At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
We are seeking a Web and Remote Access Security Engineer to manage and operate our enterprise Zscaler Internet Access (ZIA), Citrix NetScaler, and Zero Trust Network Access (ZPA) platforms, ensuring secure, reliable, and compliant remote connectivity for our global workforce. In this role, you will drive the configuration, integration, and continuous improvement of web security and access solutions, combining operational excellence with strong collaboration across security, networking, and identity domains.Main Job Responsibilities
Play a key role in the design, implementation, and operational governance of Julius Baer’s secure web and remote access infrastructure, ensuring resilient, policy-compliant connectivity for thousands of users across global offices and remote locations.
Operate and maintain the enterprise Zscaler Internet Access (ZIA) platform.
Administer and support Citrix NetScaler (now Citrix ADC) as the primary gateway for corporate SSL-VPNs and secure BYOD access to internal applications.
Support adoption of Zscaler Private Access (ZPA).
Lead incident resolution for complex disruptions, serving as a Tier 2/Tier 3 escalation point through detailed root cause analysis (RCA), corrective actions, and implementation of preventative controls to strengthen service resilience.
Ensure full compliance of internet proxy and remote access solutions with Julius Baer’s information security policies, regulatory frameworks, and internal audit requirements, maintaining rigorous control over access entitlements and cryptographic material.
Maintain authoritative technical documentation in Confluence, covering system architectures, operational procedures, integration specifications, and post-incident reviews to support knowledge sharing and operational continuity.
Drive continuous service improvement by enhancing system reliability, security posture, performance, observability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort.
Stay ahead of emerging threats and technological developments in web security, encrypted traffic analysis, and identity-centric access models — recommending strategic upgrades, architectural refinements, and new controls to future-proof the bank’s infrastructure.
Client Management (internal & external)
Various IT functions, both regionally and globally
Local Legal and Compliance functions
Business Management
Key stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
CRO functions – including Business Operational Risk, Information Security and Compliance functions
Global functions – IT Security Solutions, Security Architecture
Establish strong relationship with key stakeholders and across the internal IT
Regulatory Responsibilities &/OR Risk Management
Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
Professional and Technical
Core Expertise: Expertise in Zscaler technologies, with hands-on experience in deploying and managing Zscaler Internet Access (ZIA) and Private Access (ZPA).
Technical Proficiency:
Proven operational experience with Citrix NetScaler (Citrix ADC/Gateway) for SSL-VPN and BYOD access.
Solid understanding of secure web gateways, proxy architectures, zero trust principles, and remote access security models.
Understanding of network security fundamentals: firewalls, load balancing, WAF concepts, TLS/SSL, DNS, and IP routing — especially as applied in DMZ and extranet zones.
Security Engineering Knowledge: Practical understanding of key IT security domains; experience with one or more of the following is advantageous:
Public Key Infrastructure (PKI)
Privileged Access Management (PAM)
Secure Secrets Management (Vault)
Multi-factor Authentication (MFA) frameworks
Operational Excellence: Minimum of 2–3 years in 2nd and 3rd line engineering or operations roles supporting enterprise-grade IT security services, ideally within complex, highly regulated environments (e.g., financial services).
Education & Credentials:
Relevant academic background (e.g., Bachelor’s or Master’s degree in Computer Science, Information Security, or related discipline) — or equivalent practical experience.
Industry certifications such as CISSP, CISM, or CEH are considered a strong asset.
Zscaler Accredited Configuration Engineer (ACE) (or higher) is desirable but not mandatory.
CSG 1Y0-341 (or higher) is desirable but not mandatory.
Personal and Social
Team player, strong collaborator with the willingness to take ownership
Excellent communication skills in spoken and written form
Strong desire to learn and develop new skills
Highly proactive, self-driven, and focused on delivering measurable results.
Capable of independent decision-making, including prioritising and resolving incidents and change requests under minimal supervision.
Strong analytical and conceptual thinking skills, with attention to detail and long-term architectural implications.
Ability to thrive in a globally distributed team environment
Regulatory
Good understanding of the technology regulatory framework in Singapore and Hong Kong
We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.
Is this not quite what you are looking for? Set up a job alert by creating a candidate account here.