The role and it’s impact
Sitting within a newly formed Application Security team, this role will focus on secure software development, DevSecOps, security automation, and vulnerability management.
We're looking for somebody with a passion for security automation and security-as-code, who can leverage tools to improve efficiency. Coupled with a growth mindset, continuously learning and adapting to emerging threats and security trends.
This position will play a key role in securing Xero’s software development lifecycle (SDLC), ensuring that security is embedded into engineering workflows while enabling teams to deliver secure products at scale.
The team & how they connect
You will join the Application Security team, a group dedicated to advancing DevSecOps and secure software delivery. Working cross-functionally with engineering, product, and platform teams, you will champion a culture where security is automated, collaborative, and widely understood across the business.
The team is currently working on
Integrating automated testing tools (SAST, DAST, SCA) into CI/CD pipelines to identify vulnerabilities early.
Building and managing security automation tools that fit effortlessly into existing developer workflows.
Collaborating with platform teams to secure APIs, cloud infrastructure, and serverless architectures.
Driving "shift-left" initiatives by supporting teams with threat modelling and secure coding guidance.
Where and how you can work
Our team is based in New Zealand & Australia, this role can be based anywhere in New Zealand with a preference for either Wellington or Auckland.
We support flexible working arrangements that balance the needs of the individual with the needs of the business. You will have the ability to work in a hybrid capacity, connecting with your peers in our offices to foster collaboration while maintaining the autonomy to work remotely.
Here are some of the things we are looking for, for this role
Hands-on experience with automated security testing tools, such as SAST, DAST, and IaC scanning.
Proficiency in scripting or programming languages like Python, Java, Go, or JavaScript.
A solid background in securing APIs, microservices, and cloud-native or serverless architectures.
The ability to collaborate effectively with engineering teams, influencing best practices without slowing down development.
A genuine passion for security automation and "security-as-code" principles.
Experience with DevSecOps practices and integrating controls into pipelines like Jenkins or GitHub Actions.
Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.
Top Skills
What the Team is Saying
What We Do
Xero is small business accounting software that provides a platform on which businesses can build a fully integrated solution. It’s designed to make life better for people in small business, their advisors, and communities around the world. Xero minimises tedious admin by automating routine tasks, delivers valuable insights when needed, and brings together business data, trusted advisors, and powerful apps in one intuitive platform. By alleviating pain points, Xero empowers small business owners to supercharge their business, simplifying the complex and freeing up time from manual admin so they can focus on what really matters to build the business they’ve always envisaged.
Why Work With Us
We believe that by simplifying the complex we're not only making life better for small business, we’re helping to create a stronger, more vibrant economy. When you join this team, you’re impacting local communities, on a global scale. Being a Fast Co. Best Workplace for Innovators is a direct reflection of our creative, curious culture.
Gallery
Xero Teams
Xero Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Join us from home or at one of our beautiful workspaces. Xero has offices in Australia, New Zealand, United Kingdom, United States, Canada, Singapore, and South Africa.
