Security Test Engineer - Penetration Testing

Job Title: Security Test Engineer

Department: ITG CDF

About Business line/Function: ITG provides testing services for the BNP Paribas Group. The Security testing team is responsible for executing SAST, Penetration Tests (Black or Gray Box) for the Web and Mobile applications pertaining to the group.

Position Purpose

The purpose of the position is to help with the security testing activities mentioned in the direct responsibilities.

Responsibilities

Direct Responsibilities

• To perform Penetration testing (Gray Box and/or Black Box) for Web applications, Mobile, API, and thick client applications.
• Hands-on mobile penetration tester with strong knowledge and experience in Android and iOS application security testing (both static and dynamic), responsible for discovering, validating and reporting security issues in mobile applications.
• Perform Static analysis (SAST) and Dynamic analysis (DAST) on Android APKs and iOS IPA to identify insecure storage, hardcoded secrets, insecure configurations, runtime hooking, parameter tampering etc
• Conduct reverse engineering and protection bypass on mobile applications including decompiling /inspecting binaries, analyzing native libraries (.so/.dylib) and bypassing client-side protections (root / jailbreak detection, SSL pinning, obfuscation, tamper checks etc.) using tools like Frida, objection magisk, cydia/selio/zebra and Xposed.
• Strong research knowledge and should be updated with evolving mobile threats and industry standard (OWASP MASVS/MASTG).
• To understand the application’s security requirements and identify & document the scope of the test.
• Ensure execution of the documented security scenarios for the application under test.
• Document and report all findings.
• Collaborate with the developers to help them understand the vulnerabilities reported in application.
• Escalate issues to the local management and onshore stakeholders in case it affects the testing progress.
• Ensure processes for the project is followed for the assessments.
  
  

Note

• Mandatory requirement – Mobile, Web & API Penetration Testing.
• Optional, experience in Source Code Assessment (SCA)/SAST.
  
  

Contributing Responsibilities

Technical & Behavioral Competencies

• Clear understanding of OWASP Top 10 - application security risks
• Tools/OS: Burp Suite, OWASP ZAP, Kali Linux, mobsf, jadx, dex2jar, adb, xcode, Frida, objection, apktool, putil, otool.
• Manual Security Testing & Analysis, Security Test Designing
• Excellent Interpersonal and presentation skills
• Strong in verbal and written communication
• Good analytical skills
• Strong Time Management
• Must be flexible, independent, self-motivated.
• Team player
  
  

Specific Qualifications

CSSLP/CEH/OSCP or equivalent certification preferred

Technical Skills

Skills Referential (Required knowledge, skills and abilities)

• • Skill 1
  • Skill 2
  • Skill 3
  • Skill 4
    

Behavioral Skills

• • Skill 1
  • Skill 2
  • Skill 3
  • Skill 4
    

Education Level: Bachelor’s Degree or Equivalent with at least 5 years of Experience.

Location: Mumbai

About BNP Paribas Group

BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporates and institutional clients) to realize their projects through solutions spanning financing, investment, savings and protection insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability.

About BNP Paribas India Solutions

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, colour, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.