Job offer
IT Security Engineer – PKI and HSM 80–100% (f/m/d)
The Julius Baer Group is seeking an IT Security Engineer (m/f/d) for the areas of Public Key Infrastructure (PKI) and Hardware Security Modules (HSM) in Singapore. The successful candidate will be responsible for the implementation, operation, and maintenance of PKI and HSM systems and will ensure that digital identities and cryptographic services within the company are secure.
Your challenge
The main tasks include:- Implementation, operation, and ownership of the enterprise public key infrastructure (PKI) to ensure trusted digital identities and secure cryptographic services across global systems and services
- Expert advice on the hardware security module (HSM) environment to protect critical cryptographic assets and enable secure key generation, storage, and digital signing operations
- Integration of PKI and HSM services with strategic platforms such as SSL/TLS endpoints, API gateways, privileged access management (PAM), database encryption, code signing systems, and secure file transfer solutions
- Lead the response to information security incidents as a Level 2/3 escalation point through detailed root cause analysis (RCA), corrective actions, and implementation of preventive controls to avoid future incidents
- Ensuring full compliance of the PKI platform with the company's information security policies, regulatory frameworks, and internal audit requirements, while maintaining strict control over access permissions and cryptographic material
- Maintain authorized technical documentation in Confluence to support system architectures, operating procedures, integration specifications, and post-incident reviews, and to promote knowledge sharing and operational continuity.
- Continuous improvement of services by increasing system reliability, security, performance, stability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort
- Updating to the latest cryptography, quantum resistance, phishing-resistant authentication, and serving as a subject matter expert (SME) for controlled innovation and planned technology updates in the trust infrastructure landscape
Your profile
Professional and technical:- Core competency: Expertise in public key infrastructure (PKI) operations, including hands-on experience with Microsoft Active Directory Certificate Services (AD CS) or other X.509-compliant CA platforms
- Technical expertise:
- Proven experience in managing hardware security modules (HSMs)
- Solid understanding of cryptographic protocols, TLS/LSSPKI, handshake mechanisms, digital signatures, and key management practices
- Strong Windows Server and Active Directory skills, particularly in the areas of AD CS, certificate stores, GPOs, and IIS; Linux administration skills are an advantage
- Security engineer knowledge: Practical understanding of important IT security areas; experience with one or more of the following areas:
- Network and endpoint security
- Secure web technologies (e.g., WebZcaler)
- Application delivery controller (e.g., Citrix ADC/NetScaler)
- Privileged Access Management (PAM)
- Secure Sockets Management (Vault)
- Multi-factor authentication (MFA) / Zero Trust
Job details
Training opportunities powered by skillaware.