
• Supporting the incident response and architecture review processes when application security expertise is required;
• Review application, database data flow architecture and highlight risks;
• Onboard applications into the existing Security frameworks and participate in an advisory capacity until project deployment;
• Producing metrics reporting the state of application security programs.
• Perform Risk assessments for applications and underlying systems and recommend security requirements based on upstream Business requirements, including technical (such as PenTesting, Code Review analysis (SAST), Dinamic analysis (DAST)) and non-technical (such as client usage, fraud surface attacks, information flow scenarios etc.) evaluations;
• Should have balanced profile between applications and software security documentation analysis and intermediate knowledge on Network and Infrastructure architecture;
• Ability to review and understand organizational security policies and incorporate into standard processes in a project;
• Expert understanding of HTTP, HTTPS, and other application layer protocols;
• Expert understanding of network layer protocols & industry best practices;
• Demonstrated proficiency in secure solutions developed using common development frameworks (J2EE, .NET, Spring, Struts, Hibernate, etc) and languages (Java, C#, C++, etc);
• Actively contributes to strategic security departmental planning in alignment with architectural goals;
• Strong analytical and problem solving skills;
• Excellent written, verbal communication & presentation skills;
• Should be able to work as a team player;
Experience with the following:
• Web application proxies;
• Architecture Reviews;
• DB vulnerability management;
• Web Application vulnerability management;
• Risk Management.
• English Fluent;
• Spanish Intermediate;
• Bachelor degree.
BNP Paribas is committed to providing a work environment that fosters diversity, inclusion, and equal employment opportunity without regard to race, color, gender, age, creed, sex, religion, national origin, disability (physical or mental), marital status, citizenship, ancestry, sexual orientation, gender identity and gender expression, or any other legally protected status.