IT Security Specialist (Offensive Security / TIBER-EU) 100% (f/m/d) - (Contract through our ext[...]

At Julius Baer, we celebrate and value the individual qualities you bring, enabling you to be impactful, to be entrepreneurial, to be empowered, and to create value beyond wealth. Let’s shape the future of wealth management together.

As an IT Security Specialist within IT Security Solutions, you are responsible for the operational coordination and quality assurance of penetration tests, security assessments, deception controls, and TIBER-EU–aligned red team activities. You ensure that engagements are properly scoped, offers and reports are professionally reviewed, findings are consistently tracked, and remediation measures are verified through retesting – in a structured, traceable, and effective manner.

In addition, you leverage deception technologies to detect attacker behaviour at an early stage, deliberately deploy deception mechanisms, and contribute additional security-relevant insights to assessments and remediation activities.

• Lead scoping discussions for internal and external penetration tests, defining objectives, scope, ROE, and technical prerequisites

• Evaluate vendor proposals for security assessments, assessing scope, methodology, quality, cost, and timelines

• Identify gaps and risks in vendor offerings; collaborate with stakeholders to provide informed selection recommendations

• Conduct thorough reviews of pen test reports to ensure technical accuracy, clear evidence, proper severity scoring, and actionable remediation guidance

• Ensure all findings are reproducible, well-documented, and effectively communicated; coordinate clarification with vendors when needed

• Manage vulnerability lifecycle using Jira/ServiceNow, including tracking, prioritisation, follow-ups, and escalation of overdue or blocked items

• Monitor remediation progress with risk-based focus, providing regular updates on key metrics such as critical findings, MTTR, and recurrence trends

• Offer technical guidance to coordinators and engineers, supporting interpretation of results and planning corrective actions

• Organise and perform internal retesting to validate fix effectiveness and contribute to root cause analysis to prevent future vulnerabilities

• Support TIBER-EU engagements where applicable, ensuring compliance with governance, traceability, and post-assessment action tracking

• Continuously enhance assessment standards, checklists, and processes across scoping, reporting, and retesting activities

• Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience

• 3-6 years of experience in IT security delivery, AppSec, SecOps, or security assessment coordination

• Solid understanding of web application and API security (OWASP Top 10), vulnerability classes, and risk assessment

• Strong knowledge of common penetration testing methodologies and deliverables (scope, ROE, test plan, report, retest)

• Experience with Jira and/or ServiceNow for issue and vulnerability management

• Excellent Python skills, particularly in automating workflows and developing security‑relevant tools

• Experience with HashiCorp Vault, including secrets management, PKI operations, policy configuration, and automation

• Experience with IBM PAM (Privileged Access Management) or comparable enterprise‑grade PAM solutions

• Excellent organisational and prioritisation skills across multiple parallel engagements

• High quality standards for documentation and audit trails in regulated environments

• Clear and confident communication with both technical and non-technical stakeholders

• Hands-on mindset with the ability to switch between technical detail and management-level perspectives

• Professional proficiency in English (written and spoken); German is an advantage

We only consider candidates who can start immediately.

We are looking forward to receiving your full job application through our online application tool. Further interesting job opportunities can be found on our Career site.

Is this not quite what you are looking for? Set up a job alert by creating a candidate account here.