Senior Data Protection Engineer

What is this role about?

As the Senior Data Protection Engineer, you will ensure that data protection policies, standards, and controls are in place and aligned with regulatory requirements, such as PCI DSS and CPS234, and industry best practices. The Senior Data Protection Engineer will work closely with cross-functional teams to protect critical data assets and ensure their secure handling across the business, supporting the company’s compliance, security, and risk management objectives.

Here’s some more insight into what you’ll work on,

• Data Protection Strategy & Architecture:
  • Accountable for Design and implementation of robust data protection framework, including encryption, proxy, data loss prevention (DLP), File Integrity Monitoring (FIM) and secure data handling techniques.
  • Accountable for leading the strategic design, deployment, and continuous optimization of Microsoft Conditional Access Policies (CAP) to safeguard corporate assets.
  • Lead, develop and enforce automated data classification, labeling, and encryption policies that align with regulatory frameworks (e.g., PCI, CPS 234) and internal compliance standards
• Regulatory Compliance & Governance:
  • Responsible for ensuring adherence to relevant compliance and regulatory frameworks, such as CPS234 and PCI DSS by maintaining data protection controls and audit trails.
  • Work with compliance and risk teams to ensure data protection risks are identified, documented, and mitigated.
• Incident Response & Remediation:
  • Lead efforts in data security incident management, including identifying, investigating, and remediating data breaches or loss of data events.
  • Work with the Cyber Operation and other teams to define response plans for data-related incidents and vulnerabilities.
• Data Loss Prevention (DLP):
  • Responsible for managing and optimising DLP technologies, developing and fine-tuning policies to prevent unauthorized access, sharing, or exfiltration of sensitive data.

Requirements

What can you bring?

• 7+ years of experience in cybersecurity, with a focus on data protection engineering, incident response, and threat intelligence.
• Strong understanding of security principles, authentication, authorization, and access control mechanisms
• In-depth knowledge and hands-on experience with FIM, Proxy & DLP tools (e.g., Tripwire, OSSEC, Zscaler, Microsoft, Trillix).
• Expertise in encryption technologies (e.g., AES, RSA, ECC) and cryptographic protocols (e.g., TLS, IPsec). Strong experience with key management systems (HSM, KMS) and secure key generation, rotation, and destruction.
• Strong understanding of advanced exploitation techniques and attack vectors (e.g., buffer overflows, SQL injection, APTs, privilege escalation). Expert at conducting threat modelling (STRIDE, DREAD) and applying countermeasures to mitigate threats.
• Experience with scripting and automation (Python, PowerShell, etc.) to streamline detection and response activities.
• Proven experience leading high-severity incident responses in a fast-paced environment.

Although not required, any experience in the following would be highly regarded:

• Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments.
• Knowledge of security frameworks and standards such as ISO 27001, NIST, CPS234, ASD Essential 8 etc.
• Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry.

Additional information

Why Cuscal?
We are in the rapidly evolving world of payments, and we are committed to providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of educational, financial, lifestyle, health & wellbeing benefits.

Next Step
If you think this role is the right fit for you, we invite you to apply. Let’s explore who you are and what drives you. We’d love to share our vision for the future of payments sector. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert.

Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. Please do not email or send unsolicited resumes to any Cuscal employee, location or address.