PAt Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together. /pAs Team Lead Web Entry Solutions, you assume strategic and operational responsibility for the operation and continuous advancement of our central web entry security infrastructures. You lead a globally distributed, highly specialised team at our locations in Switzerland and Singapore, and play a key role in making the security architecture of a leading global financial institution fit for the future.br/Working in close collaboration with IT Service Owners, architects and engineering teams, you drive the delivery of demanding security projects and provide expert guidance to business units on complex security topics. You combine deep technical expertise with strong leadership skills and a strategic view of the overall IT security posture.ppbbYOUR CHALLENGE /b /b /p /ppbOperations Web Application Security Architecture /b /pliOwn the stable operation and strategic development of core IT security infrastructures in the Web Entry domain /liliDesign, implement and continuously optimise Web Application Firewall and API security architectures based on the Nevis Identity Suite – including rule sets, filter policies and WAF configurations /liliOperate, configure and advance security functions such as ModSecurity and Core Rule Sets (CRS) /liliDesign, implement and operate Global Single Sign-On (GSSO) solutions based on SAML 2.0 and OpenID Connect (OIDC) /liliEnsure comprehensive protection against all OWASP Top 10 vulnerability categories (Injection, Broken Access Control, XSS, SSRF, etc.) at both infrastructure and application level /liliOperate and evolve load-balancing solutions and multi-layered DDoS protection mechanisms (rate limiting, IP reputation management, bot management) /liliMonitor and analyse HTTP/S traffic for anomalies, attack patterns and policy violations using centralised logging and SIEM platforms /lipbSecurity Governance, Assessments Projects /b /pliOwn security assessments, vulnerability management and baseline compliance across the Web Entry platforms /liliEvaluate and prioritise findings from penetration tests, DAST scans and bug bounty programmes; coordinate remediation with development and operations teams /liliDrive and deliver complex security projects with a strategic view of the overall IT security posture /liliAnalyse and manage security incidents (web attacks, WAF bypasses, credential stuffing, bot traffic) and coordinate incident response /liliCreate and maintain security concepts, WAF policies, technical documentation and operating procedures /liliContinuously optimise WAF rule sets, proxy configurations and security baselines; identify and implement improvement opportunities /lipbLeadership Advisory /b /pliProvide disciplinary and functional leadership to a globally distributed team in Switzerland and Singapore /liliAdvise and support business units on security topics; actively accompany new security initiatives from concept through to production deployment /liliCollaborate closely with IT Service Owners, architects, engineering teams and external partners in a regulated enterprise environment /lippbbYOUR PROFILE /b /b /p /plipUniversity degree (BSc / MSc / ETH) or higher technical qualification (HF/FH) in Computer Science, Information Security or a comparable technical discipline /p /lilipIn-depth, demonstrated knowledge of the OWASP Top 10 – mandatory: hands-on experience in identifying, assessing and mitigating all current vulnerability categories /p /lilipStrong hands-on expertise in configuring, operating and tuning ModSecurity including the OWASP CRS – experience with false-positive management and custom rule development is mandatory /p /lilipSolid understanding of web application architectures: HTTP/S protocol, REST APIs, reverse-proxy concepts, TLS/mTLS, Content Security Policy (CSP), CORS, HTTP security headers (HSTS, X-Frame-Options, etc.) /p /lilipDemonstrated practical experience with the Nevis Identity Suite or comparable enterprise WAF / reverse-proxy solutions (e.g. F5 ASM, Barracuda WAF, AWS WAF, Azure Application Gateway WAF) /p /lilipKnowledge of security-focused API protection: API gateways, OAuth 2.0 token validation, rate limiting, input validation /p /lilipExperience handling penetration-testing findings and security-focused code reviews in a web application context /p /lilipSound, proven expertise in network and application security – this role is not suitable for career starters /p /lilipSolid knowledge of modern authentication and authorisation protocols (SAML 2.0, OpenID Connect, OAuth 2.0, PKCE) /p /lilipProficient in Azure security concepts: Azure Policy, Identity Governance in Microsoft Entra ID, AKS Security Posture Management, Microsoft Defender for Cloud /p /lilipDemonstrated experience in hybrid environments (cloud and on-premises) and in the secure operation of containerised workloads (Kubernetes, Docker) /p /lilipProven track record in disciplinary and functional management of internationally distributed teams, ideally in a complex, global environment /p /lilipStrong communication and stakeholder management skills at all organisational levels /p /lilipFluent English – written and spoken (working language) /p /lipNice to have: /plipExperience in the financial sector, in regulated environments or audit-intensive contexts (e.g. FINMA, MAS, DORA) /p /lilipRecognised security certifications: CISM, CISSP, CCSP, AZ-500, SC-100 or GWAPT (GIAC Web Application Penetration Tester) /p /lilipKnowledge of Secure Software Development Lifecycle (SSDLC) and DevSecOps practices, e.g. SAST/DAST integration in CI/CD pipelines /p /lilipFamiliarity with the OWASP Application Security Verification Standard (ASVS) as an assessment framework for web applications /p /lilipExperience with threat modelling (e.g. STRIDE) and structured risk analysis of web architectures /p /lilipUnderstanding of cloud-native DevOps practices or cloud platform operating models (e.g. AKS, Azure Landing Zones, Infrastructure as Code) /p /lilipGerman language skills /p /lipWe are looking forward to receiving your full job application through our online application tool. /p