Job Title : IT Security Professional, CIB IT Mumbai Security & IT Risk
Location : Mumbai, Infinity Malad
The IT Security Professional role is based in Mumbai and will work as part of a global team covering security risks and associated activities in multiple locations across Europe, North America and Asia.
Open Source Vulnerability Management (OSVM) examines open source security risks, license compliance, and code quality risks at each stage in the SDLC.
OSVM allows you to continuously monitor for new vulnerabilities and manage risk.
The ideal candidate will have a strong technical (software development, release engineering or DevOps) background, will be forward-
looking, pragmatic in their approach to problems, possess excellent communication skills and thrive in a dynamic, collaborative environment.
Evaluate open source security, license compliance, and quality risks at any phase of the SDLC
Integration know-how of Open Source, 3rd party and proprietary software
Good knowledge about open source technologies and open source implementation experience
Recommend, evaluate and help drive implementation of other DevOps / release management tools
Recommend and implement DevOps / release engineering process improvements
Collaborate with other BNP Paribas Software teams in development and uptake of DevOps / release management tools, and process improvement
Enhances existing processes, tools, scripts with new capabilities whilst maintaining compatibility.
Maintains the existing components and resolves problem reported by various Development teams.
Collaborates and communicates with management and internal development partners regarding software applications design status, project progress, and issue resolution.
Represents the Release engineering team for all phases of larger and more-complex development projects.
Provides guidance and mentoring to less experienced staff members.
Education and Experience
Bachelor or Master's degree in Computer Science, Information Systems, or equivalent.
4-6 years’ experience.
Experience with third party component vulnerabilities and license management (JFrog XRay, Blackduck)
Knowledge and Technical Skills
Proven track record of successfully developing large scale release and patch build, packaging and deployment systems
Strong knowledge on DevOPS best practices
Strong experience with software build process and tools (Jenkins / Hudson, make, ant, Maven, Perl, Python, shell scripts, etc) is a must
Familiarity with Agile Software Development; working in agile (scrum) framework.
Experience with JFrog Artifactory a plus
Experience with Ansible, Chef or Puppet a plus
Strong analytical and problem solving skills
Excellent written and verbal communication skills; Ability to effectively communicate product release strategies and negotiate options at management levels.