At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.
Record, analyse, validate and document all security requirements. Able to configure, manage, operate, engineer and develop different kind of security devices and appliances (forensic solutions, data protection, access management, zoning, internet security, firewalling etc.). Implement compliance measures and train other employees. Has deep knowledge regarding testing, auditing, and the execution of post-incident analysis.
- Findings Verification : Reproduce and validate mitigation of vulnerabilities using tools such as Burp Suite.
- Technical Quality Assurance : Perform in-depth reviews of penetration testing reports to ensure clarity, completeness, technical accuracy, and reproducibility of findings.
- Scoping Support : Collaborate with Exposure Managers, Application Owners, and Technology teams to define appropriate and risk-based scopes for external penetration testing engagements.
- Hardening Baseline : Discuss with Technology teams and architects hardening options to collectively define safe and resilient baseline choices.
- Technical Advisory : Serve as the technical point of contact for questions related to technology security testing methodologies, findings interpretation, and remediation approaches.
- Tooling & Techniques : Utilize industry-standard tools (e.g., Burp Suite, Nmap) and manual techniques to validate vulnerabilities across web applications, APIs, and supporting infrastructure.
- Standards Alignment : Ensure testing approaches and findings align with industry’s best practices (e.g., OWASP Testing Guide, OWASP Top 10) and internal security standards.
- False Positive Management : Analyze and challenge reported vulnerabilities where necessary, identifying false positives and ensuring appropriate classification.
- Remediation Support : Provide technical guidance to development and infrastructure teams on how to address identified vulnerabilities effectively and sustainably.
- Knowledge Sharing : Contribute to the continuous improvement of internal practices by sharing insights, patterns, and lessons learned across teams.
- Collaboration : Work closely with Exposure Managers and global technical experts to ensure consistent quality and execution across all penetration testing activities.
- Bachelor’s degree in computer science, information security, or equivalent practical experience.
- 3–5 years of hands-on experience in penetration testing, application security, or vulnerability assessment.
- Strong practical experience with web application security testing and tools (e.g., Burp Suite).
- Solid understanding of common vulnerabilities (e.g., OWASP Top 10) and exploitation techniques.
- Ability to read, understand, and reproduce technical findings from penetration testing reports.
- Experience with HTTP/S protocols, authentication mechanisms, and modern web architectures (APIs, microservices).
- Strong analytical and problem-solving skills with attention to detail.
- Effective communication skills, especially in explaining technical issues to non-technical stakeholders.
- Professional proficiency in English and Spanish.
- Eligible to work in Spain.
Optional Requirements (Considered a Plus):
- Relevant certifications (e.g., OSCP, eWPT, CEH, GWAPT, Burp Suite Certified Practitioner).
- Experience reviewing third-party security assessment reports or managing testing vendors.
- Familiarity with infrastructure/network penetration testing concepts.
- Experience in secure code review or secure development practices.
- Scripting or programming skills (e.g., Python, JavaScript) for automation or advanced testing.
- Experience in financial services or regulated environments.
- Exposure to CI/CD security integration or DevSecOps practices.
- German language skills.
We are looking forward to receiving your full job application through our online application tool.
