One Identity Safeguard Engineer
A bit about the role
As a One Identity Safeguard Engineer, you will be part of Avaloq’s Identity & Access Management (IAM) function, with full accountability for Privileged Access Management (PAM) platforms. The role focuses on engineering, integrating, and operating One Identity Safeguard, ensuring secure privileged access, system hardening, and compliance across standard and custom platforms.
Responsibilities:
Privileged Access Management (PAM):
- Engineer, operate, and enhance One Identity Safeguard (password vaulting, session management, access policies).
- Define, enforce, and maintain privileged credential and password management standards.
- Onboard enterprise, legacy, cloud, and custom-built platforms into Safeguard.
- Design and implement custom PAM integrations, including:
- Authoring and maintaining JSON-based platform definitions
- API-based integrations and custom authentication mechanisms
- Troubleshooting non-standard access flows
- Integrate Safeguard with authentication services, monitoring, and logging solutions.
- Ensure platform availability, performance monitoring, and incident resolution.
PAM Operations & Engineering
- Execute platform upgrades, patching, and configuration changes for Safeguard components.
- Perform health checks, log analysis, and advanced diagnostics.
- Apply security hardening and PAM baselines in line with Avaloq security and audit requirements.
- Monitor and manage PAM license usage and compliance.
- Provide L2/L3 support for PAM-related incidents and problem management.
Automation & Tooling
- Automate PAM onboarding, configuration, and reporting using Terraform and Ansible.
- Develop and maintain PowerShell scripts supporting PAM operations and integrations.
- Use SQL for troubleshooting, reporting, and customization where required.
- Proactively identify opportunities to reduce manual operations through automation.
Documentation & Compliance
- Create and maintain clear, audit-ready documentation, including SOPs and runbooks.
- Support internal and external audits, security assessments, and control validations related to PAM.
A bit about you
- Degree in Computer Science, IT Engineering, or equivalent professional experience.
- 5+ years of hands-on experience in Privileged Access Management (PAM).
- Strong, proven expertise with One Identity Safeguard (or equivalent enterprise PAM platforms such as CyberArk, BeyondTrust, Delinea).
- Demonstrated experience integrating custom and non-standard platforms into PAM, including: Writing and maintaining JSON configurations
- REST / API-based integrations
- Solid knowledge of Active Directory, Azure AD / Entra ID, LDAP, and authentication protocols.
- Practical experience with Terraform, Ansible, and PowerShell; SQL knowledge is an advantage.
- Strong analytical mindset, documentation discipline, and security awareness.
- Fluent English required.
Additional information
We realize that managing work life balance is a challenge we all face in our daily lives and in order to support with this we are pleased to offer hybrid and flexible working for most of our Avaloqers to maintain work life balance and still continue our fantastic Avaloq culture in our global offices.
In Avaloq we are proud to embrace diversity and understand the success of our business is built on the power of different opinions, we are whole heartedly committed to fostering an equal opportunity environment and inclusive culture where you can be your true authentic self.
We hire, compensate and promote regardless of origin, age, gender identity, sexual orientation or any other fantastic traits that make us all unique, we have done our best to write this advert in an inclusive and neutral way.
Please be aware that we will not accept speculative CV submissions for any of our roles from recruitment agencies, and any unsolicited candidate submissions will be exempt from any payment expectations.
#LI-Hybrid
Benefits
- Annual bonus
At Avaloq we work hard to remain an industry leading provider and we love to reward our colleagues with a share of that success with an annual bonus, you will even remain eligible for annual bonus while you do the hardest job of your life – taking care of your children during parental leave.
- Flexible working
We understand that fitting your life around your job can be challenging which is why in most roles we offer flexible working to allow you to thrive both in and out of work.
- Instant recognition
We love to see people thriving in their roles and we have an instant recognition scheme at Avaloq to help managers reward the great work our colleagues deliver with a gift to say thanks.
- Access to Udemy for professional and personal learning
We think it is important to learn and grow professionally, but if you are someone who likes to learn outside of work we give you access to online learning for both professional and personal learning, with over 210,000 courses to choose from.
About us
Founded and headquartered in Switzerland, Avaloq is continuously expanding its global footprint with around 2,500 colleagues in 12 countries, and more than 170 clients in 35 countries. We are an industry-leading provider of wealth management technology and services for financial institutions around the world, including private banks and wealth managers, investment managers, as well as retail and neo banks. Our research led approach and continual innovation is powered by the passion and creativity of our colleagues.
We are always looking for talented people to join us on our mission to orchestrate the financial ecosystem and democratize access to wealth management. Avaloq offers the opportunity to work closely with some of the world’s leading financial institutions as we jointly develop and shape careers. Championing a collaborative, supportive and flexible work environment empowers our colleagues to reach their full potential.