Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead application security practices and collaborate with engineers to embed security in development.
- Company: Join IAG Loyalty, the team behind Avios, driving digital transformation and customer experiences.
- Benefits: Enjoy hybrid working flexibility, with at least two days in the London office.
- Why this job: Be part of a dynamic team using cutting-edge technology in a fast-paced environment.
- Qualifications: Experience in software engineering with a strong security mindset and knowledge of web vulnerabilities.
- Other info: We value diversity and encourage applicants from all backgrounds to apply.
The predicted salary is between 48000 - 72000 £ per year.
Who we are ????
We\’re the people behind the global loyalty currency, Avios, and home to three ambitious, growing businesses; IAG Loyalty, British Airways Holidays and The Wine Flyer. Each business has its own goals and strategy, but collectively we create brilliant experiences for our global customers.
We\’re on a truly exciting journey of growth and transformation – we\’re going places! This is where you come in.
The Opportunity
As IAG Loyalty evolves into a Platform as a Service business, we\’re looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You\’ll have a background in software engineering and a deep interest in application and API security. You thrive on collaboration, enjoy helping others grow, and see security as an enabler – not a blocker. You\’ll be an AppSec advocate who supports our engineers in identifying and addressing security issues across the software development lifecycle.
You\’ll be part of a small, dynamic team within the Product department that drives IAG Loyalty\’s digital transformation, technology strategy, and product direction. Our cloud-native platform powers the Avios currency and the digital experiences used by millions of loyalty members. This is a great opportunity to work with cutting-edge technology in a fast-paced, agile environment.
This role is based out of our London office. We call our approach to hybrid working The Blend – it\’s about giving you the flexibility to choose where you do your best work, while staying connected with your team and the wider business. This means you will be required to spend at least two days per week in the office, with the rest of the time working from home. You may also be required to work from one of our other office or partner locations, based on your role and \’to do\’ list.
What you\’ll be doing
As a Senior Application Security Engineer, you\’ll lead the application security practice within the IAG Loyalty security team, taking responsibility for key security KPIs in this area. You\’ll champion secure software development by working closely with engineers and product teams, embedding security practices into our engineering culture. You\’ll provide training, offer expert advice, and drive awareness of security from the earliest stages of design through to deployment.
You\’ll help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You\’ll also ensure that tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes – including pen testing, vulnerability scanning, and bug bounty – are delivering value.
You\’ll triage vulnerabilities, support engineering teams with practical mitigations, and contribute to documentation that strengthens our internal standards and processes. Maintaining a strong security culture will be a key focus, and you\’ll also support internal and external audits where needed.
What we\’re looking for
- Experience in software engineering, with a strong security mindset
- Deep understanding of web and API vulnerabilities, including the OWASP Top 10
- Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD
- Hands-on experience with security tools like SAST, DAST, and SCA
- Familiar with cloud environments (especially AWS), containers, and microservices
- Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture
- Strong communicator who collaborates well with engineers and promotes secure-by-default practices
We might not be right for you if:
- You only want to focus on your to-do list; we\’re a small, high-performing team, we help each other to succeed.
- You value perfection over fast iteration and progress; IAG Loyalty moves fast, we learn and iterate as we go; our environment isn\’t right for everyone.
- You\’re looking to create but not build; this is an end-to-end role, you need to be comfortable owning your space, from ideation through to delivery and review.
If you think you have what it takes but don\’t meet every single point above, please do still apply. We\’d love to chat and see if you could be a great fit.
Equity, Diversity and Inclusion at IAG Loyalty
Our vision, \’to create the world\’s most rewarding experiences,\’ applies not only to our customers but for our colleagues too. It\’s about taking belonging seriously, actively fostering a culture where everyone feels welcomed and valued by embracing diverse identities, personal histories, and perspectives.
This commitment makes IAG Loyalty a rewarding place to work and enhances our ability to solve complex problems, drive innovation, and better serve our customers and communities.
Please let us know if we can make any reasonable adjustments to support your interview process with us. #J-18808-Ljbffr
Senior Application Security Engineer employer: Avios Group (AGL) Limited
Contact Detail:
Avios Group (AGL) Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Engineer
✨Tip Number 1
Familiarise yourself with the OWASP Top 10 vulnerabilities, as this role requires a deep understanding of web and API security. Being able to discuss these vulnerabilities confidently during your interview will demonstrate your expertise and commitment to application security.
✨Tip Number 2
Showcase your experience with CI/CD pipelines and how you've integrated security tools like SAST, DAST, and SCA in previous roles. Be prepared to share specific examples of how you automated security checks and improved the overall security posture of your projects.
✨Tip Number 3
Highlight your collaborative skills by discussing past experiences where you've worked closely with engineering teams to embed security practices. Emphasising your ability to communicate effectively and promote secure-by-default practices will resonate well with the hiring team.
✨Tip Number 4
Research IAG Loyalty's current technology stack and cloud environments, particularly AWS. Understanding their digital transformation journey and being able to articulate how your skills align with their goals will set you apart as a candidate who is genuinely interested in the role.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in software engineering and application security. Emphasise your familiarity with web and API vulnerabilities, as well as any hands-on experience with security tools like SAST, DAST, and SCA.
Craft a Compelling Cover Letter: In your cover letter, express your passion for application security and how you see it as an enabler rather than a blocker. Mention specific examples of how you've collaborated with teams to embed security practices into the development lifecycle.
Showcase Your Technical Skills: Highlight your coding and scripting skills, particularly in languages like Python and Bash. Discuss any experience you have with automating security processes in CI/CD pipelines, as this is crucial for the role.
Demonstrate Your Communication Skills: Since the role requires strong communication and collaboration, provide examples of how you've effectively communicated security concepts to non-technical stakeholders or trained teams on secure practices.
How to prepare for a job interview at Avios Group (AGL) Limited
✨Showcase Your Technical Skills
Be prepared to discuss your experience with coding, scripting, and security tools like SAST, DAST, and SCA. Highlight specific projects where you've integrated security into CI/CD pipelines or automated security checks.
✨Understand the OWASP Top 10
Familiarise yourself with the OWASP Top 10 vulnerabilities and be ready to discuss how you would address these in a real-world application. This shows your deep understanding of web and API security.
✨Demonstrate Collaboration Skills
Since the role involves working closely with engineers and product teams, prepare examples of how you've successfully collaborated in the past. Emphasise your ability to promote secure practices without being a blocker.
✨Embrace the Company Culture
IAG Loyalty values a fast-paced, iterative environment. Be ready to discuss how you adapt to change and your approach to learning from mistakes. Show that you're a team player who thrives in a dynamic setting.
