Job offer
IT Security Engineer – PKI and HSM 80–100% (f/m/d)
The Julius Baer Group is seeking an IT Security Engineer (PKI and HSM) for the implementation, operation, and maintenance of the corporate infrastructure for Public Key Infrastructure (PKI) and Hardware Security Modules (HSM). The successful candidate should have experience in the administration of PKI and HSM systems as well as knowledge of cryptography and IT security.
Job description
IT Security Engineer – PKI and HSM 80–100% (f/m/d)Tasks
- Implementation, operation, and ownership of the public key infrastructure (PKI) to ensure trustworthy digital identities and secure cryptographic services
- Technical advisor for the Hardware Security Module (HSM) environment to protect critical cryptographic assets and enable secure key generation, storage, and digital signature operations
- Integration of PKI and HSM services with strategic platforms such as SSL/TLS endpoints, PKI gateways, privileged access management (PAM), database encryption, code signing systems, and secure file transfer solutions
- Troubleshooting for cryptographic systems, as a Tier 2/Tier 3 escalation point through detailed root cause analysis (RCA), corrective measures, and implementation of preventive controls to minimize risks
- Ensuring full compliance of the PKI platform with information security policies, regulatory frameworks, and internal audit requirements, with strict control over access rights and cryptographic material
- Maintenance of authorized technical documentation in Confluence, configuration of system architectures, operating procedures, integration specifications, and post-incident reviews to support knowledge sharing and operational continuity
- Continuous improvement of services by increasing system reliability, security, performance, stability, and automation, with a clear focus on increasing operational efficiency and reducing manual effort.
- Updating to the latest cryptography, quantum resistance, phishing-resistant authentication, and serving as a subject matter expert for controlled innovation and planned technology refreshes in the trust infrastructure landscape
Requirements
- Core expertise: Expertise in public key infrastructure (PKI) operations, including hands-on experience with Microsoft Active Directory Certificate Services (AD CS) or other X.509-compliant CA platforms
- Technical proficiency:
- Proven experience in managing hardware security modules (HSMs)
- Solid understanding of cryptographic protocols, TLS/SSL, PKCS#11, handshake mechanisms, digital signatures, and key management practices
- Strong Windows Server and Active Directory skills, particularly in AD CS, certificate stores, GPOs, and IIS; Linux administration skills are a plus
- Security engineering knowledge: Practical understanding of key IT security domains; experience with one or more of the following technologies:
- Secure web technologies (e.g., WebZcaler)
- Application delivery controller (e.g., Citrix ADC/NetScaler)
- Privileged Access Management (PAM)
- Secure Sockets Management (SSM)
- Multi-factor authentication (MFA) / PKI
- Operational excellence: At least 2-3 years in IT and 2nd and 3rd line engineering or operations
Job details
Training opportunities powered by skillaware.