https://cdn.builtin.com/cdn-cgi/image/f=auto,fit=scale-down,w=200,h=200/sites/www.builtin.com/files/2021-06/Xero%20lOGO.png Logo

Xero

Senior Security Engineer (AppSec)

Posted 20 Days Ago
Be an Early Applicant
2 Locations
Hybrid
Senior level
Cloud • Fintech • Information Technology • Machine Learning • Software
At Xero, we’re here to help you supercharge your business.
The Role
The role focuses on secure software development and DevSecOps, emphasizing security automation, vulnerability management, and collaboration with engineering and product teams to enhance secure coding practices.
Summary Generated by Built In
Our Purpose 
At Xero, we’re here to help supercharge small businesses. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we’re not only making life better for small business, we’ll be building a stronger economy that can change the world.

About the role

Sitting within a newly formed Application Security team, this role will focus on secure software development, DevSecOps, security automation, and vulnerability management.

Day to day, you'll work cross-functionally with engineering, product, and security teams to build and improve security tooling, secure coding practices, and automated security controls that empower developers to plan, write, test, and deploy secure applications efficiently.

We're looking for somebody with a passion for security automation and security-as-code, who can leverage tools to improve efficiency. Coupled with a growth mindset, continuously learning and adapting to emerging threats and security trends.

This position will play a key role in securing Xero’s software development lifecycle (SDLC), ensuring that security is embedded into engineering workflows while enabling teams to deliver secure products at scale.

What you'll do

  • Develop and implement secure coding practices, working closely with engineers to uplift security awareness and adoption
  • Integrate automated security testing (SAST, DAST, SCA, IaC scanning) and security policy enforcement into CI/CD pipelines to identify vulnerabilities early.
  • Work with DevOps and engineering teams to build security guardrails, ensuring frictionless security adoption; driving a "shift-left" security mindset by enabling teams with secure coding guidance, tooling, and risk-based security testing.
  • Assist engineering teams in threat modeling to proactively identify and mitigate security risks in software designs. Ultimately looking to improve visibility and reporting of application security risks, helping teams understand and measure their security posture.
  • Build and manage security automation tools, integrating them into existing developer workflows; contribute to DevSecOps initiatives, ensuring security controls are scalable, efficient, and developer-friendly.
  • Participate in cross-functional security initiatives, working on security improvements that impact multiple teams. Continuously evaluate and improve security tools, scanning coverage, and security-as-code implementations.

What you'll bring with you

  • Extensive experience in Application Security, Secure Software Development, and DevSecOps practices.
  • Hands-on experience with automated security testing tools, including SAST, DAST, SCA, and IaC security scanning.
  • Proficiency in programming and scripting languages (Python, Java, Go, JavaScript, or similar); coupled with a strong understanding of secure coding principles, OWASP Top 10, SANS CWE, and software security best practices.
  • Hands-on experience securing APIs, microservices, cloud-native applications, and serverless architectures
  • Experience integrating security controls into CI/CD pipelines (Jenkins, GitHub Actions, GitLab CI, or similar).
  • Solid background in vulnerability management, risk assessment, and application security triage; including incident response, investigating and mitigating application security breaches.


Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single competency or experience . If you are excited about this role, but your past experience doesn't align perfectly, we encourage you to apply anyway. You could be just the right person for this role and Xero. If you have any support or access requirements, we encourage you to advise us at time of application and throughout the interview process.

Why Xero? 
Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, free medical insurance, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.

Top Skills

Dast
Github Actions
Gitlab Ci
Go
Iac
Java
JavaScript
Jenkins
Python
Sast
Sca

What the Team is Saying

Rose
Sophia
View all jobs at Xero
View Xero Profile
Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Wellington
4,500 Employees
Year Founded: 2006

What We Do

Xero is small business accounting software that provides a platform on which businesses can build a fully integrated solution. It’s designed to make life better for people in small business, their advisors, and communities around the world. Xero minimises tedious admin by automating routine tasks, delivers valuable insights when needed, and brings together business data, trusted advisors, and powerful apps in one intuitive platform. By alleviating pain points, Xero empowers small business owners to supercharge their business, simplifying the complex and freeing up time from manual admin so they can focus on what really matters to build the business they’ve always envisaged.

Why Work With Us

We believe that by simplifying the complex we're not only making life better for small business, we’re helping to create a stronger, more vibrant economy. When you join this team, you’re impacting local communities, on a global scale.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Xero Teams

Learn More

Xero Offices

Learn More

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Join us from home or at one of our beautiful workspaces. Xero has offices in Australia, New Zealand, United Kingdom, United States, Canada, Singapore, and South Africa.

Typical time on-site: Flexible
Company Office Image
HQWellington, NZ
Singapore
Auckland, NZ
Brisbane
Calgary
Denver, CO
Melbourne (HQ)
London, GB
Napier, NZ
New York, NY
Company Office Image
San Mateo, CA
Sydney, NSW
Toronto, Ontario
Learn more

Similar Jobs

Xero Logo Xero

Team Lead

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
Auckland, NZL

Xero Logo Xero

Lead Engineer

Cloud • Fintech • Information Technology • Machine Learning • Software
Remote or Hybrid
3 Locations

Xero Logo Xero

GM Group Accounting

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
3 Locations

Xero Logo Xero

Global Design and Construction Lead

Cloud • Fintech • Information Technology • Machine Learning • Software
Hybrid
2 Locations
View all jobs at Xero
View Xero Profile

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account