VP - Head of Vulnerability Assessments - Red Team / Penetration Testing
Company: BNP Paribas
Location: Jersey City
Posted on: April 3, 2021
VP - Head of Vulnerability Assessments - Red Team / Penetration
Testing BNP--Paribas is a leading bank in Europewith an
international reach. It has a presence in 72 countries, with more
than202,600 employees, of which almost 155,000 in Europe. The Group
has keypositions in its three main activities: Domestic Markets and
InternationalFinancial Services (whose retail-banking networks and
financial services arecovered by Retail Banking & Services) and
Corporate & InstitutionalBanking, which serves two client
franchises: corporate clients andinstitutional investors. The Group
helps all its clients (individuals, communityassociations,
entrepreneurs, SMEs, corporates and institutional clients)
torealize their projects through solutions spanning financing,
investment,savings and protection insurance.-- In Europe, the Group
has four domesticmarkets (Belgium, France, Italy and Luxembourg)
and BNP--Paribas PersonalFinance is the--European--leader in
consumerlending. BNP--Paribas is rolling out its
integratedretail-banking model in Mediterranean countries, in
Turkey, in Eastern Europeand a large network in the western part of
the United States. In its Corporate& Institutional Banking and
International Financial Services activities,BNP--Paribas also
enjoys top positions in Europe, a strong presence in theAmericas as
well as a solid and fast-growing business in Asia-Pacific. The
Vulnerability Assessments (VA) Team isthe offensive security arm of
BNPP Cyber Security. The team is responsible formanaging the
Penetration Testing and Red Team Assessments program. The
Vulnerability Assessments (VA) Teamperforms global intelligence-led
exercises against people, process, andtechnology. The Red Team
challenges the organization to improve theeffectiveness of Cyber
Security by conducting exercises using the same Tactics,Techniques
and Procedures (TTPs) as real adversaries. To be successful in
thisrole, candidates are expected to act as subject matter experts
in offensivesecurity with a proven track record in exploitation,
escalation of privileges,and lateral movement. Candidate
SuccessFactors: Candidates will be measured on the following four
performance driverswhich will dictate how individual impact is
considered on the Americasplatform:
- Results and Impact
- Leadership and Collaboration
- Client, Customer and Stakeholder Focus
- Compliance Culture and Conduct Responsibilities:
- Proven thought leader with a vision for building and operating
a world class Offensive Security program.
- Experience in leading and directing a team of highly technical
Red Team & Penetration Testing professionals.
- Ability to present to and interact with executive
- Develops, manages, and oversees offensive cybersecurity tests
to validate the completeness and effectiveness of cybersecurity
- Manages vendor contracts, relationships, and staff for the
execution of cybersecurity tests.
- Designs, builds, and improves the technical infrastructure
necessary to perform cybersecurity testing by both in-house and
outsourced penetration testers who are executing either remotely or
- Assist infrastructure and application owners in validating
their remediation efforts for findings resulting from offensive
- Lead penetration testing and red team assessments.
- Lead, plan, and execute all Social Engineering
- Analyze cyber intelligence and design attack models for use
against the organization.
- Testing of the overall security of critical infrastructure
components and applications to ensure they comply with internal
policies, security architecture best practices, and industry
- Supporting Purple Team operations.
- Reporting information security vulnerabilities to businesses
- Act as thought leaders for addressing new security challenges
such as IoT, cloud, robotics, and artificial intelligence.
- Conduct vulnerability assessments and penetration tests
(application and/or infrastructure) and articulate security issues
to technical and non-technical audience.
- Identify, research, and validate known and unknown exploits on
- Work closely with the Blue Team to identify gaps, address
findings, and improve breach response.
- Act as advisors for the Blue Team during major events and hunt
activities. Minimum Required Qualifications
- Strong problem solving and analytical skills, verbal and
written communication skills.
- Excellent interpersonal skills and the ability to work
effectively with others as a team.
- Ability to work independently and effectively managing and
prioritizing multiple tasks.
- Solid understanding of IT security concepts with an emphasis on
Security and Risk Assessment.
- Knowledge and experience with law and regulations surrounding
the financial services sector.
- Advanced user of Microsoft Excel, Microsoft Word and Microsoft
- Excellent understanding of networking concepts and Information
Security, including emerging threats and attack methodologies.
- Demonstrable understanding of Information Technology
principles, including software, hardware, and networking.
- A broad understanding of all areas of banking and the threats
faced by the financial sector.
- Strong ability to analyze threat actor TTPs at a highly
detailed and technical level, examine and develop the controls,
lead and execute tests of those controls using penetration testing
and red team techniques.
- Conducting adversary emulations and penetration testing
(application and/or infrastructure) and articulating security
issues to technical and non-technical audience.
- Identifying, researching, validating, and exploiting various
different known and unknown security vulnerabilities on server and
- Conducting Purple Team Testing.
- Creating metrics to establish value to senior management.
- Define cyber KPIs.
- Knowledge of Vulnerability Assessment tools, e.g. Nessus,
- Strong familiarity with at least one major pen testing
framework (MITRE ATT@CK, CBEST) and the ability to self-learn new
frameworks as required.
- Knowledge of Exploitation frameworks, e.g. Metasploit, CANVAS,
- Knowledge of Post-Exploitation Frameworks: Cobalt Strike,
SILENTTRINITY, Covenant, Faction, Merlin, APfell, Red Team Toolkit,
- Social Engineering campaigns, e.g. email phishing, phone calls,
- Deep understanding of OSI model.
- Security devices, e.g. Firewalls, VPN, AAA systems.
- Understanding of common protocols, e.g. LDAP, SMTP, DNS,
- Knowledge of Web development and programming languages i.e.
Python, Perl, Ruby, Java, and/or .Net.
- Reporting information security vulnerabilities to businesses.
- Bachelor degree in Computer Science or Engineering (relevant
concentration preferred) with 10-15+ years of experience preferably
within a pen test or red team function in the financial sector; or
a Graduate Degree (Masters) in MIS.
- Information Security certifications (e.g., CISSP, CISA, CISM,
- SharePoint administration and document management.
- Understanding of the Tactics, Techniques, and Procedures of
cyber threat actors.
- Understanding of geo-political dynamics and how they affect the
wider cyber threat landscape.
- Experience working with the Kill Chain, Diamond Model of
Intrusion and similar frameworks and concepts.
- Excellent writing and presentation skills to communicate
findings and recommendations to different audiences and
stakeholders. FINRA Registrations Required:-- N/A BNP--Paribas is
committed to providing a work environment that fosters diversity,
inclusion, and equal employment opportunity without regard to race,
color, gender, age, creed, sex, religion, national origin,
disability (physical or mental), marital status, citizenship,
ancestry, sexual orientation, gender identity and gender
expression, or any other legally protected status. Primary
Location: US-NJ-Jersey City Job Type: Standard / Permanent Job:
MISCELLANEOUS Education Level: Bachelor Degree or equivalent (>
= 3 years) Experience Level: Not Indicated Schedule: Full-time
Keywords: BNP Paribas, Jersey City , VP - Head of Vulnerability Assessments - Red Team / Penetration Testing, Executive , Jersey City, New Jersey
Didn't find what you're looking for? Search again!