IT Security Professional – Open Source Vulnerability Management
BNP Paribas
IN, MH, Mumbai
7d ago

Job Title : IT Security Professional, CIB IT Mumbai Security & IT Risk

Location : Mumbai, Infinity Malad

The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across Europe, North America and Asia.

Open Source Vulnerability Management (OSVM) examines open source security risks, license compliance, and code quality risks at each stage in the SDLC.

OSVM allows you to continuously monitor for new vulnerabilities and manage risk.

  • The ideal candidate will have a strong technical (software development, release engineering or DevOps) background, will be forward-
  • looking, pragmatic in their approach to problems, possess excellent communication skills and thrive in a dynamic, collaborative environment.

  • Evaluate open source security, license compliance, and quality risks at any phase of the SDLC
  • Integration know-how of Open Source, 3rd party and proprietary software
  • Good knowledge about open source technologies and open source implementation experience
  • Recommend, evaluate and help drive implementation of other DevOps / release management tools
  • Recommend and implement DevOps / release engineering process improvements
  • Collaborate with other BNP Paribas Software teams in development and uptake of DevOps / release management tools, and process improvement
  • Enhances existing processes, tools, scripts with new capabilities whilst maintaining compatibility.
  • Maintains the existing components and resolves problem reported by various Development teams.
  • Collaborates and communicates with management and internal development partners regarding software applications design status, project progress, and issue resolution.
  • Represents the Release engineering team for all phases of larger and more-complex development projects.
  • Provides guidance and mentoring to less experienced staff members.

    Education and Experience

  • Bachelor or Master's degree in Computer Science, Information Systems, or equivalent.
  • 4-6 years’ experience.
  • Experience with third party component vulnerabilities and license management (JFrog XRay, Blackduck)
  • Knowledge and Technical Skills

  • Proven track record of successfully developing large scale release and patch build, packaging and deployment systems
  • Strong knowledge on DevOPS best practices
  • Strong experience with software build process and tools (Jenkins / Hudson, make, ant, Maven, Perl, Python, shell scripts, etc) is a must
  • Familiarity with Agile Software Development; working in agile (scrum) framework.
  • Experience with JFrog Artifactory a plus
  • Experience with Ansible, Chef or Puppet a plus
  • Strong analytical and problem solving skills
  • Excellent written and verbal communication skills; Ability to effectively communicate product release strategies and negotiate options at management levels.

    Add to favorites
    Remove from favorites
    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form