Team Lead, Web Entry Solutions

Tasks

As Team Lead for Web Entry Solutions, you will assume strategic and operational responsibility for the operation and ongoing development of our central web entry security infrastructures. You will lead a globally distributed, highly specialized team at our locations in Switzerland and Singapore and play a key role in shaping the security architecture of a leading global financial institution.

Operations & Web Application Security Architecture

- Take full responsibility for the stable operation and strategic development of core IT security infrastructures in the web entry point - Design, implement, and continuously optimize web application firewalls and API security architectures based on the Nexus Identity Suite—including rule sets, filtering policies, and WAF configurations - Operation, configuration, and further development of security features such as ModSecurity and Core Rule Set (CRS) - Design, implementation, and operation of Global Single Sign-On (SSSO) solutions based on SAML 2.0 and OpenID Connect (OIDC) - Ensuring comprehensive protection against all OWASP Top 10 vulnerability categories (injection, broken access control, XSS, SSRF, etc.) at the infrastructure and application levels - Operation and further development of load balancing solutions and multi-layered DDoS protection mechanisms (rate limiting, IP reputation management, bot management) - Monitoring and analysis of HTTPS traffic for anomalies, attack patterns, and policy violations using centralized logging and SIEM platforms

Security Governance, Assessments & Projects

- Taking ownership of security assessments, vulnerability management, and baseline compliance across web entry platforms - Evaluating and prioritizing findings from penetration tests, DAST scans, and bug bounty programs; Coordination of remediation measures with development and operations teams - Management and implementation of complex security projects with a strategic view of the overall IT security landscape and coordination of response measures - Creation and maintenance of security concepts, WAF policies, technical documentation, and operating instructions - Continuous optimization of WAF rule sets, proxy configurations, and security baselines; Identifying and implementing opportunities for improvement

Guided Tours & Consultations

- Leading and providing technical guidance to a globally distributed team based in Switzerland and Singapore - Advising and supporting business units on security matters; actively facilitating new security initiatives

Requirements

- At least 5 years of professional experience (ideally 8–10 years) in cybersecurity/IT or a comparable technical field - Hands-on experience with the OWASP Top 10 vulnerability categories – required: Hands-on experience identifying, assessing, and mitigating at least current vulnerability categories - Strong hands-on expertise in configuring, operating, and fine-tuning ModSecurity, including OWASP CRS – experience with true/false positive management and custom rule creation is required - Solid understanding of web application architectures: HTTP(S) protocols, REST APIs, reverse proxy concepts, TLS, SMTIME, Content Security Policy (CSP), CORS, HTTP security headers (HSTS), X-frame-options, etc. - Practical experience with the Nexus Identity Suite or comparable enterprise WAF/reverse proxy solutions such as F5, A10, Barrac