ICT Security Senior Engineer (SSO L2)

About BNP Paribas Group

BNP Paribas Group is a leading European bank with a strong global footprint across 72 markets and more than 202,000 employees. The Group provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

About BNP Paribas Solutions - Philippines Branch

Established in 2024, BNP Paribas Solutions Philippines Branch is a branch of BNP Paribas Group, a leading bank in Europe with an international reach. We provide support services, back-office operations services related to or which further the accomplishment of the corporation's investment services, banking transaction processing, and equity investment.

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind, and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

About Business Line/ Function

APAC Production Security is responsible for implementing and operating cyber-security systems to protect BNP Paribas APAC Information Systems (i.e. networks, servers, endpoints), especially in the Production environment. The team is responsible for multiple IT Security activities for BNP Paribas Asia Pacific region, such as: Production Security Governance, PMO & Risks, IT Network Security and Security Design /Architecture, Vulnerability & Compliance Management, IAM Production, Production CSIRT and Logging & Detection, Production support of the Security platforms.

Responsibilities

As a member of the ProdSec / IAM / SSO team, the SSO L2 engineer is responsible to supervise the operations, to contribute to projects and to actively manage the risks & controls of the SSO services within an international, distributed, and highly secured environment.

Direct Responsibilities

• Act as senior/lead for operations and support of the service in the region
• Pro-actively monitor, manage and improve availability and performance of the production environments (from presentation and application layers to Infrastructure layers)
• Pro-actively manage the capacity of production applications
• Partner with different IT teams to conduct analysis of incidents and follow-up identified problems.
• Identify tactical or strategic improvements that can be introduced to help reduce the number of incidents within the SSO and LDAP area.
• Work within the change management framework adopted by BNP Paribas to ensure that all changes to the production environment are planned and executed in a controlled manner.
• Take responsibility for the quality of changes within the SSO and IDM environments, ensuring that changes raised are of sufficient standard in terms of technical and planning detail.
• Contribute to some tasks of key projects for SSO and LDAP
• Work with the Application Production Support project managers in defining, designing, documenting and implanting new functionality for existing and new applications.
• Liaise with the Application Developers in low-level diagnosis of on-going issues.
• Provide subject matter expertise on SSO and IDM technologies to all business application teams.
• Act as technology evangelists for the improvement of process and technology in use for the Authentication services within BNP Paribas.
• Work cooperatively with the other members of the team
• Ensure adherence to processes and procedures
• Request improvement of knowledge (training) when needed
• Apply own initiative, within the levels of acceptable risks
• If the nature of the position is user-facing, then all the guidelines and principles of user service mindset and behaviour should be applied
• Escalate risks / issues to the manager of the team
• Minimise operational failure, including but not exclusively, the risk of fraud, and by implementing sufficient regular controls.
• Ensure appropriate escalation to management and/or Permanent Control (or Compliance as appropriate) as soon as an issue is identified.
• Provide a direct contribution to the BNPP operational permanent control framework.

As this is a production support role, focusing on a range of different and mostly innovative technologies, candidates must possess the aptitude and desire to learn. In addition, ability to be on call and provide support out of hours is essential.

Contributing Responsibilities

• Ensure that the Bank's Governance & cybersecurity practices comply with local and international regulations and industry standards. Prepare and maintain documentation for audits and ensure adherence to best practices in cybersecurity.
• Contribute to the Permanent Control framework for implementation of policies and procedures in day-to-day business activities, such as Control Plan and respond to Internal / External Audit's.
• Contribute to improvement of prevention and detection capabilities by brainstorming KRIs and the Security Incident triages.
• Collaborate with IT, legal, and Compliance teams to maintain security posture.

Technical & Behavioral Competencies

• Bachelor's degree in Computer science or a related field.
• At least 10 years of experience in the IT and/or Security domain.
• Strong understanding of Internet Security and Critical Controls.
• Proficiency in writing programming/scripting languages (Python, Unix/Linux, etc.) is a plus.
• Familiarity with common security frameworks and standards, such as ISO 27001 & NIST and the ability to specify where and how security controls should be applied to or engineered into the security design.
• Good working knowledge of Security risk management, Vulnerability management, Application security & Security incident response.
• Excellent communication and advocacy skills, both verbal and written, with the ability to express complex technical issues and articulate in a comprehensible manner.
• Technical Skills desirable for the role include:
• Axway Security gateway
• SQL, Database schema
• Authentication services for APIs
• Exposure to Apigee API gateway
• Knowledge of Process & Quality management, ITIL v2/v3
• Microsoft Project, Advanced Excel, PowerPoint and Word
• Knowledge of Atlasian Jira Task Management toolset
• Previously used ServiceNow product for IT Service Management