IT Security Engineer – PKI and HSM 80 - 100% (f/m/d)
Location: Singapore
Time Type: Full time
Job Description
At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
Julius Baer Group Ltd. acts in the sector Private Banking and is present in over 25 countries and around 60 locations. With the Headquartered in Zurich, we have offices in key locations including Bangkok, Dubai, Dublin, Frankfurt, Geneva, Hong Kong, London, Luxembourg, Madrid, Mexico City, Milan, Monaco, Mumbai, Santiago de Chile, São Paulo, Shanghai, Singapore, Tel Aviv and Tokyo.Join our global team and play a critical role in safeguarding our digital landscape as a Security Engineer in the area of public key infrastructure (PKI). We're seeking a skilled expert to contribute to the engineering and operations of our existing PKI and Hardware Security Module (HSM) solution.
YOUR CHALLENGE
Main Job Responsibilities
Play a key role in the design, implementation, and operational governance of Julius Baer’s enterprise Public Key Infrastructure (PKI), ensuring trusted digital identities and secure cryptographic services across global systems and services.
Serve as technical co-owner of the Hardware Security Module (HSM) environment to safeguard critical cryptographic assets and enable secure key generation, storage, and digital signing operations.
Architect and drive integration of PKI and HSM services with strategic platforms such as SSL/TLS endpoints, API gateways, Privileged Access Management (PAM), database encryption, code-signing systems, and secure file transfer solutions.
Lead incident resolution for complex disruptions, serving as a Tier 2/Tier 3 escalation point through detailed root cause analysis (RCA), corrective actions, and implementation of preventative controls to strengthen service resilience.
Ensure full compliance of the PKI platform with Julius Baer’s information security policies, regulatory frameworks, and internal audit requirements, maintaining rigorous control over access entitlements and cryptographic material.
Maintain authoritative technical documentation in Confluence, covering system architectures, operational procedures, integration specifications, and post-incident reviews to support knowledge sharing and operational continuity.
Drive continuous service improvement by enhancing system reliability, security posture, performance, observability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort.
Remain current on advancements in cryptography, quantum-readiness, phishing-resistant authentication, and secure key management technologies, evaluating opportunities for controlled innovation and planned technology refreshes across the trust infrastructure landscape.
Client Management (internal & external)
Various IT functions, both regionally and globally
Local Legal and Compliance functions
Business Management
Key stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
CRO functions – including Business Operational Risk, Information Security and Compliance functions
Global functions – IT Security Solutions, Security Architecture
Establish strong relationship with key stakeholders and across the internal IT
Regulatory Responsibilities &/OR Risk Management
Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
YOUR PROFILE
Professional and Technical
Core Expertise: Expertise in Public Key Infrastructure (PKI) operations, including hands-on experience with Microsoft Active Directory Certificate Services (AD CS) or other X.509-compliant CA platforms.
Technical Proficiency:
Proven experience administering Hardware Security Modules (HSMs)
Solid understanding of cryptographic protocols, TLS/SSL handshake mechanics, digital signatures, and key management practices.
Strong Windows Server administration skills, particularly around AD CS, certificate stores, GPOs, and IIS; Linux administration skills are a plus.
Security Engineering Knowledge: Practical understanding of key IT security domains; experience with one or more of the following is advantageous:
Secure Web Gateway technologies (e.g., Zscaler)
Application delivery controllers (e.g., Citrix ADC / NetScaler)
Privileged Access Management (PAM)
Secure Secrets Management (Vault)
Multi-factor Authentication (MFA) frameworks
Operational Excellence: Minimum of 2–3 years in 2nd and 3rd line engineering or operations roles supporting enterprise-grade IT security services, ideally within complex, highly regulated environments (e.g., financial services).
Education & Credentials:
Relevant academic background (e.g., Bachelor’s or Master’s degree in Computer Science, Information Security, or related discipline) — or equivalent practical experience.
Industry certifications such as CISSP, CISM, or CEH are considered a strong asset.
Personal and Social
Team player, strong collaborator with the willingness to take ownership
Excellent communication skills in spoken and written form
Strong desire to learn and develop new skills
Highly proactive, self-driven, and focused on delivering measurable results.
Capable of independent decision-making, including prioritising and resolving incidents and change requests under minimal supervision.
Strong analytical and conceptual thinking skills, with attention to detail and long-term architectural implications.
Ability to thrive in a globally distributed team environment
Regulatory
Good understanding of the technology regulatory framework in Singapore and Hong Kong
We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.
Is this not quite what you are looking for? Set up a job alert by creating a candidate account here.
There are more than 50,000 engineering jobs:
Subscribe to membership and unlock all jobs
Engineering Jobs
60,000+ jobs from 4,500+ well-funded companies
Updated Daily
New jobs are added every day as companies post them
Refined Search
Use filters like skill, location, etc to narrow results
Become a member
🥳🥳🥳 452 happy customers and counting...
Overall, over 80% of customers chose to renew their subscriptions after the initial sign-up.
To try it out
For active job seekers
For those who are passive looking
Cancel anytime
Frequently Asked Questions
- We prioritize job seekers as our customers, unlike bigger job sites, by charging a small fee to provide them with curated access to the best companies and up-to-date jobs. This focus allows us to deliver a more personalized and effective job search experience.
- We've got over 200,000 jobs from 15,000+ vetted companies. No fake or sleazy jobs here!
- We aggregate jobs from 15,000+ companies' career pages, so you can be sure that you're getting the most up-to-date and relevant jobs.
- We're the only job board *for* software engineers, *by* software engineers… in case you needed a reminder! We add thousands of new jobs daily and offer powerful search filters just for you. 🛠️
- Every single hour! We add 2,000-3,000 new jobs daily, so you'll always have fresh opportunities. 🚀
- Typically, job searches take 3-6 months. EchoJobs helps you spend more time applying and less time hunting. 🎯
- Check daily! We're always updating with new jobs. Set up job alerts for even quicker access. 📅
What Fellow Engineers Say