Vice President - Application Security Engineer BNP Paribas Jersey City, NJ

Kate

Administrator
Команда форума
About BNP Paribas:

BNP Paribas is a leading bank in Europe with an international reach across the US, EMEA and APAC. It has a presence in 68 countries, with more than 193,000 employees. The Bank offers a comprehensive range of banking, investment and financial services solutions through three main fields of activity: Retail Banking for the Bank’s retail-banking networks and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, BNP Paribas helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance.

In the United States, BNP Paribas has built a strong and diversified presence to support its client base. The bank employs nearly 14,000 people and has had a presence in the country since the late 1800s in major cities including New York/New Jersey, San Francisco, Boston, Chicago, Denver and Washington, DC.

We continue to grow and strengthen our commitment to the US market. BNP Paribas’ Corporate & Institutional Banking (CIB) platform and Asset Management platform, along with our retail presence through, Bank of the West, provide services to:
  • Help businesses raise capital in the US and globally by leveraging an international network spanning 68 countries
  • Offer consistent client service and innovative approaches for investment, hedging and financing opportunities across asset classes and geographies, as well as research and market intelligence to help our clients make strategic decisions
  • Support local communities by funding projects to improve technology, infrastructure, clean energy, and agriculture
  • Help women entrepreneurs, start-up organizations, individuals and families reach their goals through savings, community lending, and wealth management
  • Support our clients transition to a lower carbon economy and an increasingly sustainable business model through forward-looking financing and investing solutions
We are one of a few non-US banks to offer a full value chain for our clients, from trading to financing, and clearing and custody in the US with the international footprint and capacity to deliver both globally and locally. Leveraging the strength of our European roots, our network can support clients in virtually every region of the world, enabling more connectivity and efficiency wherever our clients conduct business.

BNP Paribas’ Corporate & Institutional Banking services corporate clients and institutional investors offering tailored solutions in financing, cash management, and advisory services to companies via Corporate Banking, in capital markets via Global Markets, and in securities custody and administration via Securities Services.

BNP Paribas Asset Management is the asset management arm of BNP Paribasand offers high value-added solutions to individual savers, companies, and institutional investors.

Bank of the West, our largest affiliate in the US, offers retail banking, wealth, corporate and commercial banking in over 500 branches and offices across the U.S.

We take pride in our expertise and our ability to adapt while constantly looking ahead to create a more sustainable world.

BNP Paribas. The Bank for a Changing World -

Business Overview:

The mission of the America Application Security is to protect our organization from reputational and/or financial loss resulting from a compromise of the Confidentiality, Integrity, Availability, and/or Proof of Audit of our underlying data assets. Information is protected by focusing on four categories of risk and categorizing data based on these risks. Once information assets have been classified, proper security controls are put into place to protect these assets. It is also a requirement that all critical applications must be scanned to identify any security deficiencies. This concern in house developed application for SAST/SCA and in house hosted web application for DAST.

Candidate Success Factors:

Candidates will be measured on the following four performance drivers which will dictate how individual impact is considered on the Americas platform:
  • Results and Impact
  • Impacts division and influences peers and team
  • Demonstrates good judgement when making decisions of high complexity and impact
  • Relies on limited guidance for most complex decision making
  • Is responsible for driving outcomes which have meaningful effect on team or department
  • Leadership and Collaboration
  • Creates trust with department leaders
  • Acts in leadership capacity for large projects, processes, or programs for a team
  • Client, Customer and Stakeholder Focus
  • Able to build relationships with a mix of intermediate and senior colleagues or clients
  • Interacts regularly with management and department leaders
  • Demonstrates the ability to persuade and influence stakeholders at the team level
  • Compliance Culture and Conduct
  • Takes full responsibility for personal actions and demonstrates courage in facing problems and conflicts
  • Perceived as a person of high moral character; upholds corporate values and displays high ethical standards”
Responsibilities:

The position will require:

  • Lead Application Security assessment part of the Secure SDLC Governance
  • Participate in the NAR Security Testing program
  • Working with IT Application owner
  • Application onboarding in SAST/SCA and DAST tool
  • Eliminate false positive findings
  • Finalize scan report
  • Present final report to IT application owner
  • Verify remediation
  • Support technical discussion with IT Development team to discuss findings and remediation
  • Partner with LATAM to share our practice and governance
Qualifications

Minimum Required Qualifications:

  • 5 Years+ of Information Security experience
  • Bachelor’s degree in Computer Science or Information Technology.
  • Excellent written and verbal English communication skills
  • Clear and consistent status reporting
  • Ability to create and run secure assessments of code
  • Review and contribute to solutions and app designs
  • Perform risk and threat assessments
  • Knowledge of OWASP DevOps and OWASP Top 10
  • Previous proven experience and expertise with following tools:
  • Fortify, Sonatype Nexus, Qualys, AppSpider, Dependency Check from OWASP and SonarQube
  • Ability to work autonomously, be able to focus on an end-to-end design, and implementation approach
Preferred Qualifications:
  • Previous experience on building/running a Security Testing program
  • Speaking French/Portuguese/Spanish is a plus
  • Master’s degree in Information Technology, Cyber Security or Computer Science
  • Any Information Security Certification is a plus
FINRA Registrations Required:
  • Not Applicable
CFTC Swap Dealer Associated Person (if yes, NFA Swaps Proficiency Program is required):
  • Not Applicable
SEC Security-Based Swap Dealer Associated Person:
  • Not Applicable
 
Сверху