The role and it’s impact
You will play a vital role in the creation and successful execution of Application Security, taking a proactive approach to embedding security into our software development lifecycle.
Rather than acting as a blocker, you will ensure security is an enabler that allows teams to move fast while remaining secure. Working with engineering functions, you will design secure application infrastructure and frameworks that empower developers to plan, build, and deploy securely.
Your impact extends beyond technical implementation; you will provide mentorship to members of the team and foster a culture of security enablement and continuous learning. You will support engineering teams to 'shift security left' by integrating automated security testing and secure coding practices. Additionally, you will work closely with product and engineering teams to balance security requirements with productivity and business agility.
The team & how they connect
We prefer to be on the ground with developers rather than operating from an ivory tower!
We collaborate closely with engineering, DevOps, and product teams to build trust and ensure security is seamlessly integrated into the development process.
Initially, the role may focus on
Building proof of concepts and assessing the value of security tools to reduce toil and automate processes.
Collaborating with DevOps and engineering teams to build security guardrails that ensure frictionless security adoption.
Integrating automated security testing, secure coding practices, and DevSecOps methodologies to shift security left.
Utilising a tech stack that includes AWS, Python, Java, C#, Go, and various automated security testing tools such as SAST and DAST.
Where and how you can work
We offer a flexible and inclusive working environment that values progress over perfection and prioritises wellbeing. You will have the opportunity to work in a way that balances your home life with collaborative time in our offices, supporting our ethos of making work human.
Here are some of the things we are looking for
You possess solid technology fundamentals encompassing operating systems, cloud infrastructure (specifically AWS), and web applications.
Experience with automated security testing tools, including SAST, DAST, SCA, and IaC security scanning, is essential to your toolkit.
We value proficiency in programming and scripting languages such as Python, Java, C#, Go, or JavaScript.
You bring a passion for security automation and 'security-as-code' to improve efficiency and reduce manual toil.
Collaborating with engineering teams comes naturally to you, allowing you to influence security best practices without disrupting development velocity.
You have a background in coaching or mentoring, with a desire to make security accessible and empower engineers to write secure code.
Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.
Top Skills
Xero Hawthorn West, Victoria, AUS Office
Xero Melbourne (HQ) Office
Xero’s head office in Australia is in the buzzing suburb of Hawthorn, a stone’s throw from the CBD. Here, a diverse mix of Xeros work in both global and regional teams.
