CKMS & HSM IT Security Engineer

GROUP BNP PARIBAS
BNP Paribas Group is the top bank in the European Union and a major international banking establishment. It has close to 185,000 employees in 65 countries. In Spain we are more than 5,100 employees within 13 business lines.

Spain IT Production
Spain IT Production organization consists of CIB ITO & ITG IT Platforms and is responsible for providing IT Production services to our Clients in EMEA, ensuring a Digital Market evolution, in a secured and performant environment, and with a reliable quality. IT Production organisation includes Infrastructure services, Telecom & Workspace, Production Security and Application Production domains and associated transversal services (CTO Office, Control Tower, PMO and IT Continuity). In Spain, IT Production relies on a Platform with over 400 experts that provide full-stack support services ensuring a secure, stable, standardized, and efficient production.

About The Job
MISSION

BNP Paribas is a major player in the European banking sector. As such, BNP Paribas must protect its assets from cyber-attacks. The bank is also subject to strong rules from regulators or its customers.

The major challenges of current computing require greater security of data and banking applications. In a growing context of developing mobility solutions and Cloud services adoption, the mission is to integrate the Production Security teams in charge of setting up services to secure access to information system assets.

The mission is part of the IT Group Production Security – Defense teams. This team is specialized in security and data protection issues. The primary responsibility of the teams is to provide security services within the overall requirements framework while ensuring the operational readiness and Level 3 support of these services within an international scope.

Scope: Key Management Services (KMS), Hardware Security Modules (HSM), Encryption, PKI, cryptographic services, smart cards, strong authentication solutions, electronic signature, etc.

Mission & Role summary

Within the Crypto Services expertise team, the mission will be to ensure the operational maintenance of the Group's cryptographic security services (HSM, KMS, BYOK, KYOK, KMS, etc.) and to participate in the evolution of digital trust services (encryption, key management, electronic signature solutions, etc.).

It is expected that you operate in a cloud context (Office 365, IBM and others) to meet new uses and security needs (authentication, encryption, signature). In this context, you will contribute to the study, qualification and subsequent implementation of new security solutions. A technical background, security and project management is therefore needed.

You will contribute to the on-call duty rotation provided to ensure the high availability of services provided by the Crypto Services expert team.

Responsibilities
As part of this job, your missions will be to:

Technical Essentials

• Provide technical expertise around cryptography: HSM, KMS, data encryption, cryptographic key life cycle, BYOK, KYOK, algorithms,
• Participate in the design of architectures, building (Build) and evolution of KMS / HSM solutions,
• Work with the IT Risk Management teams and transcribing risk and security requirements from an operational perspective,
• Advise and support the business lines on the security aspects of various projects,
• Write technical, operational procedures (e.g. key ceremony, installation of MSM, change of defective MSM, etc.),
• Investigate, qualify and implement new security solutions
• Qualify version runs of existing solutions,
• Participate in cryptographic implementation projects and cryptographic key management,
• Participate in ongoing cryptographic services management activities,
• Contribute to the study of innovative solutions around cryptography,
• Integrate solutions for the protection of the Bank's data as set out in the Cloud solutions,
• Perform a security technology watch (authentication means, cryptographic algorithms, vulnerabilities, etc.),

Maintenance In Operational And Security Condition

• Carry out on-call duty (one week per month),
• Providing Level 3 support for services,
• Analyses and processes engineering requests and incident tickets,
• Carry out operations in unworked hours,
• Maintenance and development of services,
• Industrialise and automate operating processes,

Requirements

• Studies

Master's degree or equivalent

• Experience

Minimum 2-to-4-year Experience With HSM, CKMS, PKI
Experience in IT Production environments

Experience as SPOC for technical escalations

• Languages

High Level of English (written / spoken).

French speaking will be appreciated.

Skills

• Technical

Cryptography - Expert

HSM - Expert

Security - Expert

Infrastructure - Mastery

Architecture - Mastery

Programming Languages (Shell, Python, etc.) - Mastery

Production - Expert

OS UNIX / Windows - Mastery

Base de données (Postgres, MongoDB…) - Pratique

Active Directory - Mastery

Administration - Mastery

IAM - Mastery

Network - Mastery

• Transversal & Behavioral

Teamwork

Organizational skills and timeliness

Priority management and adjustment to constraints

Good writing quality

Sense of initiative

Autonomous, rigorous and methodical.

Benefits

• Training programs, career plans and internal mobility opportunities, national and international thanks to our presence in different countries.
• Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity).
• Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities.
• Flexible compensation plan.
• Hybrid telecommuting model (50%).
• 32 vacation days.

Diversity and inclusion commitment
BNP Paribas Group in Spain is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency, which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.