Security Engineer
Hybrid
London, United Kingdom
Full Time
21-04-2025
Job Specifications
Who We Are
We’re the people behind the global loyalty currency, Avios, and home to three ambitious, growing businesses; IAG Loyalty, BA Holidays and The Wine Flyer. Each business has its own goals and strategy, but collectively we create brilliant experiences for our global customers.
We’re on a truly exciting journey of growth and transformation – we’re going places! This is where you come in.
The Opportunity
IAG Loyalty is rapidly evolving into a Platform as a Service business, and we are looking for a Security Engineer to join our platform security engineering team. This is an exciting opportunity for someone with a background in development or engineering who has a passion for building robust security controls and innovative tooling.
You’ll thrive in a cloud-native environment, where adaptability and a hands-on approach are essential. Your experience working in a continuous delivery ecosystem will be key, as our platform is constantly evolving to meet the demands of high-speed innovation and rapid technological change.
What You’ll Get Up To
In this role, you’ll take a proactive approach to securing and enhancing our platform, focusing on driving automation and developing secure-by-default practices that empower our teams to deliver safely and efficiently. Your work will contribute to building a security-first culture, ensuring continuous improvement while maintaining the platform’s security, compliance, and high performance in a fast-changing environment.
The ideal candidate will have development or engineering experience and a strong interest in developing security controls and tooling. They will thrive in a cloud-native environment and have a proven track record of working in a continuous delivery ecosystem, where high rates of technology change are the norm. You will deliver security engineering projects to enhance and automate our processes, maintain and improve existing tools like our CNAPP product, and work closely with product teams to design secure-by-default patterns.
Additionally, you will provide expert advice on cloud securityand DevSecOps, helping the engineering community adopt best practices. You’ll also collaborate with the IAG Group SOC to monitor and respond to incidents, assist teams in prioritizing and resolving security issues, and build integrations to track and measure our security program’s performance.
Furthermore, you’ll play an active role in our 24x7 on-call security incident response rota (post-probation)
What We Need From You
Strong technical background with experience in scripting or automation (e.g., Python, Bash)
Proven track record in DevOps or engineering roles, with expertise in cloud platforms (e.g., AWS) and Infrastructure as Code (e.g., Terraform)
Knowledge of incident response processes, vulnerability management, and incident triage
Experience implementing security controls and maintaining security tools
Familiarity with agile methodologies in fast-paced environments
Calm, evidence-based decision-maker in high-pressure situations
Innovative, with a focus on practical, cost-effective solutions
Committed to continuous learning and improvement in Information Security
We Might Not Be Right For You If
You only want to focus on your to-do list; we’re a small, high-performing team, we help each other to succeed.
You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn’t right for everyone.
You’re looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review.
If you think you have what it takes but don't meet every single point above, please do still apply. We'd love to chat and see if you could be a great fit.
Equity, Diversity and Inclusion at IAG Loyalty
Our vision, 'to create the world's most rewarding experiences,' applies not only to our customers but for our colleagues too. It's about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives.
This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities.
Please let us know if we can make any reasonable adjustments to support your interview process with us.
About the Company
IAG Loyalty is part of International Airlines Group (IAG). We were founded as Airmiles in 1988 and became Avios in 2011, now we’re IAGL and we have over 30 years’ experience in loyalty. We manage the British Airways Executive Club, Iberia Plus, Vueling Club, and the Aer Lingus AerClub, and we have an impressive range of retail, travel and financial services partners of the Avios currency. We’re loyalty pioneers creating the world’s most rewarding experiences. That’s our vision. We help people to enjoy incredible experie... Know more
Related Jobs
- Company Name
- KX
- Job Title
- Information Security Analyst
- Job Description
- About KX: At KX we build time-series, vector-native database solutions our customers use to unlock knowledge and predictive power they can act on with confidence. By simultaneously supporting unstructured and structured data, KX powers accurate, highly contextual results for AI and automation applications with transformative speed, unlimited scalability, and extremely low computing costs. Customers across financial services, manufacturing, telecommunications, life sciences, and aerospace and defense industries use KX to enable real-time processing of vast time-series datasets, improve operational efficiency, speed up discovery, and enhance real-time situational awareness and cybersecurity. KX brings a proven track record of 30 years of customer success, and operates from more than 15 offices across North America, Europe and Asia Pacific. Role Overview: We are hiring an Information Security Analyst to join our global security team. Reporting to the CISO, you will be responsible for safeguarding KX’s systems, infrastructure, and applications. You’ll monitor security tools and alerts, respond to threats, and contribute to the development and implementation of controls across cloud and on-premise environments. Responsibilities: Analyse SIEM events and alerts, ensuring effective investigation and resolution. Respond to phishing incidents and manage malicious email reporting. Support incident response, escalation, and coordination. Monitor cloud and on-premises environments for suspicious or malicious activity. Assist with delivery of new security tools, products, and migrations. Review change requests and advise on potential security implications. Develop and enhance technical security controls across the estate. Lead vulnerability management processes and collaborate on remediation. Requirements: Minimum 3 years of experience in information security operations. Industry certifications such as CISSP, CompTIA Security+, or CEH are desirable. Hands-on experience with security tools for Windows, Linux, and Mac environments. Strong understanding of network protocols and technologies (e.g. VPN, TLS, DMZ). Practical knowledge of cloud security across AWS, Azure, or GCP (e.g. CloudTrail, Sentinel). Experience with endpoint protection, DLP, IDS/IPS, MFA, and content filtering. Familiarity with SIEM platforms and vulnerability management tools. Exposure to SOAR platforms and scripting or development skills (e.g. Python, Bash). Understanding of frameworks such as ISO 27001/2, NIST, SOC, or COBIT. Excellent communication skills, both verbal and written. Location & Workplace Type: This role will be based in Newry, Belfast or Dublin with a Hybrid working model Why Choose KX? Data Driven: We lead with instinct and follow fact. Naturally Curious: We lean in, listen and learn fast. All In: We take ownership, take on challenges and give it our all. Benefits: Competitive Salary Individually tailored training and skills development Private healthcare package and Employee Assistance Programme Enhanced maternity and paternity package Wellness Days and Volunteer Days
- Company Name
- Albany Beck
- Job Title
- Security Metrics & Reporting Analyst
- Job Description
- Purpose: The individual will be enhancing the banks security reporting capability by automating and interpreting security metrics, and translating complex technical insights into meaningful, executive-level intelligence. Key Responsibilities: Define and develop KPIs aligned to policy, standards, and risk appetite Conduct data collection and analysis across host systems and IAM environments Automate dashboards and metrics reporting using Power BI Present findings in plain English for leadership and non-technical audiences Support production of Cyber and Risk Reports and maturity assessments Skills & Experience: Power BI expertise, including automation and dashboard design Experience with IAM, Incident Management, and PAM data sets Strong communication skills Experience reporting to executive and board-level audiences
- Company Name
- TieTalent
- Job Title
- Information Security Manager
- Job Description
- About Information Security Manager Hybrid – Bristol | £65,000 – £75,000 | Extensive Benefits Package Make a real impact in national security. Drive information assurance for a company solving some of the UK’s most complex technical challenges. Who We Are: At TwinStream, we’re more than just a tech company. Founded by engineers with deep experience in high-assurance environments, we specialise in solving cross-domain challenges for government organisations. Our people work on-site with clients or remotely, supporting mission-critical work across the UK. The Information Security Manager Role: As Information Security Manager, you’ll be the go-to expert for all things security, steering our ISO 27001 compliance and leading security strategy across the business. From protecting internal operations to aligning with defence frameworks, your work will directly safeguard sensitive client operations and ensure our team stays at the cutting edge of cybersecurity excellence. Key Responsibilities of the Information Security Manager: Maintain and enhance ISO 27001, Cyber Essentials/Cyber Essentials+, and DCPP compliance Lead policy development and risk mitigation across the business Advise on Secure by Design (SbD) assurance and government protective standards Manage security incidents and drive rapid, effective responses Be a key voice in stakeholder discussions, audits, and security awareness initiatives Own security controls for our North Bristol site Support the creation of project-specific security documentation and assurance strategies Skills & Experience: Experience leading ISO 27001 and cybersecurity governance Strong knowledge of NIST CSF, ISO 27005, and DCPP frameworks Confident communicator with a security-first mindset Comfortable being both strategic and hands-on Qualifications like CISSP (preferred), CISM, ISO 27001 Lead Implementer Why Join TwinStream? Pension Plan – 8% employer contribution Private Medical (Inc. Dental & Optical) – For you and your family Annual Training Budget (£1,000) – Empower your growth True Flexible Working – Work-life balance built-in Electric Vehicle Leasing Scheme 25 Days Holiday + Bank Holidays Team Events – Quarterly meetups, summer and Christmas parties Life Assurance + Cycle to Work Scheme Security Notice Due to the nature of our clients, this role is conditional on successful completion of security vetting. Applicants must be eligible for Developed Vetting (DV). What’s Next? If you have the skillset and enthusiasm to be successful in this new Information Security Manager position, we would love to hear from you. Apply now to join a high-trust, high-impact team where your work truly matters Nice-to-have skills ISO 27001 CISSP Bristol, England Work experience Cyber Security Specialist IT Consultant Security Analyst Languages English
- Company Name
- InfoSec People Ltd
- Job Title
- Cyber Security Manager
- Job Description
- Cyber Security Manager- Reading- £70,000 We’re looking for a skilled and experienced cyber security professional to lead the development and delivery of a robust security and resilience strategy within a digitally focused, globally operating organisation. As manager for Cyber Security and Resilience, you’ll be responsible for managing risk, shaping policies, and overseeing security operations across all systems and services. A key part of the role involves implementing and aligning practices with the NIST Cybersecurity Framework, ensuring a consistent, standards-based approach to managing cyber threats and resilience. You’ll lead on incident response planning, certification and compliance, and continuous monitoring of the threat landscape. Working closely with senior leadership and technical teams, you’ll provide expert guidance and ensure that cyber security remains embedded in the organisation’s digital transformation plans. What we’re looking for: Proven experience leading cyber security strategy and operations. Strong understanding of the NIST Cybersecurity Framework and its practical application. Knowledge of compliance and certification standards such as PCI-DSS and Cyber Essentials Plus. Experience in risk management, threat intelligence, and incident response. Ability to communicate clearly with both technical and non-technical stakeholders. Experience managing budgets and third-party security vendors. For more information, please contact Joel at InfoSec People.