Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.

We are looking for a hands-on security engineer to take end-to-end ownership of our Cloud Security & Cryptographic Services and Network Security domains. You will shape how these services are delivered across cloud and hybrid-cloud environments - setting direction, driving adoption, and ensuring operational quality - while also contributing directly to implementation, automation, troubleshooting, and continuous improvement (this is not a purely coordinating role).

Your key tasks

• Own and continuously improve the Cloud & Network Security service scope, including:
  • Cloud security posture and guardrails (secure-by-default baselines, policies, zones/guardrails)
  • Cloud detection and response controls (configuration, tuning, integrations, signal quality)
  • Cryptographic services (keys, certificates, secrets, API keys: lifecycle, rotation, revocation, access governance, compliance evidence)
  • Network security posture and governance (firewalls, proxies, IDS/IPS, Cloudflare-based services, NSGs/security lists)
• Run a sustainable network rule governance model (inventory, periodic re-accreditation/recertification, exception handling, audit readiness)
• Drive automation-first operations: monitoring, metrics, alerting, playbooks, inventory automation, configuration validation, and drift prevention
• Translate stakeholder needs into clear standards, backlogs, and delivery priorities - and ensure adoption with minimal friction for engineering teams
• Actively contribute hands-on: configuration changes, scripting/automation, troubleshooting, and incident/on-call support when needed

This role can be based in Zurich or Bioggio.

• Strong experience in cloud security and network security in enterprise environments (ideally regulated/financial industry)
• Practical experience with cryptography / PKI / key and secrets management (lifecycle, access control, rotation, auditability)
• Hands-on engineering mindset (configuration work, troubleshooting, automation)
• Ability to manage a backlog/roadmap and align stakeholders, while staying pragmatic and delivery-focused
• Clear communication skills across technical and non-technical audiences
• Fluent in English

It would be a real bonus if you have 

• Experience with Oracle Cloud Infrastructure (OCI) security services (e.g., Security Zones, Cloud Guard, Vault, Certificate Authority) and/or comparable cloud-native security stacks
• Experience with Cloudflare, Fortinet, Check Point, and/or firewall orchestration/governance tooling
• Automation skills: Terraform, CI/CD, Python
• Relevant certifications (e.g., CCSP, CISSP, cloud security certifications, CCNP Security) 
• German and/or Italian 

We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices. 

In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self. 

We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way. 

Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.  

#LI-Hybrid