Apac Offensive Security Expert

In Asia Pacific, BNP Paribas is one of the best-positioned international financial institutions with an uninterrupted presence since 1860. Currently with over 18,000 employees* and a presence in 13 markets, BNP Paribas provides corporates, institutional and private investors with product and service solutions tailored to their specific needs. It offers a wide range of financial services covering corporate & institutional banking, wealth management, asset management, insurance, as well as retail banking and consumer financing through strategic partnerships.

Worldwide, BNP Paribas has a presence in 68 markets with more than 193,000 employees. It has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. Asia Pacific is a key strategic region for BNP Paribas and it continues to develop its franchise in the region.
- excluding partnerships

BNP Paribas offers you an exciting career in an international business environment that is fast-paced, diverse and focuses on creating high-value relationships with our clients. We offer competitive salary and benefits, as well as a working environment where you’re valued as part of the team.

**Position Purpose**:
BNP Paribas has a presence in 74 countries with over 190,000 employees. It ranks highly in its two core activities: Retail Banking and Services as well as Corporate & Institutional Banking.
In Asia Pacific, the BNP Paribas Group is a leading employer with more than 15,000 employees* and a presence in 14 markets. Being one of the largest international banking networks, we strive to employ talented and innovative people who are aligned to our vision and culture.

The Offensive Security expert provides technical expertise on offensive security matters for all APAC locations
- excluding partnerships

**Responsibilities**

**Direct Responsibilities**

1: Design & animate simulated attacks as validated by the bank’s management,
2: Enrich and refresh the toolsets for the offensive security team,
3: Challenge the status of cyber readiness, by designing and engaging simulated attacks against the bank, and evaluate the effectiveness of the defense from Technology, People and Process perspective,
4: Keep abreast of latest cyber threat intelligence and attack techniques, study/learn and potentially replicate similar techniques on the bank to verify the bank’s protection,
5: Organize Purple team exercises to enhance the bank’s cyber security from both Offensive Security and Cyber Defense perspective,
6: Manage other offensive security topics such as penetration test and DDoS as directed by the CISO,
7: Propose feasible remediation actions and track the completion,
8. Exert a critical and risk-minded approach in assessing and proposing scenario of attack/exploit, realistic with market threat landscape.

**Contributing Responsibilities**

1: Contribute to the learning of cyber security community in APAC CIB by presenting latest studies, organizing learning sessions and security events,
2: Contribute to Cyber Security Programme,
3: Assist regional and local CISO in the regulatory response and review with regards to cyber-attacks,
4: Contribute to establishment of Cyber Range and ongoing usage of it for offensive security ,
5: Contribute to the Cyber Crisis Committee and crisis management as needed.

**Technical & Behavioral Competencies**:

- Hands-on common script/shell TTPs,
- Have a strong technical background in IT security,
- Excellent working knowledge of technology infrastructure, e.g., Windows/Linux operating system, networking protocols, Database Management, Middleware,
- In-depth security knowledge in the following areas: authentication, encryption algorithms, PKI, privilege management, data leakage prevention,
- Familiarity with the common toolset of vulnerability management, penetration testing and red team exercise, e.g., Nmap, Nessus, Kali Linux, Metasploit, Burp, SET,
- Proven capability to learn fast and the ability to keep up with technology trends,
- Flexibility and sensitivity of working in a heavily regulated industry,
- Strong team player and always conduct oneself in a respectful manner,
- Client focused and commercial thinking,
- Excellent interpersonal and communication skills,
- Excellent stakeholder management skills in a matrix environment.

**Specific Qualifications (if required)**:

- OSCP/OSEP
- CREST certificate will be a plus