About the job

• 
  

  To reinforce capacity in Vulnerability management activity

  
  

• To understand global Application security requirements & process

  
  

Your Main Activities Are

• To reinforce our capacity in Vulnerability management activity which is based on 3 major topics:

  
  

• Vulnerability discoveries

  
  

  • Manage vulnerability scan tools (Appspider & Qualys)

    
    

    • Manage onboarding & weekly run

      
      

    • Tune configuration

      
      

  • Request & plan penetration test

    
    

    • Penetration test is not done by the team, they just receive final report

      
      

• Scan & pen test report challenging

  
  

  • Report reading

    
    

  • Identify false positives

    
    

  • Understand attack vector & payload

    
    

• Vulnerabilities follow-up

  
  

  • Be able to Explain vulnerabilities & assist It team in case of need

    
    

  • Register vulnerabilities in common follow up tool and challenge IT team about action plan

    
    

  • Perform global follow up with reminders & monthly reporting

    
    

• To understand global Application security requirements & process

  
  

• Understand Security requirements

  
  

  • Security requirements are defined at group level and must be applied at BP2S level

    
    

  • We need to constantly adapt our process to take new requirements into account

    
    

    • Ex : use of source code analysis (Fortify) with an impact on vulnerability discovery process

      
      

• Assist IT team

  
  

  • New requirements must be explained to IT team

    
    

  • Communication to be done

    
    

• Follow projects

  
  

  • Projects are followed to be sure that all requirements are in place

    
    

Profile and Skills to Success

• Bachelors or Master Degree in Computer Science, Information Systems, Engineering or a related field.

  
  

• Experience <=5 years of experience of the following:

  
  

  • Supporting Information Security Technology

    
    

  • Software development

    
    

• At least 2 years of experience in one or more of the following:

  
  

  • Information Security concepts related to Governance, Risk & Compliance

    
    

  • Vulnerability management

    
    

• Experience in Software development (no development to be done in the team)

  
  

• Knowledge of applications and technology architecture as well as Secutity ( OWASP)

  
  

• Knowledge of the standards ISO/IEC 27000-series and automated security test tools, such as Static Code Analysis, Vulnerability Scanners, for example Burpsuite, Qualys and Appspider

  
  

• Knowledge of security levels evaluation

  
  

• Interest in configuring tool Appspider and Qualys

  
  

• Interest in Report Analysis and in IT risk & Application Security process

  
  

• Ability to independently research and solve technical issues

  
  

• Knowledge of core Information Security concepts related to Governance, Risk & Compliance (equivalent to ISO 27000-series standards or other similar standards/frameworks)

  
  

• Good written and verbal communication in English (French is nice-to-have)

  
  

• Dynamic, critical and constructive spirit

  
  

• Problem solving skills and autonomy

  
  

• Team spirit and ability to work with teams in multiple geographical locations

  
  

About the Team

The team is in charge of Vulnerability management process & Application security topics.

Why joining BNP Paribas?

• Leading banking institution

BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe's banking history. It has a presence in 68 countries, with around 193 000 Employees ? including more than 148 000 in Europe.

• Our presence in Portugal
  

Since 1985, BNP Paribas was one of the first foreign banks to operate in the country. Today, the Group has around 6.500 employees across several entities operating directly in the territory, offering a wide range of integrated financial solutions to support its clients and their businesses.

• International reach

Thanks to its international presence and regular and close collaboration among its different entities, BNP Paribas has the resources to support all clients with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions: Domestic Markets and International Financial Services for retail banking and specialised financial services, and Corporate & Institutional Banking for corporate and institutional clients.

In its Corporate & Institutional Banking and International Financial Services activities, BNP Paribas also enjoys top positions in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific.

• Diversity and Inclusion commitment
  

BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.

To find out more on why you should join BNP Paribas visit https://bnpp.lk/why-BNP-Paribas-Portugal

• Please note that only applications submitted in English will be considered.
  

• In case you are selected for this role, further documentation will be requested to support your hiring process.