HOW YOU’LL MAKE AN IMPACT

As the Team Lead - Application Security, you will be responsible for establishing and leading two specialised AppSec teams: Application Security Consulting and Application Security Engineering and. Your role is pivotal in creating and driving the successful execution of Application Security in Xero. You will own the delivery of the AppSec roadmap. You will ensure a proactive approach to embedding security into Xero’s software development lifecycle (SDLC). You will create an environment where your teams can perform at their best, predictably and sustainably, by fostering a strong secure-by-design/ secure-by-default culture and empowering Xero’s engineers to ship secure code at scale. Your work will directly impact reducing software security risks and improving the overall security posture of Xero’s internally developed applications.
You will create an environment where your teams can perform at their best, predictably and sustainably, by fostering a strong secure-by-design/secure-by-default culture and empowering Xero’s engineers to ship secure code at scale. Your work will directly impact reducing software security risks and improving the overall security posture of Xero’s internally developed applications.

OUR PURPOSE

At Xero, we’re here to help you supercharge your business. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we’re not only making life better for small business, we’ll be building a stronger economy that can change the world.

WHAT YOU’LL DO

• 
  
  
  
• Build and lead the Application Security Engineering and Application Security Consulting teams, ensuring alignment with Xero’s security and engineering strategy.

• Develop and execute the Application Security roadmap in partnership with the Security Product team, embedding security best practices throughout Xero’s software development lifecycle, from architecture and design to testing and deployment.
• Drive the implementation and maintenance of security tools and technologies, and automate security processes within CI/CD pipelines through the AppSec Engineering team.
• Oversee the AppSec Engineering team in conducting security testing and vulnerability assessments focused on internally developed applications.
• Guide the AppSec Consulting team in the design of secure application infrastructure, the development of security frameworks and best practices, and collaboration with development teams on secure design patterns.
• Partner with engineering teams to shift security left, integrating automated security testing, secure coding practices, and DevSecOps methodologies.
• Provide technical oversight and mentorship, ensuring application security risks are well-understood, prioritised, and mitigated effectively.
• Work closely with product and engineering teams to balance application security requirements with developer productivity and business agility.
• Collaborate with the Sec-Education team to provide regular workshops and training on application security matters, enhancing understanding of application risks for relevant employees.
• As required, lead, develop, and grow high-performing AppSec Engineering and AppSec Consulting teams by providing coaching, mentorship, and setting a clear direction by connecting their work to the Technology and Xero’s strategic objectives.
• Foster a culture of security enablement, where developers and engineers feel supported in building secure products.
• Collaborate closely with security, engineering, and product teams to embed security at every stage of the development process.
• Champion continuous improvement, leveraging industry best practices and emerging trends to refine application security approaches.
• Promote a culture of psychological safety and inclusion, ensuring all team members feel empowered to contribute and raise concerns.