Team Lead Web Entry Solutions 80 - 100% (f/m/d)

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.

As Team Lead Web Entry Solutions, you assume strategic and operational responsibility for the operation and continuous advancement of our central web entry security infrastructures. You lead a globally distributed, highly specialised team at our locations in Switzerland and Singapore, and play a key role in making the security architecture of a leading global financial institution fit for the future.
Working in close collaboration with IT Service Owners, architects and engineering teams, you drive the delivery of demanding security projects and provide expert guidance to business units on complex security topics. You combine deep technical expertise with strong leadership skills and a strategic view of the overall IT security posture.

YOUR CHALLENGE

Operations & Web Application Security Architecture

• Own the stable operation and strategic development of core IT security infrastructures in the Web Entry domain
• Design, implement and continuously optimise Web Application Firewall and API security architectures based on the Nevis Identity Suite – including rule sets, filter policies and WAF configurations
• Operate, configure and advance security functions such as ModSecurity and Core Rule Sets (CRS)
• Design, implement and operate Global Single Sign-On (GSSO) solutions based on SAML 2.0 and OpenID Connect (OIDC)
• Ensure comprehensive protection against all OWASP Top 10 vulnerability categories (Injection, Broken Access Control, XSS, SSRF, etc.) at both infrastructure and application level
• Operate and evolve load-balancing solutions and multi-layered DDoS protection mechanisms (rate limiting, IP reputation management, bot management)
• Monitor and analyse HTTP/S traffic for anomalies, attack patterns and policy violations using centralised logging and SIEM platforms

Security Governance, Assessments & Projects

• Own security assessments, vulnerability management and baseline compliance across the Web Entry platforms
• Evaluate and prioritise findings from penetration tests, DAST scans and bug bounty programmes; coordinate remediation with development and operations teams
• Drive and deliver complex security projects with a strategic view of the overall IT security posture
• Analyse and manage security incidents (web attacks, WAF bypasses, credential stuffing, bot traffic) and coordinate incident response
• Create and maintain security concepts, WAF policies, technical documentation and operating procedures
• Continuously optimise WAF rule sets, proxy configurations and security baselines; identify and implement improvement opportunities

Leadership & Advisory

• Provide disciplinary and functional leadership to a globally distributed team in Switzerland and Singapore
• Advise and support business units on security topics; actively accompany new security initiatives from concept through to production deployment
• Collaborate closely with IT Service Owners, architects, engineering teams and external partners in a regulated enterprise environment

YOUR PROFILE

• University degree (BSc / MSc / ETH) or higher technical qualification (HF/FH) in Computer Science, Information Security or a comparable technical discipline

• In-depth, demonstrated knowledge of the OWASP Top 10 – mandatory: hands-on experience in identifying, assessing and mitigating all current vulnerability categories

• Strong hands-on expertise in configuring, operating and tuning ModSecurity including the OWASP CRS – experience with false-positive management and custom rule development is mandatory

• Solid understanding of web application architectures: HTTP/S protocol, REST APIs, reverse-proxy concepts, TLS/mTLS, Content Security Policy (CSP), CORS, HTTP security headers (HSTS, X-Frame-Options, etc.)

• Demonstrated practical experience with the Nevis Identity Suite or comparable enterprise WAF / reverse-proxy solutions (e.g. F5 ASM, Barracuda WAF, AWS WAF, Azure Application Gateway WAF)

• Knowledge of security-focused API protection: API gateways, OAuth 2.0 token validation, rate limiting, input validation

• Experience handling penetration-testing findings and security-focused code reviews in a web application context

• Sound, proven expertise in network and application security – this role is not suitable for career starters

• Solid knowledge of modern authentication and authorisation protocols (SAML 2.0, OpenID Connect, OAuth 2.0, PKCE)

• Proficient in Azure security concepts: Azure Policy, Identity Governance in Microsoft Entra ID, AKS Security Posture Management, Microsoft Defender for Cloud

• Demonstrated experience in hybrid environments (cloud and on-premises) and in the secure operation of containerised workloads (Kubernetes, Docker)

• Proven track record in disciplinary and functional management of internationally distributed teams, ideally in a complex, global environment

• Strong communication and stakeholder management skills at all organisational levels

• Fluent English – written and spoken (working language)

Nice to have:

• Experience in the financial sector, in regulated environments or audit-intensive contexts (e.g. FINMA, MAS, DORA)

• Recognised security certifications: CISM, CISSP, CCSP, AZ-500, SC-100 or GWAPT (GIAC Web Application Penetration Tester)

• Knowledge of Secure Software Development Lifecycle (SSDLC) and DevSecOps practices, e.g. SAST/DAST integration in CI/CD pipelines

• Familiarity with the OWASP Application Security Verification Standard (ASVS) as an assessment framework for web applications

• Experience with threat modelling (e.g. STRIDE) and structured risk analysis of web architectures

• Understanding of cloud-native DevOps practices or cloud platform operating models (e.g. AKS, Azure Landing Zones, Infrastructure as Code)

• German language skills

We are looking forward to receiving your full job application through our online application tool.