Security Engineer - GCP

Our Purpose 

At Xero, we’re here to help you supercharge your business. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we’re not only making life better for small business, we’ll be building a stronger economy that can change the world.

We are looking for a SOC Security Engineer based in Perth WA to join our Security Engineering function at Xero. This role requires overlap with both UK and ANZ timezones as you will be part of a cross-regional team.

About the team

The Defence pod at Xero is a Detection and Software Engineering team within Security Operations. This team’s primary focus is to strengthen and enhance threat detection and improve security automation. The team manages tools such as SOAR, SIEM, and EDR, along with a variety of custom-built tools, primarily in Python.

The Defence pod works with our internal Security Response team and their analysts. It plays a key role in ensuring that detection tools are maintained, highly available, and adhere to strong engineering standards. Experience in cloud technologies (Primarily AWS but others as well) will be desired.

This role requires a range of technical skills, the ability to adapt to new situations and technologies, and strong teamwork.

About the role

A day in the life of a Detection Engineer is dynamic and mission-critical, focused on maintaining and improving the organization’s ability to detect and respond to threats.

The engineering work of a Detection Engineer revolves around designing and implementing systems and solutions that empower the Security Operations Center (SOC) to identify and mitigate threats effectively. Detection Engineers act as the technical architects of the SOC, leveraging coding, automation, and deep knowledge of security technologies.

This role requires a balance of technical expertise, curiosity, and adaptability, as Detection Engineers continuously refine capabilities to outpace adversaries and strengthen organizational defences.

What you'll do

• Developing Detection Logic: Crafting advanced queries, rules, and signatures for platforms like the SIEM to detect anomalous or malicious activity.
• Data Pipeline Management: Ensuring log sources are ingested, normalized, and enriched for maximum visibility, maintaining the integrity and performance of data pipelines.
• Automation and Scripting: Building tools and scripts to automate repetitive tasks, create custom detection mechanisms, and integrate platforms for streamlined workflows.
• Prototyping and Innovation: Experimenting with new technologies, techniques, and machine learning models to advance detection capabilities.
• Continuous Improvement: Iteratively refining detection logic based on attack simulations and post-incident reviews to address gaps and improve resilience.
• Threat Research and Intelligence: Staying updated on the latest threat actor tactics, techniques, and procedures (TTPs) and incorporating them into detection strategies.
• Incident Support: Collaborating with response teams during investigations by providing insights, creating custom queries, or adjusting detections in real time.
• Tool Development and Automation: Building scripts, dashboards, and playbooks to streamline and enhance detection and investigation processes.

What you'll bring

• Relevant engineering experience building and deploying solutions in a production environment on Google Cloud Platform (GCP)
• Experience with Python
• Experience with SOAR tools
• Understanding of Security Operations Centre (SOC)

Why Xero? 

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, health insurance, life insurance, and income protection, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.