Job Title: Security Champion 

Department: Personal Investors

About Business line/Function: 

Position Purpose: A security champion is a developer or security enthusiast inside the development team(s) that formally represents the local security team, thus bridging the dev-security gap. Their duties can include, but are not restricted to, educating the engineering team in secure development, adding and improving security checks in the developer workflow, questioning where engineering team decisions are not including security, giving the security team visibility into the practices and state of the development team they are in. He will be a member of a growing community of application security experts, take part in workshops and be on a specific training path designed to acquire the skillset necessary to be a security champion.

Responsibilities

Direct Responsibilities

Plan and Design

o   Contributes to Security Requirement Definition in Design Phase

o   Contributes to Secure Software Design / Security Architecture

o   Use of Threat Modeling to anticipate security issues during design phase

Development and Build

o   Responsible for the correct implementation of application security requirements

o   Participate in code reviews

o   Use of Application Security Testing solutions (SCA, SAST) to scan the code for security defects

o   Assists developers in fixing Security Defect

o   Links between central IT Security Team and Development Team

Vulnerability Management & Reporting

o   Manage the lifecycle of the issues raised by the Application Security Testing solutions (triage, prioritization, risk cards)

o   Responsible for continuous Monitoring of Library and Framework Security in terms of Security Requirements

o   Responsible for reporting the development team’s application security KPIs to the management.

Contributing Responsibilities

• Promote application security best practices in the development team.
• Perform Security Watch for newly detected and published application security vulnerabilities.
• Continuous self-training for emerging security best practices in the field of software development
• Take part in Application Security Workshops with development teams, security teams and other security champions.
• Responsible for knowledge management for Application Security specific topics to build up a knowledge base with other Security Champions
• Participate in the training and mentoring of other Security ChampionsCo-designing API lifecycle management

Organizational interactions:

o   Located in the development team(s)

o   Responsible for the implementation of the application security activities in the development team

o   Responsible for reporting the development team’s application security KPIs to the management

o   Seek the help/support of the security team when in need of a higher expertise

o   Serves as the operational relay of the security team for all application security related topics

•         

Technical & Behavioral Competencies

o   Degree in business informatics, computer science, engineering or comparable and several years of professional experience

o   At least 7 years of experience in software development

o   Knowhow of modern software architectures and modern development concepts & processes

o   Deep know how and understanding of respective development domain (Web, Mobile, Middleware, API, Platform, CRM, CMS etc.)

o   Expert knowhow in necessary development tools and programming languages

o   Expert knowhow in software requirement engineering and managing requirements

o   Knowledge in software testing incl. unit test design & execution as well as E2E tests

o   Basic knowledge in IT cyber security and secure software development

o   Basic knowledge of banking economics (banking, trading, investing; products and transactions)

o   Working in an agile environment with Scrum

o   Very good communication skills in English speaking and writing

Specific Qualifications:

o   Secure coding and code reviewing: Expert level

o   DevOps fundamentals:  Proficient level

o   AST* solutions handling: Expert level

o   Fundamental risk management knowledge:  Proficient level

o   Vulnerability management:  Proficient level

o   Secure design patterns:  Proficient level

o   Threat Modeling:  Proficient level

o   Infrastructure as Code fundamentals:  Competent level

o   Cloud Security fundamentals:  Competent level

Technical Skills:

• Ability to collaborate / Teamwork
•  Client focused
• Attention to detail / rigor 
• Ability to deliver / Results driven 

Behavioral Skills: 

• Ability to develop others & improve their skills 
• Ability to understand, explain and support change 

Education Level: Bachelor’s degree or Equivalent

Location: Chennai

About BNP Paribas Group:

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.