Job Description

About the team

The Data Protection Services (DPS) Tribe protects Euroclear’s data assets against leak, and unauthorised access. The Data Protection Solutions Squad is responsible for engineering, operating, and continuously improving technical data protection solutions across the enterprise.

The squad ensures that:

• Data is correctly classified by criticality and sensitivity,
• Appropriate technical controls are designed, implemented, monitored, and maintained,
• Data protection capabilities are embedded into platforms, processes, and user behaviours across Euroclear.

Your Role – Data Protection Engineer: 

As a Data Protection Engineer, you are a hands-on technical specialist responsible for the implementation, operation, and evolution of enterprise-wide data protection controls.

You work closely with:

• Other CISO engineering squads,
• IT infrastructure and application teams,
• Risk, Audit, and Compliance functions,
• Business stakeholders where data protection controls are embedded into processes and platforms.

Your focus is on building reliable, scalable, and auditable data protection services, rather than defining policy alone.

Your responsibilities & duties:

1. Design, implement, and operate enterprise-wide data protection controls across cloud, endpoint, email, and collaboration platforms
2. Engineer and maintain Data Leak Prevention (DLP) capabilities for data at rest, in use, and in motion
3. Implement and support email and collaboration security controls (e.g. Exchange Online, SharePoint, OneDrive, Teams)
4. Apply a broad understanding of hardware, software, and networking technologies to analyse, implement, and support data protection solutions across complex environments
5. Ensure operational stability, performance, and resilience of data protection platforms and services
6. Automate deployment, configuration, monitoring, and reporting of data protection controls using scripting and engineering best practices
7. Support security incidents related to data leakage, network intrusions, or cyber-attacks, including investigation, forensic analysis, containment, and recovery
8. Integrate data protection controls into IT infrastructure and application platforms, working closely with infrastructure, engineering, and delivery teams
9. Continuously improve policies, detections, and alerting to reduce false positives and operational overhead
10. Provide technical expertise, consultancy, and evidence to support end-users and stakeholders, as well as risk assessments, audits, and regulatory or governance reviews

Your qualifications and experience (a combination of several of the below is expected): 

Security & Engineering Experience:
Experience with relevant security engineering domains is desirable, including:

• Strong experience in data protection, infrastructure security, or application security.
• Hands‑on experience architecting and implementing email security and DLP solutions.
• Solid understanding of Windows environments, Active Directory, and identity‑based controls.
• Experience evaluating and integrating security tools into complex enterprise environments.
• Microsoft 365 security stack: Purview and Defender
• Microsoft Exchange Online, SharePoint Online, OneDrive, Teams
• Database Activity Monitoring (DAM): monitoring, detection, and alerting for abnormal/anomalous database activity
• Email security controls (e.g. Dmarc/DKIM/SPF, malware, spoofing, spam, TLS, S/MIME…)
• Endpoint protection (e.g. Defender, Purview DLP, CrowdStrike…)
• DLP platforms (e.g. Purview DLP, Netskope CASB/DLP)
• SIEM platform for security monitoring and analytics (e.g. Splunk/PA XSOAR)
• Experience with scripting and automation (PowerShell, and e.g. Python, Shell, SQL, MS Power Platform).
• Ability to design repeatable, maintainable, and auditable engineering solutions.
• Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
• Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
• Cybersecurity training and certifications (e.g., CISSP, CISM or equivalent) are a plus.
• Strong analytical and problem-solving skills, with the ability to address complex technical issues.
• Creative and sees the bigger picture when addressing issues 
• Proactive, service-oriented mindset with a strong sense of ownership.

Platforms & Technologies:
Knowledge of relevant security platforms and technologies is highly valued, such as:

• Microsoft 365 security stack: Purview and Defender
• Microsoft Exchange Online, SharePoint Online, OneDrive, Teams
• Database Activity Monitoring (DAM): monitoring, detection, and alerting for abnormal/anomalous database activity
• Email security controls (e.g. Dmarc/DKIM/SPF, malware, spoofing, spam, TLS, S/MIME…)
• Endpoint protection (e.g. Defender, Purview DLP, CrowdStrike…)
• DLP platforms (e.g. Purview DLP, Netskope CASB/DLP)
• SIEM platform for security monitoring and analytics (e.g. Splunk/PA XSOAR)
• Experience with scripting and automation (PowerShell, and e.g. Python, Shell, SQL, MS Power Platform).
• Ability to design repeatable, maintainable, and auditable engineering solutions.
• Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
• Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
• Cybersecurity training and certifications (e.g., CISSP, CISM or equivalent) are a plus.
• Strong analytical and problem-solving skills, with the ability to address complex technical issues.
• Creative and sees the bigger picture when addressing issues 
• Proactive, service-oriented mindset with a strong sense of ownership.

Automation & Scripting:
Experience with automation and scripting in a security engineering context is considered an asset, including:

• Experience with scripting and automation (PowerShell, and e.g. Python, Shell, SQL, MS Power Platform).
• Ability to design repeatable, maintainable, and auditable engineering solutions.

Standards & frameworks:
Knowledge of relevant security and compliance Standards & Frameworks is considered an asset, including:

• Knowledge of standard security and control frameworks such as ISO/IEC 27001/27002, NIST Cybersecurity Framework (CSF) and NIST SP 800-53, CIS Critical Security Controls (v8), and similar.
• Familiarity with threat and adversary frameworks such as MITRE ATT&CK is a plus.
• Cybersecurity training and certifications (e.g., CISSP, CISM or equivalent) are a plus.

Interpersonal Skills: 

• Strong analytical and problem-solving skills, with the ability to address complex technical issues.
• Creative and sees the bigger picture when addressing issues 
• Proactive, service-oriented mindset with a strong sense of ownership.
• Stress-resistant and able to remain calm and effective under pressure, particularly during incidents and tight deadlines.
• Clear written and verbal communication skills in English. Ability to collaborate effectively across engineering, risk, audit, and business teams.
• Comfortable operating in a regulated, audit‑driven environment while remaining delivery‑focused.

#LI-YK1

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer:

• Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries.
• Practice your talents in a highly professional international environment.
• Join a learning and development environment with an emphasis on knowledge sharing and training.
• Competitive salary and comprehensive benefits.

Ways of working

Find your own optimal balance within our hybrid working model, where you can connect at the office 8 days a month and also benefit from remote working.

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, ...). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process. Our values guide how we work together and shape our future: Our mission and values - Euroclear