IT Security Champion
- Standard / Permanent
- INFORMATION TECHNOLOGY
About BNP Paribas Group:
BNP Paribas is a top-ranking bank in Europe with an international profile. It operates in 71 countries and has almost 199 000 employees. The Group ranks highly in its three core areas of activity: Domestic Markets and International Financial Services (whose retail banking networks and financial services are grouped together under Retail Banking & Services) and Corporate & Institutional Banking, centred on corporate and institutional clients. The Group helps all of its clients (retail, associations, businesses, SMEs, large corporates and institutional) to implement their projects by providing them with services in financing, investment, savings and protection. In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas enjoys leading positions in Europe, a strong presence in the Americas and has a solid and fast-growing network in the Asia/Pacific region.
About BNP Paribas India Solutions:
Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, a leading bank in Europe with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24×7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 6000 employees, to provide support and develop best-in-class solutions.
About Business line/Function :
At PI Germany IT Solutions we provide modern development services and IT products that our consumers can use. This includes Frontend Applications like Web, Mobile or other fat client applications and furthermore, we develop and maintain necessary middleware applications and API products which can be used by internal or external customers.
In addition, we integrate and maintain 3rd party components, products into our solutions and providing additional services to business departments in order to archive the overall business objectives of BNPP PI Germany
Business Line / Function:
Head of Department/Manager
Number of Direct Reports:
Directorship / Registration:
A security champion is a developer or security enthusiast inside the development team(s) that formally represents the local security team, thus bridging the dev-security gap. Their duties can include, but are not restricted to, educating the engineering team in secure development, adding and improving security checks in the developer workflow, questioning where engineering team decisions are not including security, giving the security team visibility into the practices and state of the development team they are in. He will be a member of a growing community of application security experts, take part in workshops and be on a specific training path designed to acquire the skillset necessary to be a security champion.
Plan and Design
– Contributes to Security Requirement Definition in Design Phase
– Contributes to Secure Software Design / Security Architecture
– Use of Threat Modeling to anticipate security issues during design phase
Development and Build
– Responsible for the correct implementation of application security requirements
– Participate in code reviews
– Use of Application Security Testing solutions (SCA, SAST) to scan the code for security defects
– Assists developers in fixing Security Defect
– Links between central IT Security Team and Development Team
Vulnerability Management & Reporting
– Manage the lifecycle of the issues raised by the Application Security Testing solutions (triage, prioritization, risk cards)
– Responsible for continuous Monitoring of Library and Framework Security in terms of Security Requirements
– Responsible for reporting the development team’s application security KPIs to the management.
– Promote application security best practices in the development team.
– Perform Security Watch for newly detected and published application security vulnerabilities.
– Continuous self-training for emerging security best practices in the field of software development
– Take part in Application Security Workshops with development teams, security teams and other security champions.
– Responsible for knowledge management for Application Security specific topics to build up a knowledge base with other Security Champions
– Participate in the training and mentoring of other Security Champions
– Located in the development team(s)
– Responsible for the implementation of the application security activities in the development team
– Responsible for reporting the development team’s application security KPIs to the management
– Seek the help/support of the security team when in need of a higher expertise
– Serves as the operational relay of the security team for all application security related topics
Technical & Behavioral Competencies
– Degree in business informatics, computer science, engineering or comparable and several years of professional experience
– At least 5 years of experience in software development
– Knowhow of modern software architectures and modern development concepts & processes
– Deep know how and understanding of respective development domain (Web, Mobile, Middleware, API, Platform, CRM, CMS etc.)
– Expert knowhow in necessary development tools and programming languages
– Expert knowhow in software requirement engineering and managing requirements
– Knowledge in software testing incl. unit test design & execution as well as E2E tests
– Basic knowledge in IT cyber security and secure software development
– Basic knowledge of banking economics (banking, trading, investing; products and transactions)
– Working in an agile environment with Scrum
– Very good English skills in words and writing
Specific Qualifications (if required)
Secure coding and code reviewing: Expert level
DevOps fundamentals: Proficient level
AST* solutions handling: Expert level
Fundamental risk management knowledge: Proficient level
Vulnerability management: Proficient level
Secure design patterns: Proficient level
Threat Modeling: Proficient level
Infrastructure as Code fundamentals: Competent level
Cloud Security fundamentals: Competent level
Behavioural Skills: (Please select up to 4 skills)
Ability to collaborate / Teamwork
Ability to deliver / Results driven
Communication skills – oral & written
Ability to synthetize / simplify
Transversal Skills: (Please select up to 5 skills)
Ability to develop and adapt a process
Ability to develop and leverage networks
Choose an item.
Choose an item.
Choose an item.
Bachelor Degree or equivalent
At least 5 years
Other/Specific Qualifications (if required)
Bachelor Degree or equivalent