Engineering Lead - Vulnerability Management

The role and it’s impact

As the Engineering Lead for Vulnerability Management, you will be responsible for leading a team focused on the identification, triage, and remediation of vulnerabilities across Xero's systems and platform. You will ensure vulnerability management processes are integrated, automated, and risk-informed, reducing exposure while enabling teams to move fast and ship securely.

Your work will directly influence Xero's security posture and operational resilience, allowing us to respond swiftly and confidently to evolving threats. You will foster a high-performing, collaborative culture that empowers your team and partner teams to own security outcomes.

As an engineering leader at Xero we expect you to come with high EQ, being self-aware, self-regulated, motivated and empathetic, with great interpersonal skills. You'll lead and live our vision and values – building and fostering an inclusive and positive team culture.

The team & how they connect

You will lead the Vulnerability Management team, ensuring alignment with our security engineering and risk management strategy. This involves partnering closely with the Security Product Team and broader engineering groups to embed security throughout the software development lifecycle. The team collaborates proactively across the organisation to break down silos and champion shared security ownership.

The team is currently working on

• Building scalable, automated processes for vulnerability scanning and detection across infrastructure, cloud environments, and applications.
  

• Evaluating and integrating security tooling such as Qualys, Tenable, or Wiz into CI/CD pipelines and runtime environments.
  

• Driving risk-based prioritisation of vulnerabilities using contextual threat intelligence, asset criticality, and exploitability data.
  

• Implementing metrics and dashboards that provide real-time visibility of security posture and remediation trends.
  

Where and how you can work

Our team is based in Australia & New Zealand, with the majority of people working from Wellington (NZ). This role can be based anywhere on the East Coast of Australia, with a preference for Melbourne or Sydney.

We support flexible working arrangements that balance the needs of the individual with the needs of the business. You will have the ability to work in a hybrid capacity, connecting with your peers in our offices to foster collaboration while maintaining the autonomy to work remotely.

Here are some of the things we are looking for

• You bring strong domain expertise in vulnerability management, detection engineering, or security operations.
  

• Your background includes leading teams to deliver high-quality engineering initiatives using lean-agile techniques.
  

• You possess a good understanding of vulnerability types (CVE/CWE) and risk prioritisation frameworks like CVSS or EPSS.
  

• Hands-on experience with cloud platforms such as AWS or GCP and containerisation is essential to your technical toolkit.
  

• You are comfortable integrating security tools into CI/CD and DevOps workflows.
  

• A passion for coaching and mentoring defines your leadership style, helping others grow their technical expertise.
  

Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.