IT Security Champion with Java-PI Germany

August 20, 2024

IT Security Champion with Java-PI Germany

Reference12356237

  • Permanent
  • IN-Tamil Nadu-Chennai
  • INFORMATION TECHNOLOGY
Apply for this job

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

 BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialised businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group’s performance and stability.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business line/Function:

At PI Germany IT Solutions, we provide modern development services and IT products that our consumers can use. This includes Frontend Applications like Web, Mobile or other fat client applications and furthermore, we develop and maintain necessary middleware applications and API products which can be used by internal or external customers. 

In addition, we integrate and maintain 3rd party components, products into our solutions and providing additional services to business departments in order to archive the overall business objectives of BNPP PI Germany.

Job Title:

IT Security Champion

Date:

Aug 2024

Department:

IT-Solutions

Location:

Chennai

Business Line / Function:

PI IT

Reports to:

(Direct)

NA

Grade: 

(if applicable)

 

(Functional)

Number of Direct Reports:

0

Directorship / Registration:

NA

 

Position Purpose

A security champion is a developer or security enthusiast inside the development team(s) that formally represents the local security team, thus bridging the dev-security gap. Their duties can include, but are not restricted to, educating the engineering team in secure development, adding and improving security checks in the developer workflow, questioning where engineering team decisions are not including security, giving the security team visibility into the practices and state of the development team they are in. this person will be a member of a growing community of application security experts, take part in workshops and be on a specific training path designed to acquire the skillset necessary to be a security champion.

Responsibilities

Direct Responsibilities

Plan and Design

–        Contributes to Security Requirement Definition in Design Phase

–        Contributes to Secure Software Design / Security Architecture

–        Use of Threat Modeling to anticipate security issues during design phase

Development and Build

–        Responsible for the correct implementation of application security requirements 

–        Participate in code reviews

–        Use of Application Security Testing solutions (SCA, SAST) to scan the code for security defects

–        Assists developers in fixing Security Defect

–        Links between central IT Security Team and Development Team 

Vulnerability Management & Reporting

–        Manage the lifecycle of the issues raised by the Application Security Testing solutions (triage, prioritization, risk cards)

–        Responsible for continuous Monitoring of Library and Framework Security in terms of Security Requirements

–        Responsible for reporting the development team’s application security KPIs to the management.

Contributing Responsibilities

 

–        Promote application security best practices in the development team.

–        Perform Security Watch for newly detected and published application security vulnerabilities.

–        Continuous self-training for emerging security best practices in the field of software development

–        Take part in Application Security Workshops with development teams, security teams and other security champions.

–        Responsible for knowledge management for Application Security specific topics to build up a knowledge base with other Security Champions

–        Participate in the training and mentoring of other Security Champions

Organizational interactions:

–        Located in the development team(s)

–        Responsible for the implementation of the application security activities in the development team

–        Responsible for reporting the development team’s application security KPIs to the management

–        Seek the help/support of the security team when in need of a higher expertise

–        Serves as the operational relay of the security team for all application security related topics

Technical & Behavioral Competencies

–        Degree in business informatics, computer science, engineering or comparable and several years of professional experience

–        At least 5 years of experience in software development

–        Knowhow of modern software architectures and modern development concepts & processes

–        Deep know how and understanding of respective development domain (Web, Mobile, Middleware, API, Platform, CRM, CMS etc.)

–        Expert knowhow in necessary development tools and programming languages

–        Expert knowhow in software requirement engineering and managing requirements

–        Knowledge in software testing incl. unit test design & execution as well as E2E tests

–        Basic knowledge in IT cyber security and secure software development

–        Basic knowledge of banking economics (banking, trading, investing; products and transactions)

–        Working in an agile environment with Scrum

–        Very good English skills in words and writing

Specific Qualifications (if required)

Secure coding and code reviewing:                  Expert level

DevOps fundamentals:                                       Proficient level

AST* solutions handling:                                    Expert level

Fundamental risk management knowledge:  Proficient level

Vulnerability management:                           Proficient level

Secure design patterns:                                 Proficient level

Threat Modeling:                                  Proficient level

Infrastructure as Code fundamentals:    Competent level

Cloud Security fundamentals:                Competent level

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Ability to collaborate / Teamwork

Ability to deliver / Results driven

Communication skills – oral & written

Ability to synthetize / simplify

Transversal Skills: (Please select up to 5 skills)

Ability to develop and adapt a process 

Ability to develop and leverage networks

Choose an item.

Choose an item.

Choose an item.

Education Level: 

Bachelor Degree or equivalent

Experience Level

At least 10 years

Other/Specific Qualifications (if required)

Java

Secure Coding

Fortify & NexusIQ

Code Review & Knowledge sharing

10 Years

6 Years

6 Years

6 Years

        

Offers you may be interested in