Senior Vulnerability Engineer

Company Description

For a winning team that is evolving.  Forward with Cuscal.

At Cuscal, you’ll find a strong, successful company that’s reimagining the future. And our team is right there at the heart of it all. Here, you’ll deliver or support interesting, ground-breaking projects that have real impact - on Australia’s financial services sector and the millions of customers it serves. You’ll innovate alongside skilled, smart, connected teams. And you’ll build an impressive, fulfilling career that continues to grow. As the largest independent payment solution providers, we’ve set the standard for over 50 years. Now, we’re preparing to pioneer the next 50.

Job Description

We are looking for a Senior Vulnerability Engineer to join our dynamic IT Security team!

What is this role about?

As the Senior Vulnerability Engineer, you will play a critical role role in strengthening our organization's cyber defences by identifying, assessing, and mitigating vulnerabilities across our digital assets. Combining technical expertise in vulnerability management with advanced data analysis, this role produces actionable insights that guide strategic decision-making and bolster risk mitigation.

Here’s some more insight into what you’ll work on,

Vulnerability Assessment and Management:

• Lead vulnerability scanning and assessment activities, ensuring consistent identification of security gaps across systems, networks, and applications.
• Collaborate with application, infrastructure, network and DevOps teams to prioritize and drive the remediation of vulnerabilities according to risk and criticality.
• Establish automated processes to streamline vulnerability detection and reporting across cloud and on-premises environments.

Data Analytics and Reporting:

• Develop and maintain interactive dashboards in Power BI, providing real-time visibility into vulnerability management metrics, trends, and key performance indicators.
• Analyse vulnerability data to identify patterns, emerging threats, and improvement opportunities, tailoring insights to technical and non-technical audiences.
• Integrate Power BI reports with other reporting frameworks, including board-level and operational-level reporting.

Stakeholder Communication and Collaboration:

• Collaborate with cross-functional teams, including Security Operations, IT, Risk, and Compliance, to communicate vulnerabilities and coordinate response actions.
• Prepare and present executive summaries, risk profiles, and performance reports for senior management, highlighting strategic vulnerability insights.

Qualifications

What can you bring?

• Proven experience (5+ years) in vulnerability management, security engineering, or related fields, with a focus on identifying, prioritizing, and remediating security vulnerabilities.
• Strong technical knowledge of vulnerability assessment tools and platforms (e.g., Tenable, Qualys, Rapid7) and security frameworks (e.g., NIST, CIS, MITRE ATT&CK).
• Demonstrated expertise in conducting risk assessments and vulnerability analysis across cloud, on-premises, and hybrid environments.
• Experience in automating vulnerability management processes and reporting, utilizing scripting languages (e.g., Python, PowerShell) and APIs.
• Proficiency in analysing and visualizing vulnerability data, including developing reports and dashboards for various stakeholder levels.
• Solid understanding of network and application security principles, patch management, and threat mitigation techniques.
• Familiarity with compliance and regulatory frameworks relevant to cybersecurity (e.g., PCI DSS, SOC 2, ISO 27001).
• Strong communication skills, with the ability to effectively translate technical findings into insights for both technical and non-technical audiences.
• Relevant certifications preferred, such as CISSP, CISM, GIAC, or CEH.

Although not required, any experience in the following would be highly regarded:

• Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments. 
• Knowledge of security frameworks and standards such as CPS234, ASD Essential 8 etc. 
• Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry. 

Additional Information

Why Cuscal? 
We are in the rapidly evolving world of payments, and we are committed to providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of educational, financial, lifestyle, health & wellbeing benefits. 
 
Next Step 
If you think this role is the right fit for you, we invite you to apply. Let’s explore who you are and what drives you. We’d love to share our vision for the future of payments sector. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. 

Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. Please do not email or send unsolicited resumes to any Cuscal employee, location or address.