ITG – Production Engineer – Proxy & WAF Functions BNP Paribas (#MITP)

Employment contract:



Madrid, Comunidad de Madrid, Spain





Business Overview

The BNP Paribas Group is one of the largest international banking networks, with a presence in 72 countries. The organization is an international financial services group, with in excess of 200,000 employees with solid roots in Europe.


The BNP Paribas Group is organized around two main activities: Retail Banking and Corporate & Institutional Banking (CIB).

The IT production has two main entities ITGP and ITO, with a main governance lead by ITGP.


Service Overview

The service of Production Security provides all necessary resources to ensure the correct and efficient deployment, administration and support of operational security solutions and tools on network, server and endpoint infrastructures for business areas operated by ITG.


The roles mission and objective is to protect BNP PARIBAS Group applications and workloads (intranet and internet), as well as the administration and management of the Web access of BNPP employees using a secured environment.


Context & role summary

The scope of the function implies L2 administration and support responsibilities for the WEB filtering proxy devices and management of the Web Application Firewall platforms.


Functional Scope

  • Level 2 Management of production configurations on WEB Proxy
  • Level 2 Management of production configurations on the Web Application Firewall (F5 WAF ASM)
  • Responsibility over access grant requests to BNPP Intranet or Internet resources
  • Management of authorizations on GUI
  • Management of filter equipment logs
  • Level 2 Support on application layer tasks and issues
  • Level 2 Support on security rules (Filtering, Authentication, SSL Inspection, Anti-Malware, DLP, etc…)
  • Advice and assistance (projects, audits, etc.). Contribute to projects affecting network security
  • Resolution or contribution to incident resolution
  • Support architecture teams on developments involving upstream web filtering
  • Completion of compliance reports. Drafting of application operating documents




Technical Essentials

  • Proxy: McAfee Web Gateway
  • F5 Advanced Web Application Firewall (AWAF)
  • F5 BigIP + Application Security Manager (ASM) + Access Policy Manager (APM)
  • Wireshark
  • Microsoft Workstation & Servers



  • Fluent English written and spoken. Strong written, oral, and interpersonal communications skills.
  • French is a plus
  • Bachelor in Computer Science or equivalent.
  • Minimum 2 to 4 year experience in cybersecurity and data security environments.
  • Cybersecurity certifications.
  • ITIL Foundation certificate will be desirable.
  • Project lifecycle experience.
  • Experience as SPOC for technical escalations.



  • Available for On Site Services: 08:00 to 19:30 regular/variable schedule range.
  • Available for On Call Services: Off regular schedule services in 24/7 weekly shifts.
  • Ability to stay calm and think logically under stress.
  • Root cause analysis for all day-to-day technical issues aimed at recovery and prevention processes.
  • Ability to coordinate with offshore teams; interface with customers, vendors and partners for issue resolution.
  • Assists the Team Leads/Delivery Manager in maintaining SLA adherence.
  • Capable to communicate, implement and enforce policies. Capable of exception and scope handling.
  • Incident Management:
    • Answer generic client’s requests thru phone call or mails.
    • Register and own the incident life cycle in ServiceNow. Monitor ServiceNow request queue.
    • Execute troubleshooting to resolve or escalate to L3 support teams.