BNP Paribas
Website:
bnpp.lk
Job details:
Position Purpose: The purpose of this position is to lead a high‑performing, multidisciplinary security team and shape the future of secure software delivery across the organization. Drive tangible impact through measurable security outcomes, automation, and innovation.
Responsibilities
Direct Responsibilities
- Review and interpret various application classifications and their architectures (e.g., web apps, APIs, infrastructure, server side, mainframe, WebSphere).
- Demonstrate solid knowledge of data in transit and data at rest encryption, TLS (certificates, cipher suites such as RSA and Diffie Hellman), middleware message queues, secure file transfers, and database encryption.
- Good Understanding of access control concepts, including onboarding, automated provisioning/reconciliation, and privileged access management tools (e.g., SailPoint, CyberArk).
- Good Understanding of authentication best practices and familiarity with strong authentication mechanisms such as SSO, SAML, 2FA/MFA, Arcot, RSA, etc.
- Possess a clear grasp of application security testing processes (DAST, SAST, SCA, penetration testing, VAPT) and the end-to-end workflow, even if hands on scanning experience is not required.
- Good Understanding of payment specific applications (e.g., SWIFT messages), associated encryption of payment flows, mutual authentication, and end to end encryption.
- Work closely with application/asset owners and technical teams to conduct security compliance reviews, gather functional information, and implement appropriate security controls with documented evidence.
- Produce concise findings reports and discuss results with relevant Application owners & Stakeholders.
- Demonstrated team‑management ability, preparation of management‑level reports, capability to interact with higher ups in management steering committee meetings and skilled in handling cross‑functional meetings to drive decisions and actions.
- Mentor and onboard new team members through knowledge transfer sessions and hands on shadowing during their initial period.
Contributing Responsibilities
- Extended knowledge of IT infrastructure & Network and Application (Web, Client-Server, Payment Systems) security reviews
- Provide consultation and recommendations on application security controls for the central region.
Technical & Behavioral Competencies
- Strong knowledge of application security framework and standards (OWASP TOP 10, NIST, SANS, ISO and relevant regulatory requirements)
- Strong understanding of OWASP top 10, SAST/DAST/SCA, API security, secure coding practices, threat modeling, vulnerability management, cryptography techniques, authentication techniques (SSO, SAML, MFA/2FA, etc.), secure SDLC
- Good communication skills
- Knowledge of application security controls (Access control mechanisms and Data Security)
- Should have IT audit background
- Good knowledge of IT security (defense in depth)
Specific Qualifications:
Any technical certification (CEH/ISO27001/CISM/CISA/CISSP) will be a value addition
Skills Referential (Required knowledge, skills and abilities)
Technical Skills:
- AppSec assessments (Application security compliance review / API Security)
- Vulnerability management and Remediation techniques
- Governance framework and Reporting
Behavioral Skills:
- Ability to collaborate / Teamwork
- Ability to deliver / Results driven
- Communication skills Oral & Written
Education Level: Bachelor degree or equivalent
Location: Bengaluru/Mumbai
Click on Apply to know more.