Engineering Security Manager

This is a Team Lead role that oversees the identification, triage, and remediation of vulnerabilities across systems and platforms.

The successful candidate will lead a team to integrate, automate, scale, and risk-inform vulnerability management processes, reducing exposure while enabling teams to move fast and ship securely. As a dedicated people leader, they'll foster a high-performing, collaborative culture that empowers their team and partner teams to own security outcomes, with a passion for developer enablement and helping engineers write secure code.

The ideal candidate will bring high emotional intelligence, be self-aware and self-regulated, motivated and empathetic, with strong interpersonal skills. They'll lead and live our vision and values—building an inclusive and positive team culture.

• Lead and grow a high-performing team by coaching, mentoring, and aligning their work with Xero's security engineering and risk management strategy.
• Support the complete vulnerability management process, including discovery, risk assessment, triage, remediation coordination, and reporting; build scalable and automated processes for vulnerability scanning and detection across infrastructure, cloud environments, and applications.
• Partner with security, engineering, platform, and product teams to ensure timely remediation and remove roadblocks, embedding security throughout Xero's software development lifecycle.
• Drive risk-based prioritisation of vulnerabilities using contextual threat intelligence, asset criticality, and exploitability data.
• Evaluate and integrate security tooling such as vulnerability scanners, container/image security tools, infrastructure-as-code scanning, and runtime security platforms.
• Implement metrics and dashboards that provide real-time visibility of security posture, vulnerability trends, and remediation progress; continuously improve team processes to reduce response time and align with evolving threats and compliance obligations.

• People leadership with honesty and integrity. Proven track record of leading teams to deliver high-quality engineering initiatives in a fast-paced environment, leveraging lean-agile techniques while managing competing priorities and aligning with strategic goals.
• Coaching and mentoring; applying software delivery experience to offer knowledge at the right time in the right way, understanding why and how people learn.
• Strong domain expertise in vulnerability management, ideally at scale in a cloud-native or SaaS environment; understanding of vulnerability types (CVE/CWE), risk prioritisation (e.g., CVSS, EPSS), and remediation strategies.
• Strong stakeholder management skills with the ability to influence without authority and align security priorities with business needs.
• Familiarity with security tooling such as Qualys, Tenable, Wiz, or similar; and integration into CI/CD and DevOps workflows.
• Hands-on experience with infrastructure, cloud platforms (e.g., AWS, GCP), containerisation, and related security concerns.

We offer generous paid leave, dedicated paid leave for wellbeing, and an Employee Assistance Program to access mental health care for you and your family. Health insurance, life insurance, and income protection are provided. We offer wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, flexible working, career development, and other benefits that reflect our human value.

You'll do the best work of your life here.

• Not Applicable

• Full-time

• Information Technology
• Industries: Software Development