Lead the Vulnerability Management team, ensuring effective processes for identifying and remediating vulnerabilities across systems, while fostering a collaborative culture and embedding security throughout the software development lifecycle.
Our Purpose
At Xero, we’re here to help you supercharge your business. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we’re not only making life better for small business, we’ll be building a stronger economy that can change the world.
About the role
This role will be responsible for leading a team focused on the identification, triage, and remediation of vulnerabilities across Xero’s systems and platforms.
As an expert in this space, you’ll ensure vulnerability management processes are integrated, automated, scalable, and risk-informed, reducing exposure while enabling teams to move fast and ship securely. As a dedicated and proven people leader, you'll foster a high-performing, collaborative culture that empowers your team and partner teams to own security outcomes. We're looking for somebody with a passion for developer enablement, making security accessible and empowering engineers to write secure code.
Your work will directly influence Xero’s security posture, operational resilience, and ability to respond swiftly and confidently to evolving threats.
As a engineering leader at Xero we expect you to come with high EQ, being self-aware, self-regulated, motivated and empathetic, with great interpersonal skills. You'll lead and live our vision and values – building and fostering an inclusive and positive team culture.
What you'll do
- Lead and grow a high-performing team by coaching, mentoring, and connecting their work directly to Xero's strategic goals; ensuring alignment with Xero’s security engineering and risk management strategy.
- Support the complete vulnerability management process, including discovery, risk assessment, triage, remediation coordination, and reporting. Ultimately building scalable and automated processes for vulnerability scanning and detection across infrastructure, cloud environments, and applications.
- Partner with various other teams across security, engineering, platform, and product; ensuring timely and effective remediation and removing of roadblocks, embedding security throughout Xero's software development lifecycle.
- Drive risk-based prioritisation of vulnerabilities using contextual threat intelligence, asset criticality, and exploitability data.
- Evaluate and integrate security tooling such as vulnerability scanners, container/image security tools, infrastructure-as-code scanning, and runtime security platforms.
- Implement metrics and dashboards that provide real-time visibility of security posture, vulnerability trends, and remediation progress. Continuously improve team processes to reduce response time, improve consistency, and align with evolving threats and compliance obligations.
What you'll bring with you
- People leadership, demonstrating honesty and integrity. Proven track record of leading teams to deliver high-quality engineering initiatives in a fast-paced environment, leveraging lean-agile techniques, while managing competing priorities and ensuring alignment with strategic goals.
- Coaching and mentoring; utilising software delivery, technical experience and expertise, offering the right knowledge, at the right time in the right way – understanding why and how people learn.
- Strong domain expertise in vulnerability management. Ideally operating or leading a vulnerability management program at scale, in a cloud-native or SaaS environment; understanding of vulnerability types (CVE/CWE), risk prioritisation (e.g., CVSS, EPSS), and remediation strategies.
- Strong stakeholder management skills, with the ability to influence without authority and align security priorities with business needs.
- Familiarity with security tooling such as Qualys, Tenable, Wiz, or similar; and integration into CI/CD and DevOps workflows.
- Hands-on experience with infrastructure, cloud platforms (e.g., AWS, GCP), containerisation, and related security concerns.
Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single competency or experience . If you are excited about this role, but your past experience doesn't align perfectly, we encourage you to apply anyway. You could be just the right person for this role and Xero. If you have any support or access requirements, we encourage you to advise us at time of application and throughout the interview process.
Why Xero?
Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family. Health insurance, life insurance, and income protection.
We offer wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value.
You’ll do the best work of your life at Xero!
Top Skills
AWS
GCP
Qualys
Tenable
Wiz
Xero Sydney, New South Wales, AUS Office
Our office is in the heart of the Sydney CBD with views of the Sydney Harbour Bridge. We're just over by Wynyard Park so it's easy to get to.
Similar Jobs at Xero
Cloud • Fintech • Information Technology • Machine Learning • Software
Lead teams focused on Security Governance and Data Protection, implementing DLP controls, automation for compliance, and managing identity governance within cloud security architecture.
Top Skills:
AWSDlpGCPIsoSaseSoc2
Cloud • Fintech • Information Technology • Machine Learning • Software
As a Senior Security Engineer, you'll enhance security in software development by implementing secure coding, automated testing, and collaborating with cross-functional teams. You'll ensure efficient security practices and awareness while integrating security controls into CI/CD pipelines.
Top Skills:
DastGithub ActionsGitlab CiGoIacJavaJavaScriptJenkinsPythonSastSca
Cloud • Fintech • Information Technology • Machine Learning • Software
As a Senior Security Network Engineer, you'll manage network security, automate protocols, ensure compliance, optimize network performance, and mentor engineers.
Top Skills:
FirewallsLan SwitchingPythonSaseSd-WanTerraformVpnWanWifiZtna
What you need to know about the Sydney Tech Scene
From opera to comedy shows, the Sydney Opera House hosts more than 1,600 performances a year, yet its entertainment sector isn't the only one taking center stage. The city's tech sector has earned a reputation as one of the fastest-growing in the region. More specifically, its IT sector stands out as the country's third-largest, growing at twice the rate of overall employment in the past decade as businesses continue to digitize their operations to stay competitive.
