Security Engineer PAM & Vault 100%

Join our global team and play a critical role in safeguarding our digital landscape as a Security Engineer in the area of Privileged Access Management (PAM) and management of technical credentials (Vault). We're seeking a skilled expert to contribute to the ongoing projects that are introducing a new PAM (Delinea Secret Server / IBM Security Verify Privilege Manager) and Vault (Hashicorp) Solution., * Play a key role in the design, implementation, and operational management of Julius Baer's next-generation Privileged Access Management (PAM) and secrets management (Vault) solutions

• Partner closely with global engineering and security teams to ensure high availability, resilience, and compliance of PAM and Vault infrastructures across hybrid and cloud environments
• Analyze evolving business and security requirements, assessing their technical feasibility, risk implications, and impact on existing systems, enterprise architecture standards, and regulatory obligations
• Contribute proactively to the development of secure, scalable architectures, operational concepts, and standardized engineering processes in alignment with enterprise IT strategies
• Maintain comprehensive, up-to-date technical documentation, including system designs, runbooks, configurations, and incident post-mortems, to ensure transparency and operational continuity
• Lead troubleshooting and root cause analysis for complex technical issues, driving timely resolution while minimizing service disruption
• Provide 2nd and 3rd level engineering support, including participation in an on-call rotation, coordinating with cross-functional teams to resolve critical incidents efficiently
• Drive continuous service improvement by enhancing system reliability, security posture, performance, observability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort

• Hands-on experience with privileged access and secrets management solutions, preferably Delinea (formerly Thycotic) Secret Server or HashiCorp Vault, including implementation, administration, and integration into enterprise systems
• Minimum of 2-3 years in 2nd and 3rd line engineering or operations roles supporting enterprise-grade IT security services, ideally within complex, highly regulated environments (e.g., financial services)
• Security Fundamentals: Solid grasp of core cybersecurity principles-including authentication, authorisation, encryption, zero trust models, and least privilege access controls
• Practical understanding of key IT security domains; experience with one or more of the following is advantageous:

• Secure Web Gateway technologies (e.g., Zscaler)
• Application delivery controllers (e.g., Citrix ADC / NetScaler)
• Public Key Infrastructure (PKI)
• Multi-factor Authentication (MFA) frameworks

• Technical Proficiency:

• Strong system administration skills across Linux and Windows platforms
• Demonstrated experience with automation and infrastructure-as-code, including tools such as Ansible, Terraform, Git, and scripting languages like Python, Bash, PowerShell, and REST API integrations
• Working knowledge of cloud platforms (AWS, Azure, or GCP), with emphasis on secure identity and access patterns
• Exposure to Kubernetes and containerized environments, particularly in relation to secrets injection and secure workload identity

• Education & Credentials:

• Relevant academic background (e.g., Bachelor's or Master's degree in Computer Science, Information Security, or related discipline) - or equivalent practical experience
• Industry certifications such as CISSP, CISM, or CEH are considered a strong asset
• HashiCorp Certified Vault Associate (or higher) is desirable but not mandatory
• Delinea Certified Technician (DCT) is desirable but not mandatory

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let's shape the future of wealth management together.