Remote Access Engineer (Citrix NetScaler Zscaler Private Access) 100%

Ch10 Bjb Bank Julius Bär & Co
Zürich, Switzerland
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Zürich, Switzerland

Tech stack

Microsoft Access
Microsoft Active Directory
API
Proxy Servers
User Authentication
Bash
Computer Security
Disaster Recovery
Multi-Factor Authentication
Identity and Access Management
Virtual Private Networks (VPN)
Python
Log Analysis
Citrix Systems
Public Key Infrastructure
Powershell
Remote Access Technology
Azure
Zero Trust Network Access
Server Virtualization
Service Pack
Systems Integration
Transport Layer Security
System Availability
Information Technology
Enterprise Integration
REST
Citrix Netscaler

Job description

We are seeking an experienced Remote Access Engineer (Citrix NetScaler & Zscaler Private Access) to join our global security engineering team in Zurich. As the ideal candidate, you possess deep expertise in secure remote access technologies, strong authentication and identity integration skills, and hands-on experience operating enterprise-grade remote connectivity platforms within a regulated financial services environment. You are comfortable working across infrastructure, security, endpoint, and identity domains, ensuring that employees, contractors, and approved third parties can securely access corporate resources.

Your primary responsibilities will involve architecting, operating, and continuously improving the Bank's Citrix NetScaler Gateway infrastructure, integrating and maintaining multi-factor authentication solutions, enforcing secure access and conditional access policies, and ensuring the resilience, security, and compliance of the Bank's remote access services.

In addition, you will contribute to the design, implementation, and operationalisation of the Bank's future Zscaler Private Access (ZPA) platform and support the evolution of the remote access landscape towards a modern Zero Trust Network Access (ZTNA) architecture. Working closely with IAM, Endpoint Management, Security Operations, and Global IT teams, you will help deliver secure, reliable, and scalable remote connectivity aligned with regulatory requirements and the Bank's strategic security roadmap.

Beyond the remote access domain, you will also have the opportunity to contribute to and gain hands-on experience with other security services managed by the team, including Internet Proxy, Multi-Factor Authentication (MFA), Privileged Access Management (PAM), Public Key Infrastructure (PKI), and Secure Mail Gateway solutions. This provides an excellent opportunity for candidates looking to broaden their expertise across multiple security domains and further develop their security engineering career within a collaborative and highly skilled team., * As part of a dedicated security engineering team, administer, configure, and continuously improve the Bank's Citrix NetScaler ADC and NetScaler Gateway infrastructure, ensuring high availability, performance, scalability, and operational resilience across primary and disaster recovery environments

  • Manage and maintain SSL-VPN and clientless access services, including virtual server configurations, authentication policies, rewrite rules, responder policies, and traffic steering mechanisms
  • Design, implement, and maintain secure authentication and conditional access policies based on user identity, device type, network location, and contextual risk factors
  • Participate in the design, implementation, and rollout of the Bank's Zscaler Private Access (ZPA) platform, supporting the transition towards a modern Zero Trust Network Access architecture and contributing to technical design, testing, integration, and operational readiness activities
  • Develop and maintain expertise across both Citrix NetScaler Gateway and Zscaler Private Access (ZPA) technologies, supporting the Bank's strategic remote access roadmap and ensuring secure, seamless connectivity across multiple access platforms
  • Plan, coordinate, and execute infrastructure upgrades, security patches, policy changes, and platform enhancements in accordance with established change management processes within a regulated financial environment
  • Provide 2nd and 3rd level engineering support for the Bank's remote access platforms, acting as an escalation point for complex incidents and participating in a shared 24/7 on-call rotation for critical services

Requirements

  • Highly proactive, solution-oriented, and capable of independently assessing, prioritising, and resolving complex technical challenges in a structured and efficient manner
  • Strong analytical and conceptual thinking skills with a high level of attention to detail, particularly when working within business-critical and highly regulated environments
  • Willingness and curiosity to learn new technologies and expand expertise across multiple security domains, contributing to the continuous evolution of the Bank's security services
  • University degree or higher technical education (university of applied sciences, federal diploma) in Computer Science, Information Security, or a related discipline - or equivalent practical experience
  • Minimum 3-5 years of hands-on experience in IT Security or Infrastructure Engineering, with a strong focus on secure remote access, identity management, authentication technologies, and endpoint security
  • In-depth expertise in Citrix NetScaler ADC and NetScaler Gateway, including hands-on experience with AAA policies, virtual server configuration, SSL-VPN services, high-availability deployments, authentication flows, and troubleshooting via both GUI and CLI
  • Knowledge of Zero Trust Network Access (ZTNA) concepts and architectures; experience with Zscaler Private Access (ZPA) or comparable ZTNA technologies is considered an advantage
  • Practical scripting and automation skills using one or more of PowerShell, Python, or Bash, including automation of certificate validation, health checks, log analysis, and operational tasks through REST APIs, Citrix Nitro API, or comparable interfaces
  • Practical experience with Microsoft Entra ID (Azure AD), Active Directory, and hybrid identity environments
  • Proven experience integrating remote access platforms with Multi-Factor Authentication (MFA) solutions and modern identity providers
  • Strong understanding of endpoint compliance validation, device trust concepts, BYOD access models, and modern remote access security architectures
  • Experience working within financial services or other highly regulated industries, with a solid understanding of regulatory and compliance requirements
  • Experience supporting and operating business-critical infrastructure platforms with a focus on availability, resilience, performance, and security
  • Strong communication and collaboration skills, with the ability to work effectively across global teams and translate technical concepts into practical solutions
  • Fluent written and spoken English (B2/C1)

About the company

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let's shape the future of wealth management together.

Apply for this position