Lead Security Operations Analyst

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

**About the role**

As the Lead Security Operations Analyst you will work with internal Xero teams and 3rd party security service providers to monitor, detect and respond to events impacting the security of Xero and its customers.

You'll be expected to take a leading role in the Security Operations team from a technical perspective; demonstrating an EQ-driven approach in collaborating with and communicating and delivering to stakeholders across Xero.

As part of a 24 x 7 Security Operations capability, you will lead the triaging & investigation of alerts received from the SIEM and other sources. This will involve working with CX and Legal counterparts to ensure we communicate to regulatory authorities and customers in a timely manner; documenting standards and defining requirements and working with the other security teams to ensure these operational security standards are communicated and met across Xero.

You will take ownership of invoking and managing the Security Incident Response Plan, performing root cause analysis and recommend security improvements.

Whilst we don't need you have to used all the tools we do, we hope you have exposure to some of the following:

- Using a SIEM toolset to monitor alerts. E.g. Sumo logic, Splunk, Microsoft Sentinel, ELK stack. Ideally, you would be versed in understanding and contributing to detection logic that sits behind the SIEM tool.
- Using a SOAR function to perform automatic response and remediation actions within the SIEM.
- Using the AWS platform from a security detection and response perspective, e.g. reviewing CloudTrail logs, investigating anomalies in AWS accounts, reviewing GuardDuty alerts.
- Investigating alerts from an Endpoint Detection and Response (EDR) toolset e.g. Crowdstrike Falcon, Microsoft Defender for Endpoint, SentinelOne.
- Leading security incidents as an incident manager, and directing detection, containment, eradication, and recovery efforts.
- Performing windows and linux forensics in a cloud environment. Threat hunting and cyber threat intelligence would also be ideal.

**What you'll do**:

- Define requirements to automate and continuously improve the efficiency of threat detection, alerting and response.
- Exploit security tools to continuously improve the detection, prevention and analysis of security incidents.
- Keep informed as to emerging security threats that have the potential to impact Xero and implement/recommend mitigating strategies. Utilise available threat intelligence sources to inform and improve attack detection techniques.
- Ensure the analyst team develops and maintains security operations playbooks and runbooks in support of the Security Incident Response Plan.
- Coach and mentor members of the security operations team to increase the technical efficacy of the team
- Assist the people leader with people-focused tasks including recruitment, training and development.
- Mentor pod team members from other disciplines about security operations and raise awareness of security and operational concerns as a key consideration of product development.
- Have a influential role in the development of the SOC design and how the tools and resourcing requirements to achieve this might be established
- Be actively engaged with the Product Owner to shape and develop the roadmap for Defense and Response Pods

**What you'll bring**:

- Previous experience in a role within the Information Security Practice
- Extensive experience in security operations.
- Proven experience in developing and maintaining a highly motivated team of individuals.
- Been recognised as a technical lead or the senior contributor in your team.
- Strong coordination and incident management skills.
- Excellent stakeholder management.
- Fast learner, detail oriented, decisive, and enjoys fast paced work environment.

**Why Xero?**

At Xero we support many types of flexible working arrangements that allow you to balance your work, your life and your passions. We offer a great remuneration package including shares plus a range of leave options to suit your well-being. Our work environment encourages continuous improvement and career development and you’ll get to work with the latest technology.

Our collaborative and inclusive culture is one we’re immensely proud of. We know that a diverse workforce is a strength that enables businesses, including ours, to