Lead Security Engineer (Application Security & Vulnerability Management)
Join to apply for the Lead Security Engineer (Application Security & Vulnerability Management) role at Xero.
Role and Impact
As a seasoned Lead Engineer/Tech Lead, you will be an acknowledged authority on application security & vulnerability management, solving engineering problems beyond your own team and influencing others to make changes. This role will act as a technical, hands‐on leader, driving the implementation of secure software development practices across the organisation. You will play a pivotal role in embedding security into our software development lifecycle, ensuring vulnerabilities are identified, prioritised, and remediated efficiently. By advocating for secure‐by‐design principles, you will help shift from reactive remediation to proactive prevention.
Team & Collaboration
You will work across multiple teams, acting as a trusted advisor on complex security challenges and championing secure engineering enablement. Collaborating closely with engineering, platform, and cloud teams, you will foster a culture where security is a shared responsibility rather than a blocker.
Key Responsibilities
* Embedding automated security testing (SAST, DAST, SCA) and runtime tools into CI/CD pipelines to drive shift‐left security.
* Developing and refining automated vulnerability detection processes using our tech stack which includes AWS, GCP, and Terraform.
* Leading threat modeling exercises to proactively assess and mitigate risks before deployment.
* Supporting software development with a security focus, utilising languages such as .NET, Python, Java, or JavaScript.
Working Location and Flexibility
Our team is split across Australia & New Zealand; this role can be based anywhere on the East Coast of Australia. We champion a diverse and inclusive working environment and offer flexible working arrangements that allow you to balance your work and personal life. Whether you prefer working from home, in our beautiful offices, or a mix of both, we support the way you work best.
What We're Looking For
* You bring deep expertise in Application Security and Vulnerability Management, specifically within cloud‐native applications and modern architectures.
* A strong understanding of DevSecOps practices is essential, particularly regarding automated security testing and container security.
* You are comfortable influencing without authority, aligning security priorities with business needs while collaborating across engineering teams.
* Experience driving vulnerability management programs, including risk assessment and remediation strategies, will be key to your success.
* You possess a solid grasp of modern software delivery practices and can code in languages like .NET, Python, Java, or JavaScript.
* Passionate about developer enablement, you thrive on making security accessible and empowering engineers to write secure code.
Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.
Seniority level: Mid‐Senior level
Employment type: Full‐time
Job function: Information Technology • Industries: Software Development
#J-18808-Ljbffr