Similar Jobs at Xero
The role and it’s impact
Sitting within a newly formed Application Security team, this role will focus on secure software development, DevSecOps, security automation, and vulnerability management.
We're looking for somebody with a passion for security automation and security-as-code, who can leverage tools to improve efficiency. Coupled with a growth mindset, continuously learning and adapting to emerging threats and security trends.
This position will play a key role in securing Xero’s software development lifecycle (SDLC), ensuring that security is embedded into engineering workflows while enabling teams to deliver secure products at scale.
The team & how they connect
You will join the Application Security team, a group dedicated to advancing DevSecOps and secure software delivery. Working cross-functionally with engineering, product, and platform teams, you will champion a culture where security is automated, collaborative, and widely understood across the business.
The team is currently working on
Integrating automated testing tools (SAST, DAST, SCA) into CI/CD pipelines to identify vulnerabilities early.
Building and managing security automation tools that fit effortlessly into existing developer workflows.
Collaborating with platform teams to secure APIs, cloud infrastructure, and serverless architectures.
Driving "shift-left" initiatives by supporting teams with threat modelling and secure coding guidance.
Where and how you can work
Our team is based in New Zealand & Australia, this role can be based anywhere in New Zealand with a preference for either Wellington or Auckland.
We support flexible working arrangements that balance the needs of the individual with the needs of the business. You will have the ability to work in a hybrid capacity, connecting with your peers in our offices to foster collaboration while maintaining the autonomy to work remotely.
Here are some of the things we are looking for, for this role
Hands-on experience with automated security testing tools, such as SAST, DAST, and IaC scanning.
Proficiency in scripting or programming languages like Python, Java, Go, or JavaScript.
A solid background in securing APIs, microservices, and cloud-native or serverless architectures.
The ability to collaborate effectively with engineering teams, influencing best practices without slowing down development.
A genuine passion for security automation and "security-as-code" principles.
Experience with DevSecOps practices and integrating controls into pipelines like Jenkins or GitHub Actions.
Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.
What you need to know about the Los Angeles Tech Scene
Key Facts About Los Angeles Tech
- Number of Tech Workers: 375,800; 5.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Snap, Netflix, SpaceX, Disney, Google
- Key Industries: Artificial intelligence, adtech, media, software, game development
- Funding Landscape: $11.6 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Strong Ventures, Fifth Wall, Upfront Ventures, Mucker Capital, Kittyhawk Ventures
- Research Centers and Universities: California Institute of Technology, UCLA, University of Southern California, UC Irvine, Pepperdine, California Institute for Immunology and Immunotherapy, Center for Quantum Science and Engineering
