Team Lead Web Entry Solutions; f​/m​/d

Team Lead Web Entry Solutions

Assume strategic and operational responsibility for the operation and continuous advancement of our central web entry security infrastructures.

• Own the stable operation and strategic development of core IT security infrastructures in the Web Entry domain.
• Design, implement and continuously optimise Web Application Firewall and API security architectures based on the Nevis Identity Suite – including rule sets, filter policies and WAF configurations.
• Operate, configure and advance security functions such as Mod Security and Core Rule Sets (CRS).
• Design, implement and operate Global Single Sign-On (GSSO) solutions based on SAML 2.0 and OpenID Connect (OIDC).
• Ensure comprehensive protection against all OWASP Top 10 vulnerability categories (Injection, Broken Access Control, XSS, SSRF, etc.) at both infrastructure and application level.
• Operate and evolve load‑balancing solutions and multi‑layered DDoS protection mechanisms (rate limiting, IP reputation management, bot management).
• Monitor and analyse HTTP/S traffic for anomalies, attack patterns and policy violations using centralised logging and SIEM platforms.

• Own security assessments, vulnerability management and baseline compliance across the Web Entry platforms.
• Evaluate and prioritise findings from penetration tests, DAST scans and bug bounty programmes; coordinate remediation with development and operations teams.
• Drive and deliver complex security projects with a strategic view of the overall IT security posture.
• Analyse and manage security incidents (web attacks, WAF bypasses, credential stuffing, bot traffic) and coordinate incident response.
• Create and maintain security concepts, WAF policies, technical documentation and operating procedures.
• Continuously optimise WAF rule sets, proxy configurations and security baselines; identify and implement improvement opportunities.

• Provide disciplinary and functional leadership to a globally distributed team in Switzerland and Singapore.
• Advise and support business units on security topics; actively accompany new security initiatives from concept through to production deployment.
• Collaborate closely with IT Service Owners, architects, engineering teams and external partners in a regulated enterprise environment.

• University degree (BSc / MSc / ETH) or higher technical qualification (HF/FH) in Computer Science, Information Security or a comparable technical discipline.
• In‑depth, demonstrated knowledge of the OWASP Top 10 – mandatory: hands‑on experience in identifying, assessing and mitigating all current vulnerability categories.
• Strong hands‑on expertise in configuring, operating and tuning Mod Security including the OWASP CRS – experience with false‑positive management and custom rule development is mandatory.
• Solid understanding of web application architectures: HTTP/S protocol, REST APIs, reverse‑proxy concepts, TLS/mTLS, Content Security Policy (CSP), CORS, HTTP security headers (HSTS, X‑Frame‑Options, etc.).
• Demonstrated practical experience with the Nevis Identity Suite or comparable enterprise WAF / reverse‑proxy solutions (e.g. F5 ASM, Barracuda WAF, AWS WAF, Azure Application Gateway WAF).
• Knowledge of security‑focused API protection: API gateways, OAuth
  2.0 token validation, rate limiting, input validation.
• Experience handling penetration‑testing findings and security‑focused code reviews in a web application context.
• Sound, proven expertise in network and application security – this role is not suitable for career starters.
• Solid knowledge of modern authentication and authorisation protocols (SAML
  2.0, OpenID Connect, OAuth
  2.0, PKCE).
• Proficient in Azure security concepts:
  Azure Policy, Identity Governance in Microsoft Entra
  
  ID, AKS Security Posture Management, Microsoft Defender for Cloud.
• Demonstrated experience in hybrid environments (cloud and on‑premises) and in the secure operation of containerised workloads (Kubernetes, Docker).
• Proven track record in disciplinary and functional management of internationally distributed teams, ideally in a complex,…