Security Engineer

Job Description

Company Description

Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.

We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

Job Description

We are looking for a proactive Security Engineer who possesses hands-on experience in building, configuring, deploying, and operating security controls, with a special emphasis on Oracle Cloud Infrastructure (OCI). The ideal candidate is capable of transforming security requirements into automated, repeatable, and functional solutions, prioritising practical execution over theoretical expertise. There is a strong focus on GitOps methodologies, Infrastructure as Code, and secure-by-default engineering principles.

Key Responsibilities

• Data Security: Deploy and manage DLP policies across endpoints, cloud, and network to prevent unauthorized data movement. Continuously refine DLP rules to reduce false positives.
• Endpoint Security: Deploy and manage endpoint security agents at scale across servers, VMs, and containers. Operate host-based intrusion detection, and log collection with tuned alerting. Configure antivirus/antimalware schedules, exclusions. Build automated response playbooks.
• Network Security: Tune IDS/IPS, WAF policies, and rate-limiting rules. Conduct firewall rule audits to eliminate overly permissive access and enforce least privilege.
• Cryptography & Certificate Management: Automate the full certificate lifecycle (generate, deploy, rotate, revoke) across all services. Configure encryption in transit and at rest using cloud-native and third-party KMS. Manage secrets management solutions with rotation, access policies, and CI/CD integration.
• Cloud Security & Secure-by-Default Configuration (OCI Preferred): Create secure-by-default templates (Terraform modules, cloud policies, guardrails) so all new resources meet security baselines. Operationalise OCI-native security services: Cloud Guard, Security Zones, Vulnerability Scanning, Bastion, WAF, and IAM compartment policies. Harden cloud resources (compute, storage, databases) and enforce tagging compliance. Remediate misconfigurations through code and automation, not just detection.
• GitOps Practices & Automation: Use GitHub as the single source of truth for all security configurations and infrastructure changes (version-controlled). Write and maintain Terraform modules (OCI provider) for security infrastructure provisioning. Enforce GitHub repository governance (branch protection, code owners, merge policies). Build CI/CD pipelines via GitHub Actions for terraform plan/apply, static analysis, policy-as-code enforcement, and automated security scans. Manage Terraform state securely (remote backends, state locking, encryption, RBAC). Script automation (Python/Bash) for log parsing, bulk changes, compliance reporting, and alert enrichment.

Qualifications

• 3–6+ years’ experience in Security Engineering, SecOps, or Infrastructure Security, focusing on building and operating security controls.
• Experience deploying and managing endpoint security agents at scale, tuning detection rules
• Ability to manage certificate lifecycles from end to end, configure encryption services, set up secrets management, and troubleshoot certificate and TLS issues.
• Hands-on skill in securing cloud infrastructure, with strong preference for Oracle Cloud Infrastructure (OCI); experience with AWS and/or Azure is advantageous.
• Ability to configure and operate OCI Cloud Guard, Security Zones, Vault, WAF, Bastion, Identity Domains, and NSGs.
• Hands-on experience with GitOps workflows using GitHub, including branch protections, code reviews, and CI/CD pipelines.
• Competence in writing, maintaining, and troubleshooting Terraform configurations using the OCI Terraform Provider, managing remote state, and building reusable modules.
• Experience in building and maintaining security pipelines with GitHub Actions or similar tools.
• Ability to write functional automation scripts in Python and/or Bash for operational security needs.
• Someone who builds solutions, not just advises on controls. You implement security measures, not just recommend them.
• An automation-first mindset: if you have performed a task manually more than once, you automate it with a script or Terraform module.
• Comfortable working in the terminal, including SSH sessions, coding, log reading, and configuration debugging.
• Iterative and pragmatic, able to deploy secure defaults rapidly and improve them over time rather than waiting for the ideal solution.
• Collaborative and communicative, able to work alongside developers and platform engineers, explaining how to fix issues, not just reporting them.
• Curious and self-motivated, continuously learning, experimenting, and enhancing infrastructure security and automation.

Additional Information

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way.

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.

#LI-Hybrid