IT Security Engineer - Multi-Factor Authentication (MFA)

Tasks

• Play a key role in the design, implementation, and operational governance of Julius Baer's enterprise Identity and Access Management (IAM) systems for a mix of on-premises and cloud-based workplaces.
• Oversee the entire IT lifecycle management of SmartCards—including procurement, reservation, innovation, and decommissioning—to ensure collaboration with Human Resources, Facilities, and Security Operations to ensure a seamless onboarding and offboarding experience.
• Manage integrations between SmartCards and Veridium solutions as well as identity providers such as Microsoft Entra ID (Azure AD), Active Directory Federation Services (ADFS), and enterprise password managers using technical documentation of authentication experiences.
• Lead incident responses for multi-factor authentication-related disruptions, serve as a Tier 2/Tier 3 escalation point through situation-based and proactive actions and recommendations to strengthen service resilience.
• Ensure full compliance of all IAM platforms with Julius Baer's information security policies, standards, frameworks, guidelines, and technical requirements, measuring/monitoring/managing digital operational stability, threat/cybersecurity material.
• Maintain technical documentation on compliance, creating system architectures, operational procedures, integration specifications, and post-incident reviews to support the knowledge base.
• Drive continuous service improvement by enhancing system reliability, security posture, performance, availability, and automation, with a clear focus on increasing operational efficiency and reducing technical debt.
• Keep pace with advances in authentication technologies - such as phishing-resistant MFA, passwordless technologies, and tokens (or similar authentication methods).

Requirements

• Core expertise: Expertise in multi-factor authentication (MFA) technologies with hands-on experience in integrating smart cards (PKI/FKM-based) and Veridium, with practical experience in managing security solutions.
• Solid understanding of authentication protocols and standards, including GAUTH 2.0, OpenID Connect, SAML, FIDO2/ROCA, and certificate-based authentication.
• Experience integrating MFA solutions with identity providers such as Microsoft Entra ID (Azure AD), ADFS, or equivalent federated identity systems.
• Technical knowledge of PKI (Public Key Infrastructure) including lifecycle management, trust anchors, CBKC/OCSP, and integration with endpoint authentication.
• Strong understanding of security best practices (e.g., OWASP), penetration testing, threat/vulnerability management, secure coding for web applications, containerization/privileged access management (PAM)

We offer

Regulatory Responsibilities/L&R Risk Management

• Ensure appropriate ethical and compliance behaviors within the area of responsibility by clearly demonstrating appropriate values and behaviors, including but not limited to standards on how to manage/use data (e.g., for testing/training purposes), management of conflicts of interest, competence and continuous development, adequate risk management, and compliance with applicable laws and regulations.