Team Lead Web Entry Solutions; f​/m​/d

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.

As Team Lead Web Entry Solutions, you assume strategic and operational responsibility for the operation and continuous advancement of our central web entry security infrastructures. You lead a globally distributed, highly specialised team at our locations in Switzerland and Singapore, and play a key role in making the security architecture of a leading global financial institution fit for the future.

Working in close collaboration with IT Service Owners, architects and engineering teams, you drive the delivery of demanding security projects and provide expert guidance to business units on complex security topics. You combine deep technical expertise with strong leadership skills and a strategic view of the overall IT security posture.

• Own the stable operation and strategic development of core IT security infrastructures in the Web Entry domain
• Design, implement and continuously optimise Web Application Firewall and API security architectures based on the Nevis Identity Suite – including rule sets, filter policies and WAF configurations
• Operate, configure and advance security functions such as Mod Security and Core Rule Sets (CRS)
• Design, implement and operate Global Single Sign-On (GSSO) solutions based on SAML 2.0 and OpenID Connect (OIDC)
• Ensure comprehensive protection against all OWASP Top 10 vulnerability categories (Injection, Broken Access Control, XSS, SSRF, etc.) at both infrastructure and application level
• Operate and evolve load‑balancing solutions and multi-layered DDoS protection mechanisms (rate limiting, IP reputation management, bot management)
• Monitor and analyse HTTP/S traffic for anomalies, attack patterns and policy violations using centralised logging and SIEM platforms

• Own security assessments, vulnerability management and baseline compliance across the Web Entry platforms
• Evaluate and prioritise findings from penetration tests, DAST scans and bug bounty programmes; coordinate remediation with development and operations teams
• Drive and deliver complex security projects with a strategic view of the overall IT security posture
• Analyse and manage security incidents (web attacks, WAF bypasses, credential stuffing, bot traffic) and coordinate incident response
• Create and maintain security concepts, WAF policies, technical documentation and operating procedures
• Continuously optimise WAF rule sets, proxy configurations and security baselines; identify and implement improvement opportunities

• Provide disciplinary and functional leadership to a globally distributed team in Switzerland and Singapore
• Advise and support business units on security topics; actively accompany new security initiatives from concept through to production deployment
• Collaborate closely with IT Service Owners, architects, engineering teams and external partners in a regulated enterprise environment

• University degree (BSc / MSc / ETH) or higher technical qualification (HF/FH) in Computer Science, Information Security or a comparable technical discipline
• In‑depth, demonstrated knowledge of the OWASP Top 10 – mandatory: hands‑on experience in identifying, assessing and mitigating all current vulnerability categories
• Strong hands‑on expertise in configuring, operating and tuning Mod Security including the OWASP CRS – experience with false‑positive management and custom rule development is mandatory
• Solid understanding of web application architectures: HTTP/S protocol, REST APIs, reverse‑proxy concepts, TLS/mTLS, Content Security Policy (CSP), CORS, HTTP security headers (HSTS, X‑Frame‑Options, etc.)
• Demonstrated practical experience with the Nevis Identity Suite or comparable enterprise WAF / reverse‑proxy solutions (e.g. F5 ASM, Barracuda WAF, AWS WAF, Azure Application Gateway WAF)
• Knowledge of security‑focused API protection: API gateways, OAuth 2.0 token…