About the team
The Data Protection Services (DPS) Tribe protects Euroclear’s data assets against leak, and unauthorised access. The Data Protection Solutions Squad is responsible for engineering, operating, and continuously improving technical data protection solutions across the enterprise.
The squad ensures that:
1. Data is correctly classified by criticality and sensitivity,
2. Appropriate technical controls are designed, implemented, monitored, and maintained,
3. Data protection capabilities are embedded into platforms, processes, and user behaviours across Euroclear.
Your Role – Data Protection Engineer:
As a Data Protection Engineer, you are a hands-on technical specialist responsible for the implementation, operation, and evolution of enterprise-wide data protection controls.
You work closely with:
4. Other CISO engineering squads,
5. IT infrastructure and application teams,
6. Risk, Audit, and Compliance functions,
7. Business stakeholders where data protection controls are embedded into processes and platforms.
Your focus is on building reliable, scalable, and auditable data protection services, rather than defining policy alone.
Your responsibilities & duties:
8. Design, implement, and operate enterprise-wide data protection controls across cloud, endpoint, email, and collaboration platforms
9. Engineer and maintain Data Leak Prevention (DLP) capabilities for data at rest, in use, and in motion
10. Implement and support email and collaboration security controls (. Exchange Online, SharePoint, OneDrive, Teams)
11. Apply a broad understanding of hardware, software, and networking technologies to analyse, implement, and support data protection solutions across complex environments
12. Ensure operational stability, performance, and resilience of data protection platforms and services
13. Automate deployment, configuration, monitoring, and reporting of data protection controls using scripting and engineering best practices
14. Support security incidents related to data leakage, network intrusions, or cyber-attacks, including investigation, forensic analysis, containment, and recovery
15. Integrate data protection controls into IT infrastructure and application platforms, working closely with infrastructure, engineering, and delivery teams
16. Continuously improve policies, detections, and alerting to reduce false positives and operational overhead
17. Provide technical expertise, consultancy, and evidence to support end-users and stakeholders, as well as risk assessments, audits, and regulatory or governance reviews
Your qualifications and experience (a combination of several of the below is expected):
Security & Engineering Experience:
Experience with relevant security engineering domains is desirable, including:
18. Strong experience in data protection, infrastructure security, or application security.
19. Hands‑on experience architecting and implementing email security and DLP solutions.
20. Solid understanding of Windows environments, Active Directory, and identity‑based controls.
21. Experience evaluating and integrating security tools into complex enterprise environments.
22. Microsoft 365 security stack: Purview and Defender
23. Microsoft Exchange Online, SharePoint Online, OneDrive, Teams
24. Database Activity Monitoring (DAM): monitoring, detection, and alerting for abnormal/anomalous database activity
25. Email security controls (. Dmarc/DKIM/SPF, malware, spoofing, spam, TLS, S/MIME…)
26. Endpoint protection (. Defender, Purview DLP, CrowdStrike…)
27. DLP platforms (. Purview DLP, Netskope CASB/DLP)
28. SIEM platform for security monitoring and analytics (. Splunk/PA XSOAR)
29. Experience with scripting and automation (PowerShell, and. Python, Shell, SQL, MS Power Platform).
30. Ability to design repeatable, maintainable, and auditable engineering solutions.
31. Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
32. Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
33. Cybersecurity training and certifications (., CISSP, CISM or equivalent) are a plus.
34. Strong analytical and problem-solving skills, with the ability to address complex technical issues.
35. Creative and sees the bigger picture when addressing issues
36. Proactive, service-oriented mindset with a strong sense of ownership.
Platforms & Technologies:
Knowledge of relevant security platforms and technologies is highly valued, such as:
37. Microsoft 365 security stack: Purview and Defender
38. Microsoft Exchange Online, SharePoint Online, OneDrive, Teams
39. Database Activity Monitoring (DAM): monitoring, detection, and alerting for abnormal/anomalous database activity
40. Email security controls (. Dmarc/DKIM/SPF, malware, spoofing, spam, TLS, S/MIME…)
41. Endpoint protection (. Defender, Purview DLP, CrowdStrike…)
42. DLP platforms (. Purview DLP, Netskope CASB/DLP)
43. SIEM platform for security monitoring and analytics (. Splunk/PA XSOAR)
44. Experience with scripting and automation (PowerShell, and. Python, Shell, SQL, MS Power Platform).
45. Ability to design repeatable, maintainable, and auditable engineering solutions.
46. Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
47. Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
48. Cybersecurity training and certifications (., CISSP, CISM or equivalent) are a plus.
49. Strong analytical and problem-solving skills, with the ability to address complex technical issues.
50. Creative and sees the bigger picture when addressing issues
51. Proactive, service-oriented mindset with a strong sense of ownership.
Automation & Scripting:
Experience with automation and scripting in a security engineering context is considered an asset, including:
52. Experience with scripting and automation (PowerShell, and. Python, Shell, SQL, MS Power Platform).
53. Ability to design repeatable, maintainable, and auditable engineering solutions.
Standards & frameworks:
Knowledge of relevant security and compliance Standards & Frameworks is considered an asset, including:
54. Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
55. Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
56. Cybersecurity training and certifications (., CISSP, CISM or equivalent) are a plus.
Interpersonal Skills:
57. Strong analytical and problem-solving skills, with the ability to address complex technical issues.
58. Creative and sees the bigger picture when addressing issues
59. Proactive, service-oriented mindset with a strong sense of ownership.
60. Stress-resistant and able to remain calm and effective under pressure, particularly during incidents and tight deadlines.
61. Clear written and verbal communication skills in English. Ability to collaborate effectively across engineering, risk, audit, and business teams.
62. Comfortable operating in a regulated, audit‑driven environment while remaining delivery‑focused.
#LI-YK1