View all jobs


New york, New York
Information Security Pentester
Position Overview:
  • This position is part of BNPP North America CIB IT Application Security Risk Management team based in Jersey City, NJ.
  • Focused on working with application project and development teams to see standard BNP security controls and industry best practices integrated into project life-cycles in alignment with the security strategy.
  • Responsible in advising security risk impact to senior management and sponsors.
  • Reports to Head of Application Security Risk Management & Advisory.
Position Responsibilities:
  • Should be able to pentest applications (web applications and thick client apps).
  • Should be able to understand Network level and Application level reference architecture and be able to advise implementation teams on secure design.
  • Must be able to translate vulnerabilities and gaps into business risks.
  • Educate developers on secure coding practices and hands-on involvement in advising on secure tool kits or frameworks.
  • Work with IT project community and to advise on application security standard controls and best practices.
  • Work closely with other IT operation groups for identifying and remediation of systems with security issues.
  • Should have practical implementation knowledge to advise IT development and implementation teams on how to fix potential vulnerabilities.
  • Advise senior management including business sponsors on Security risks and should be able to translate security risks to business impact.
  • Review application, database and network architecture and highlight risks.
  • Onboard applications into the existing Security frameworks and participate in an advisory capacity until project deployment.
Position Qualifications:
Candidate Background
  • 1-3 years professional experience as an Application Developer.
  • 8-10 years of professional experience in an information security function for a financial, insurance, pharmaceutical, or similar commercial industry preferred.
  • Bachelor’s Degree in Computer Science or related field preferred.
Required Skills
  • Perform Risk assessments for applications and underlying systems and recommend security requirements based on upstream Business requirements.
  • Should have knowledge on Network and Infrastructure architecture.
  • Ability to review and understand organizational security policies and incorporate into standard processes in a project.
  • Expert understanding of HTTP, HTTPS, and other application layer protocols.
  • Expert understanding of network layer protocols & industry best practices.
  • Demonstrated proficiency in developing secure solutions developed using common development frameworks (J2EE, .NET, Spring, Struts, Hibernate, etc) and languages (Java, C#, C++, etc)
  • Actively contributes to strategic security departmental planning in alignment with architectural goals.
  • Strong analytical and problem solving skills.
  • Excellent written, verbal communication & presentation skills.
  • Should be able to work as a team player.
Helpful Skills
  • CISSP Certified.
  • CISM/CRISC Certified
  • CEH, GXPN, OSCP Certification
  • Experience with the following:
    • OWASP
    • Web application proxies.
    • Architecture Reviews.
    • DB vulnerability management.
    • Web Application vulnerability management.
    • Cloud Security

More Openings

Axiom/ CCAR BA - PM
CCAR & Quant
Informatica Developer
Senior IOS Developer

Share This Job

Powered by