At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
Join our global team and play a critical role in safeguarding our digital landscape as a Security Engineer in the area of Privileged Access Management (PAM) and management of technical credentials (Vault). We're seeking a skilled expert to contribute to the ongoing projects that are introducing a new PAM (Delinea Secret Server / IBM Security Verify Privilege Manager) and Vault (Hashicorp) Solution.
YOUR CHALLENGE
Main Job Responsibilities
- Play a key role in the design, implementation, and operational management of Julius Baer’s next-generation Privileged Access Management (PAM) and secrets management (Vault) solutions
- Partner closely with global engineering and security teams to ensure high availability, resilience, and compliance of PAM and Vault infrastructures across hybrid and cloud environments
- Analyze evolving business and security requirements, assessing their technical feasibility, risk implications, and impact on existing systems, enterprise architecture standards, and regulatory obligations
- Contribute proactively to the development of secure, scalable architectures, operational concepts, and standardized engineering processes in alignment with enterprise IT strategies
- Maintain comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems, to ensure transparency and operational continuity
- Lead troubleshooting and root cause analysis for complex technical issues, driving timely resolution while minimizing service disruption
- Provide 2nd and 3rd level engineering support, including participation in an on-call rotation, coordinating with cross-functional teams to resolve critical incidents efficiently
- Drive continuous service improvement by enhancing system reliability, security posture, performance, observability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort
Client Management (internal & external)
- Various IT functions, both regionally and globally
- Local Legal and Compliance functions
Business Management
- Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
- CRO functions – including Business Operational Risk, Information Security and Compliance functions
- Global functions – IT Security Solutions, Security Architecture
- Establish strong relationship with key stakeholders and across the internal IT
Regulatory Responsibilities &/OR Risk Management
- Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
RANK APPLICABLE TO THE POSITION
YOUR PROFILE
SKILLS REQUIREMENTS OF THE POSITION
Professional and Technical
- Core Expertise: Hands-on experience with privileged access and secrets management solutions, preferably Delinea (formerly Thycotic) Secret Server or HashiCorp Vault, including implementation, administration, and integration into enterprise systems
- Security Engineering Knowledge: Practical understanding of key IT security domains; experience with one or more of the following is advantageous:
- Secure Web Gateway technologies (e.g., Zscaler)
- Application delivery controllers (e.g., Citrix ADC / NetScaler)
- Public Key Infrastructure (PKI)
- Multi-factor Authentication (MFA) frameworks
- Operational Excellence: Minimum of 2–3 years in 2nd and 3rd line engineering or operations roles supporting enterprise-grade IT security services, ideally within complex, highly regulated environments (e.g., financial services)
- Technical Proficiency:
- Strong system administration skills across Linux and Windows platforms
- Demonstrated experience with automation and infrastructure-as-code, including tools such as Ansible, Terraform, Git, and scripting languages like Python, Bash, PowerShell, and REST API integrations
- Working knowledge of cloud platforms (AWS, Azure, or GCP), with emphasis on secure identity and access patterns
- Exposure to Kubernetes and containerized environments, particularly in relation to secrets injection and secure workload identity
- Security Fundamentals: Solid grasp of core cybersecurity principles—including authentication, authorisation, encryption, zero trust models, and least privilege access controls
- Education & Credentials:
- Relevant academic background (e.g., Bachelor’s or Master’s degree in Computer Science, Information Security, or related discipline) — or equivalent practical experience
- Industry certifications such as CISSP, CISM, or CEH are considered a strong asset
- HashiCorp Certified Vault Associate (or higher) is desirable but not mandatory
- Delinea Certified Technician (DCT) is desirable but not mandatory
Personal and Social
- Team player, strong collaborator with the willingness to take ownership
- Excellent communication skills in spoken and written form
- Strong desire to learn and develop new skills
- Highly proactive, self-driven, and focused on delivering measurable results.
- Capable of independent decision-making, including prioritising and resolving incidents and change requests under minimal supervision
- Strong analytical and conceptual thinking skills, with attention to detail and long-term architectural implications
- Ability to thrive in a globally distributed team environment
Regulatory
- Good understanding of the technology regulatory framework in Singapore and Hong Kong
We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.
Is this not quite what you are looking for? Set up a job alert by creating a candidate account here.