Cyber Security Vulnerability Manager

Company Description

Founded in the Queensland outback in 1920, Qantas has grown to be Australia’s largest regional, domestic, and international airline. Qantas has a range of subsidiary businesses that support the overall operations of the Group. The Qantas Group’s main business is the transportation of customers and freight using two complementary airline brands — Qantas and Jetstar — operating regional, domestic, and international services.

Job Description

• Become a part of our Qantas Group Cyber Defence Team
• Join an amazing team that values and prioritises cyber security
• Permanent role based at our Mascot Head Office.

At Qantas, we represent Australia to the world. Our diverse country is known for its unique spirit, mateship, and a can-do attitude. Together we’re strong and resilient, and we work hard to make sure we’re always at our best.

The Cyber Security Vulnerability Manager is responsible for leading and evolving the vulnerability management program across the Qantas Group. This role ensures the identification, assessment, and prioritization of vulnerabilities in applications, networks, and systems, with a strong focus on integrating security throughout the software development lifecycle. The manager collaborates closely with business and technology teams to embed security best practices and works with IT teams and resolver groups by providing expertise, guidance, and recommendations to support effective and timely remediation of identified vulnerabilities. The role also drives continuous improvement, maintains compliance, and strengthens the organization’s overall security posture.

What you will be doing

• Leading comprehensive vulnerability assessments across applications, cloud workloads, containers, networks, software, and hardware, leveraging advanced scanning and testing capabilities and prioritising remediation based on business risk.
• Driving application security outcomes by embedding secure development practices addressing vulnerabilities in both custom‑built and third‑party applications across all stages of the SDLC.
• Establishing and maturing an Application Security program, correlating findings across AppSec, infrastructure, and cloud environments to provide holistic visibility,
• Overseeing cloud and container security, including vulnerability management
• Overseeing the security of network infrastructure, implementing controls to mitigate vulnerabilities across network devices, protocols, and hybrid cloud environments.
• Evaluating the impact of identified vulnerabilities and developing effective risk mitigation
• Providing subject matter expertise during cybersecurity incidents
• Maintaining compliance with security standards and regulatory requirements
• Collaborating with IT, development, and business teams to embed security practices, uplift secure coding maturity
• Continuously monitoring emerging threats, AppSec trends, and cloud‑native security technologies
• Managing relationships with security vendors and external partners, including providers of vulnerability scanning, AppSec, ASPM, and cloud security tooling.

What you will bring

• 7+ years of experience in cyber security, with deep expertise in vulnerability management and application security within large or complex enterprise environments.
• Demonstrated expertise in application security, including secure development practices, SDLC integration, and hands‑on experience with SAST, DAST, SCA, and modern AppSec tooling across custom and third-party applications.
• Strong hands‑on experience with vulnerability detection and management platforms (e.g. Qualys, Nessus, Rapid7, or similar), including deployment, configuration, analysis, and risk‑based prioritisation.
• Experience with cloud and container security, including vulnerability management for cloud services, container images, and orchestration platforms, and an understanding of cloud security and compliance frameworks.
• Knowledge of Application Security Posture Management concepts, including correlating AppSec, infrastructure, and cloud findings to improve visibility and remediation outcomes.
• Working knowledge of industry security and threat frameworks (such as NIST‑aligned control frameworks, MITRE ATT&CK, and relevant government or industry advisories including CISA and PCI DSS) and their practical application to vulnerability management.
• Deep understanding of network security protocols, cloud security architectures, and a broad range of vulnerability types across modern enterprise environments.
• Strong analytical and risk assessment skills, with the ability to translate technical vulnerabilities into clear, actionable recommendations for technical and non-technical stakeholders.
• Excellent communication, organisational, and stakeholder management skills, with the ability to work independently while driving outcomes in partnership with technology and business teams.
• Relevant education (Bachelor’s degree in Computer Science, Information Security, or a related field) and certifications (CISSP, CISM, CEH, OSCP) preferred.

Why Qantas? 

You’ll join a team where creativity and passion are encouraged. Our people come together to allow us to dream big and deliver successfully. 

There are many different opportunities across our team, which means you’ll be able to grow both personally and professionally at Qantas. Your development is a priority for us – so that you can maintain the high standards our customers have come to expect and can continue to develop over time. You’ll be supported from day 1 with on-the-job training and coaching as well as our formal training opportunities. While you may start in this role, we’ve got a great track record of supporting our people to take their career in so many different directions, the destinations are endless.  

The Qantas employee benefits program offers amazing benefits that extend well beyond travel. 

• We love to travel: Enjoy heavily discounted air travel within Australia and across the globe, both for you and your family and friends, as well as exclusive deals on accommodation and holidays.
• We have flexible leave options: Make use of leave and flexible working opportunities including 18 weeks paid parental leave and the option to purchase additional paid leave for eligible employees.
• We’ll give you access to thousands of rewards: Through our partnerships we can offer you discounts across shopping, food and wine, insurance, health and wellbeing, leisure and entertainment. You can also take advantage of our salary packaging program including motor vehicles, eligible portable electronic devices and professional memberships.
• We’ll support your wellbeing: Whether it’s learning to better support your own and others’ mental health, our interactive wellbeing app or your very own tailored nutrition plan. 

Qantas is an equal opportunity employer committed to providing a working environment that embraces and values diversity and inclusion. By coming to work for us, you’ll be part of an organisation that encourages diversity, supports charities and environmental initiatives. We encourage Aboriginal and Torres Strait Islander, and people of all backgrounds to apply. If you have any support or access requirements, we encourage you to advise us at time of application. Your personal information will be kept confidential in compliance with relevant privacy legislation.

Please note: applications will only be considered for candidates who have the right to work in Australia / New Zealand without restriction or sponsorship. 

Be part of something special and play your part in the Qantas story – get in touch today!

Applications will close by the 19th of April