At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
As an IT Security Specialist within IT Security Solutions, you are responsible for the operational coordination and quality assurance of penetration tests, security assessments, deception controls, and TIBER-EU–aligned red team activities. You ensure that engagements are properly scoped, offers and reports are professionally reviewed, findings are consistently tracked, and remediation measures are verified through retesting – in a structured, traceable, and effective manner.
In addition, you leverage deception technologies to detect attacker behaviour at an early stage, deliberately deploy deception mechanisms, and contribute additional security-relevant insights to assessments and remediation activities.
YOUR CHALLENGE
1. Lead scoping discussions for internal and external penetration tests, defining objectives, scope, ROE, and technical prerequisites
2. Evaluate vendor proposals for security assessments, assessing scope, methodology, quality, cost, and timelines
3. Identify gaps and risks in vendor offerings; collaborate with stakeholders to provide informed selection recommendations
4. Conduct thorough reviews of pen test reports to ensure technical accuracy, clear evidence, proper severity scoring, and actionable remediation guidance
5. Ensure all findings are reproducible, well-documented, and effectively communicated; coordinate clarification with vendors when needed
6. Manage vulnerability lifecycle using Jira/ServiceNow, including tracking, prioritisation, follow-ups, and escalation of overdue or blocked items
7. Monitor remediation progress with risk-based focus, providing regular updates on key metrics such as critical findings, MTTR, and recurrence trends
8. Offer technical guidance to coordinators and engineers, supporting interpretation of results and planning corrective actions
9. Organise and perform internal retesting to validate fix effectiveness and contribute to root cause analysis to prevent future vulnerabilities
10. Support TIBER-EU engagements where applicable, ensuring compliance with governance, traceability, and post-assessment action tracking
11. Continuously enhance assessment standards, checklists, and processes across scoping, reporting, and retesting activities
YOUR PROFILE
12. Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience
13. 3-6 years of experience in IT security delivery, AppSec, SecOps, or security assessment coordination
14. Solid understanding of web, application and API security (OWASP Top 10), vulnerability classes, and risk assessment
15. Strong knowledge of common penetration testing methodologies and deliverables (scope, ROE, test plan, report, retest)
16. Experience with Jira and/or ServiceNow for issue and vulnerability management
17. Excellent Python skills, particularly in automating workflows and developing security‑relevant tools
18. Experience with HashiCorp Vault, including secrets management, PKI operations, policy configuration, and automation
19. Experience with IBM PAM (Privileged Access Management) or comparable enterprise‑grade PAM solutions
20. Excellent organisational and prioritisation skills across multiple parallel engagements
21. High quality standards for documentation and audit trails in regulated environments
22. Clear and confident communication with both technical and non-technical stakeholders
23. Hands-on mindset with the ability to switch between technical detail and management-level perspectives
24. Professional proficiency in English (written and spoken); German is an advantage
We only consider candidates who can start immediately.
We are looking forward to receiving your full job application through our online application tool.