The bank for a changing world

We are looking for

Senior Security Test Engineer

Apply REF: TES000943

Job Description 

About BNP Paribas Group

Worldwide, BNP Paribas has a presence in 74 countries with more than 190,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 15,000 employees* and a presence in 14 markets, it provides clients with product and service solutions tailored to their specific needs, and continues to develop its franchise in the region.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.

About Business line/Function :

TCoE provides testing services for the BNP Paribas Group. The Non-Functional Testing - Security testing team is responsible to execute SCA, SAT, Pen for the applications pertaining to the group.

Job Title:

Sr Security Tester






Infinity IT Park, Malad, Mumbai

Business Line / Function:

Non Functional Testing - Security

Reports to:


Shrikant Rodda


(if applicable)


Number of Direct Reports:


Directorship / Registration:



Position Purpose

The purpose of the position is to help with the security testing activities mentioned in the direct responsibilities.


Direct Responsibilities


-       Create and track the work plan for team. Ensure that local Managers and onshore stakeholders are kept in loop on progress

-       Perform source code review using an automated tool (preferably Fortify) and manually verify all identified vulnerabilities to eliminate false positives

-       Perform Grey Box and/or Penetration testing on web, Mobile (iOS, Android), API or thick client applications

-       Analyse application security requirements and create security tests for the application

-       Document andreport all findings

-       Help review peer's work and mentor the junior members in the team

-       Escalate issues to the local management and onshore stakeholders in case it affects the test progress

-       Document and report all findings

-       Help review peer's work and mentor the junior members in the team

-       Share testing progress with Managers and escalate issues to the local management and onshore stakeholders when affecting the test progress


Contributing Responsibilities

-       Participate in tool evaluation exercises; exploring opportunities to help reduce efforts spent.

-       Chairing the daily stand ups

-       Chairing the meeting with onshore teams

-       Chairing the domain meetings or steerco

-       Chairing the domain meetings or steerco

Technical & Behavioral Competencies

-       Excellent Inter personal and presentation skills

-       Strong Time Management

-       Strong project  and resource management

-       Strong in verbal and written communication

-       Clear understanding of OWASP Top 10 - application security risks

-       Tools/OS: Fortify SCA, Burp Suite Professional, Kali Linux

-       Manual Security Testing & Analysis, Security Test Designing

-       Must be flexible, independent, self-motivated

-       Good analytical skills

Specific Qualifications (if required)

-       CSSLP or CEH certification preferred


Skills Referential

Behavioural Skills

: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Attention to detail / rigor


Communication skills - oral & written

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to inspire others & generate people's commitment

Ability to manage a project

Ability to develop others & improve their skills

Ability to set up relevant performance indicators

Education Level:

Bachelor Degree or equivalent

Experience Level

At least 7 years

Other/Specific Qualifications (if required)


Primary Location: IN-MH-MumbaiJob Type: Standard / PermanentJob: INFORMATION TECHNOLOGYEducation Level: Bachelor Degree or equivalent (>= 3 years)Experience Level: At least 7 yearsSchedule: Full-time Behavioural competency: Attention to detail / rigorTransversal competency: Ability to manage a project