Vulnerability Management Specialist

Company Description

IAG Tech is part of International Airlines Group, one of the world’s leading airline groups, with 598 aircraft flying to over 270 destinations, carrying more than 120 million passengers each year.

IAG Tech provides world-class IT solutions to IAG’s operating companies which include Aer Lingus, Avios, British Airways, IAG, IAG Cargo, Iberia, Iberia Express, LEVEL and Vueling.

Brought together in 2019, we are a unique community with a shared vision to deliver Technology Excellence and be recognised as industry leaders in the use of technology.

Our mission is to delight customers, enable employees, accelerate business performance, protect our business and increase shareholder value, through the innovative and agile use of technology and data.

We use product-centric delivery teams using agile methods to implement new capabilities at pace and maximise business outcomes. With a relentless focus on improving system performance and stability, we continually strive to find new and better ways to innovate and support the Group.

Job Description

Purpose of the role

As a Vulnerability Management Specialist, you will be responsible to coordinate and conduct the remediation and mitigating strategy of the security vulnerabilities within our organization's systems and networks.  As part of the Iberia Cybersecurity team, you will play a critical role in ensuring the security posture of our infrastructure and applications by proactively identifying potential weaknesses and recommending appropriate remediation strategies.

Accountabilities

Within this role you will 

• Coordinating regular vulnerability assessments and penetration tests on systems, networks, and applications using industry-standard tools and methods.
• Analyzing vulnerability scan results and security audit findings to identify potential risks and prioritize remediation efforts.
• Collaborating with different stakeholders across IT in order to implement and track remediation activities as well as proposing remediation/mitigation actions/plans.
• Engaging with business areas to report on the risks associated to the vulnerabilities and the impact on their operation.
• Developing and maintaining vulnerability management policies, procedures, and best practices.
• Providing technical expertise and guidance to stakeholders on vulnerability management best practices and industry trends.
• Monitoring security advisories, patches, and updates from vendors and coordinating their application within the organization.
• Contributing to the development and enhancement of security tools and processes to improve vulnerability detection and response capabilities.

This role may require travel and working from multiple sites/locations. Willing and able to travel to participate in meetings, workshops, and other related activities

Key Stakeholders

External:

• Service providers and vendors related to vulnerability management activities.

Internal:

• IB cybersecurity team, IT team, IB business and other related roles in the different IAG’s OpCos.

Qualifications

Qualifications

Bachelor’s degree in computer science, Telecommunications Engineering, or related field (or equivalent work experience).

Desired qualification

Certified Ethical Hacker (CEH), or other relevant certifications preferred.

Strong expertise in cloud environments such as Azure and AWS.

Skills and Experience

5+ years of demonstrated experience in vulnerability management, penetration testing, or related fields.

Proficiency with vulnerability scanning tools such as Nessus, Qualys, or similar.

Strong understanding of common security vulnerabilities and attack vectors.

Experience with risk assessment methodologies and frameworks.

Excellent analytical, problem-solving, and communication skills.

Professional English and Spanish

Additional Information

Diversity and Inclusion
IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture. 

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background. 

As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.