Search 
jobs
Explore 
companies
My job alerts

Intermediate Security Engineer (Application Security)

Xero

Xero

Marketing & Communications
Wellington, New Zealand
Posted on Dec 12, 2025
Apply now

The Role

The role and it’s impact

Sitting within a newly formed Application Security team, this role will focus on secure software development, DevSecOps, security automation, and vulnerability management.

We're looking for somebody with a passion for security automation and security-as-code, who can leverage tools to improve efficiency. Coupled with a growth mindset, continuously learning and adapting to emerging threats and security trends.

This position will play a key role in securing Xero’s software development lifecycle (SDLC), ensuring that security is embedded into engineering workflows while enabling teams to deliver secure products at scale.

The team & how they connect

You will join the Application Security team, a group dedicated to advancing DevSecOps and secure software delivery. Working cross-functionally with engineering, product, and platform teams, you will champion a culture where security is automated, collaborative, and widely understood across the business.

The team is currently working on

  • Integrating automated testing tools (SAST, DAST, SCA) into CI/CD pipelines to identify vulnerabilities early.

  • Building and managing security automation tools that fit effortlessly into existing developer workflows.

  • Collaborating with platform teams to secure APIs, cloud infrastructure, and serverless architectures.

  • Driving "shift-left" initiatives by supporting teams with threat modelling and secure coding guidance.

Where and how you can work

Our team is based in New Zealand & Australia, this role can be based anywhere in New Zealand with a preference for either Wellington or Auckland.

We support flexible working arrangements that balance the needs of the individual with the needs of the business. You will have the ability to work in a hybrid capacity, connecting with your peers in our offices to foster collaboration while maintaining the autonomy to work remotely.

Here are some of the things we are looking for, for this role

  • Hands-on experience with automated security testing tools, such as SAST, DAST, and IaC scanning.

  • Proficiency in scripting or programming languages like Python, Java, Go, or JavaScript.

  • A solid background in securing APIs, microservices, and cloud-native or serverless architectures.

  • The ability to collaborate effectively with engineering teams, influencing best practices without slowing down development.

  • A genuine passion for security automation and "security-as-code" principles.

  • Experience with DevSecOps practices and integrating controls into pipelines like Jenkins or GitHub Actions.

Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.

Apply now
See more open positions at Xero
Privacy policyCookie policy