Senior Cloud & Application Security Engineer

Company Description

For a winning team that is evolving.  Forward with Cuscal.

At Cuscal, you’ll find a strong, successful company that’s reimagining the future. And our team is right there at the heart of it all. Here, you’ll deliver or support interesting, ground-breaking projects that have real impact - on Australia’s financial services sector and the millions of customers it serves. You’ll innovate alongside skilled, smart, connected teams. And you’ll build an impressive, fulfilling career that continues to grow. As the largest independent payment solution providers, we’ve set the standard for over 50 years. Now, we’re preparing to pioneer the next 50.

Job Description

We are looking for a Senior Cloud & Application Security Engineer to design, implement and manage security controls across cloud environments and applications, protecting Cuscal’s payments and data services.

What is this role about?

As the Senior Cloud & Application Security Engineer, you’ll play a key part in securing cloud-native workloads, integrating security into the software development lifecycle (SDLC), and ensuring compliance with regulatory and industry security standards. The role will work closely with development, DevOps, and infrastructure teams to embed security best practices and drive continuous security improvements across cloud and application landscapes.

Here’s some more insight into what you’ll work on,

• Cloud Security Architecture:
  • Design and implement security solutions for cloud-native and hybrid-cloud environments.
  • Develop and enforce security architecture patterns, controls, and automation within cloud services and infrastructure as code (IaC).
  • Configure and manage cloud security services such as identity and access management (IAM), encryption, logging, and monitoring.
• Application Security & DevSecOps:
  • Embed security within the SDLC through secure coding practices, automated security testing, and CI/CD pipeline integrations.
  • Conduct static (SAST) and dynamic (DAST) application security testing, container security scanning, and API security assessments.
• Threat & Vulnerability Management:
  • Identify and mitigate security risks in cloud and application environments through threat modelling, penetration testing, and vulnerability assessments.
  • Implement and maintain security controls to defend against cloud and application-specific attack vectors.
  • Support incident response by analysing cloud and application security events and recommending mitigations.
  • Develop and maintain incident response playbooks specifically focused on data breaches and protection failures.
• Security Tooling & Automation:
  • Implement and maintain security tools such as Cloud Security Posture Management (CSPM)
  • Develop security automation using scripting (Python, PowerShell) and cloud-native security services.
  • Enhance visibility and detection capabilities by integrating cloud security logs into SIEM solutions.

Qualifications

What can you bring?

• 7+ years in cybersecurity, with a focus on cloud security, application security, and DevSecOps.
• Strong experience securing workloads in AWS, Azure, or GCP, with expertise in IAM, encryption, logging, and cloud security best practices.
• Hands-on experience with CI/CD pipeline security, SAST/DAST tools, API security, and container security (Docker, Kubernetes).
• Expertise in securing web applications, microservices, and APIs against OWASP Top 10 threats.
• Experience with infrastructure as code (Terraform, CloudFormation, Ansible) and security automation.
• Familiarity with cloud security frameworks such as CIS Benchmarks, NIST CSF, and CSA Cloud Controls Matrix.
• Strong understanding of threat modelling, vulnerability management, and security testing.
• Experience integrating cloud security logs with SIEM tools like Splunk or Sentinel.
• Proven experience leading high-severity incident responses in a fast-paced environment.

Although not required, any experience in the following would be highly regarded:

• Payment’s industry, ATM/EFT/POS technology, cards and finance or other regulated industries and/or 24x7 mission-critical environments. 
• Knowledge of security frameworks and standards such as ISO 27001, NIST, CPS234, ASD Essential 8 etc. 
• Understanding of legal, regulatory, privacy and security matters associated with the Banking and Finance Industry. 

Additional Information

Why Cuscal? 
We are in the rapidly evolving world of payments, and we are committed to providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. We support our colleagues with flexible work arrangements through our hybrid model whilst also offering a wide range of educational, financial, lifestyle, health & wellbeing benefits. 
 
Next Steps
If you think this role is the right fit for you, we invite you to apply. Let’s explore who you are and what drives you. We’d love to share our vision for the future of payments sector. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. 

Cuscal does not accept unsolicited resumes from recruitment agencies and search firms. Please do not email or send unsolicited resumes to any Cuscal employee, location or address.