Web Application Security Engineer APAC

Join to apply for the
Web Application Security Engineer APAC
role at
Julius Baer
1 week ago Be among the first 25 applicants
Join to apply for the
Web Application Security Engineer APAC
role at
Julius Baer
At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let's shape the future of wealth management together.
Julius Baer Group Ltd. acts in the sector Private Banking and is present in over 25 countries and around 60 locations. With the Headquartered in Zurich, we have offices in key locations including Bangkok, Dubai, Dublin, Frankfurt, Geneva, Hong Kong, London, Luxembourg, Madrid, Mexico City, Milan, Monaco, Mumbai, Santiago de Chile, São Paulo, Shanghai, Singapore, Tel Aviv and Tokyo. Join our global team and play a critical role in safeguarding our digital landscape as a Web Application Security Engineer. We're seeking a skilled expert to maintain and enhance the protection of our online platforms, ensuring the highest level of security for our clients worldwide.
YOUR CHALLENGE
Main Job Responsibilities
Work closely with our global team of engineers to ensure the smooth operation and maintenance of the Web Application Firewall (WAF) infrastructure
Enhance the security of web applications and APIs by implementing advanced protective measures on the WAF and configuring custom application-specific security policies
Onboard new web applications and APIs onto the WAF infrastructure, ensuring seamless integration and optimal security
Evaluate new or changed business requirements and assess their feasibility, as well as their impact on surrounding systems, standards, and guidelines
Troubleshoot technical issues related to WAF, identifying root causes and developing effective solutions
Participate in the 2nd and 3rd level support organization, providing on-duty support and collaborating with other teams to resolve incidents
Continuously improve the service reliability, security, performance, monitoring, and automation of the WAF infrastructure, with a focus on enhancing overall system availability and efficiency
Client Management (internal & external)
Various IT functions, both regionally and globally
Local Legal and Compliance functions
Business Management
Key local stakeholders include IT Service Owners, IT Infrastructure, IT Application Managers, IT Architecture and Project Managers
CRO functions – including Business Operational Risk, Information Security and Compliance functions
Global functions – IT Security Solutions, Security Architecture
Establish strong relationship with key stakeholders and across the internal IT
Regulatory Responsibilities &/OR Risk Management
Ensure appropriate ethical and compliant behaviour within the area of responsibility by clear demonstration of appropriate values and behaviours including but not limited to standards on honesty and integrity, due care and diligence, fair dealing (treating customers fairly), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations
RANK APPLICABLE TO THE POSITION
Rank: AD
YOUR PROFILE
Professional and Technical
Profound understanding of security best practices of web applications and APIs
Solid understanding of web communication protocols such as TLS, Websocket, etc
Hands-on operational experience with highly available and scalable web infrastructure
Hands-on experience with operating WAF or reverse-proxy solutions such as F5, Imperva, Nevis, Cloudflare, or open-source alternatives like ModSecurity
Experience in software engineering (Java, Spring Boot, React, Typescript) and operational experience with Kubernetes-based environments
Strong troubleshooting and structured problem-solving skills
Skilled in log analytics and correlation, with hands-on experience in Splunk, Elastic or similar toolings, to investigate incidents and identify root causes
Familiarity with the implementation of authentication and federation mechanisms such as SAML, OAuth and OIDC and FIDO
Good technical foundation of Linux operating systems and its command line tools
Relevant academic background (e.g., Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field) or industry-recognized certifications (e.g. CISSP) with relevant practical knowledge is desired
Personal and Social
Team player, strong collaborator with the willingness to take ownership
Excellent communication skills in spoken and written form
Strong desire to learn and develop new skills
Methodical and results-driven approach to new challenges and tasks
Independent and self-driven
Ability to thrive in a globally distributed team environment
Regulatory
Good understanding of the technology regulatory framework in Singapore and Hong Kong
We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.
Is this not quite what you are looking for? Set up a
job alert
by creating a candidate