Who we are
We’re the people behind the global loyalty currency, Avios, and home to three ambitious, growing businesses; IAG Loyalty, BA Holidays and The Wine Flyer. Each business has its own goals and strategy, but collectively we create brilliant experiences for our global customers.
We’re on a truly exciting journey of growth and transformation – we’re going places! This is where you come in.
The Opportunity
IAG Loyalty is rapidly evolving into a Platform as a Service business, and we are looking for an Associate Application Security Engineer to join our Platform Security Engineering Team. If you have experience in software engineering and a passion for application security, this is the role for you!
As an AppSec advocate, you will work closely with engineers, helping them identify and resolve security vulnerabilities throughout the Software Development Lifecycle (SDLC). You’ll be a key player in embedding security within our engineering culture, developing tools, and ensuring security best practices are followed.
What you’ll get up to
You'll play a key role in enhancing security across our Software Development Life Cycle (SDLC), working closely with product teams to strengthen our Application Security (AppSec) program. This includes developing tools to improve how we measure and report on security, running our Security Champions program and events, and assisting with threat modeling sessions. You'll research critical security-sensitive design decisions, such as authentication, cryptography, and logging, while ensuring our continuous scanning tools (SAST, DAST, SCA) and testing programs (pen testing, vulnerability scanning, bug bounty) run efficiently. You'll also triage vulnerabilities, support engineering teams with mitigations, assist in responding to security incidents, and document security processes. Post-probation, you’ll join our 24x7 on-call security escalation rota, ensuring rapid response to security threats.
What we need from you
* A basic understanding of at least one programming language (e.g., Python, Java, JavaScript).
* Some experience with coding, scripting, or automation tasks.
* Familiarity with common web application vulnerabilities (e.g., OWASP Top 10).
* A general understanding of DevOps practices, like CI/CD pipelines.
* Strong communication skills and the ability to collaborate with different teams.
* Basic knowledge of Agile practices or continuous software delivery.
* A keen interest in security and technology, with a passion for learning and growing.
* A flexible, proactive attitude with the ability to thrive in a fast-paced environment.
We might not be right for you if:
* You only want to focus on your to-do list; we’re a small, high-performing team, we help each other to succeed.
* You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn’t right for everyone.
* You’re looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review.
If you think you have what it takes but don’t meet every single point above, please do still apply. We'd love to chat and see if you could be a great fit.
Equity, Diversity and Inclusion at IAG Loyalty
Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives.
This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities.
Please let us know if we can make any reasonable adjustments to support your interview process with us.
#J-18808-Ljbffr