HOW YOU’LL MAKE AN IMPACT

As the Team Lead – Vulnerability Management, you will be responsible for leading a team focused on the identification, triage, and remediation of vulnerabilities across Xero’s systems and platforms. You’ll ensure vulnerability management processes are integrated, automated, scalable, and risk-informed, reducing exposure while enabling teams to move fast and ship securely. You will foster a high-performing, collaborative culture that empowers your team and partner teams to own security outcomes. Your work will directly influence Xero’s security posture, operational resilience, and ability to respond swiftly and confidently to evolving threats.

OUR PURPOSE

At Xero, we’re here to help you supercharge your business. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we’re not only making life better for small business, we’ll be building a stronger economy that can change the world.

WHAT YOU’LL DO

• 
  
  
  
• Lead the Vulnerability Management team, ensuring alignment with Xero’s security engineering and risk management strategy.

• Partner with the Security Product Team to develop and deliver the team roadmap, embedding security throughout Xero’s software development lifecycle.
• Support the complete vulnerability management process, including discovery, risk assessment, triage, remediation coordination, and reporting.
• Build scalable, automated processes for vulnerability scanning and detection across infrastructure, cloud environments, and applications.
• Drive risk-based prioritisation of vulnerabilities using contextual threat intelligence, asset criticality, and exploitability data.
• Partner with engineering, platform, and product teams to ensure timely and effective remediation, removing roadblocks and supporting decision-making.
• Implement metrics and dashboards that provide real-time visibility of security posture, vulnerability trends, and remediation progress.
• Evaluate and integrate security tooling such as vulnerability scanners, container/image security tools, infrastructure-as-code scanning, and runtime security platforms.
• Continuously improve team processes to reduce response time, improve consistency, and align with evolving threats and compliance obligations.
• Lead and grow a high-performing team by coaching, mentoring, and connecting their work directly to Xero’s strategic goals.
• Provide clarity of direction and individual growth by supporting goal setting and development opportunities.
• Champion a culture of shared responsibility for security across the broader engineering organisation.
• Empower your team to operate with autonomy, make decisions, and take ownership of their work.
• Act as a role model for values-led leadership, promoting Xero’s values in every aspect of work.
• Collaborate closely with leaders across Security, Engineering, and Platform to strengthen alignment, ways of working, and delivery rhythm.