Job Description - APAC
Note to Hiring Manager:
In support of BNP Paribas APAC's Diversity Commitment, Hiring Managers are to consider at least 1 Asia Pacific national, 1 male and 1 female candidate for the position to be filled.
About BNP Paribas Group:
Worldwide, BNP Paribas has a presence in 74 countries with more than 190,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 15,000 employees* and a presence in 14 markets, it provides clients with product and service solutions tailored to their specific needs, and continues to develop its franchise in the region.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas Group, a leading bank in Europe with an international reach. With delivery centers located in Mumbai and Chennai, we are a 24x7 global delivery center. We partner various business lines of BNP Paribas such as Corporate and Institutional Banking, Wealth Management, Retail Banking through three verticals - Information Technology, Operations and Finance Shared Services.
About Businessline/Function :
TCoE provides testing services for the BNP Paribas Group. The Security testing team is responsible to execute Penetration Tests (Black or Gray Box), SAST for the applications pertaining to the group
Sr. Security Test Engineer
Business Line / Function:
Non Functional Testing – Security Testing
Number of Direct Reports:
Directorship / Registration:
The purpose of the position is to help with the security testing activities mentioned in the direct responsibilities
- To perform Penetration testing (Gray Box and/or Black Box) for Web applications; optionally for Thick Client, API, and mobile applications.
- To understand the application’s security requirements and identify & document the scope of the test
- Ensure execution of the documented security scenarios for the application under test.
- Document and report all findings
- Collaborate with the developers to help them understand the vulnerabilities reported in application
- Escalate issues to the local management and onshore stakeholders in case it affects the testing progress
- Ensure processes for the project is followed for the assessments
- Help review peer's work and mentor junior members in the team
- Optional, experience in Source Code Assessment (SCA)/SAST
Technical & Behavioral Competencies
- Clear understanding of OWASP Top 10 - application security risks
- Tools/OS: Burp Suite, OWASP ZAP, Kali Linux
- Manual Security Testing & Analysis, Security Test Designing
- Excellent Inter personal and presentation skills
- Strong in verbal and written communication
- Good analytical skills
- Strong Time Management
- Must be flexible, independent, self-motivated
- Team player
Specific Qualifications (if required)
- CSSLP/CEH or equivalent certification preferred
Behavioural Skills: (Please select up to 4 skills)
Ability to collaborate / Teamwork
Attention to detail / rigor
Communication skills - oral & written
Transversal Skills: (Please select up to 5 skills)
Ability to develop and adapt a process
Ability to develop others & improve their skills
Choose an item.
Ability to understand, explain and support change
Bachelor Degree or equivalent
At least 3 years
Other/Specific Qualifications (if required)