Security Engineer

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

We are looking for a SOC Security Engineer based in Perth WA to join our Security Engineering function at Xero. This role requires overlap with both UK and ANZ timezones as you will be part of a cross-regional team.

**About the team**

The Defence pod at Xero is a Detection and Software Engineering team within Security Operations. This team’s primary focus is to strengthen and enhance threat detection and improve security automation. The team manages tools such as SOAR, SIEM, and EDR, along with a variety of custom-built tools, primarily in Python.

The Defence pod works with our internal Security Response team and their analysts. It plays a key role in ensuring that detection tools are maintained, highly available, and adhere to strong engineering standards. Experience in cloud technologies (Primarily AWS but others as well) will be desired.

This role requires a range of technical skills, the ability to adapt to new situations and technologies, and strong teamwork.

**About the role**

A day in the life of a Detection Engineer is dynamic and mission-critical, focused on maintaining and improving the organization’s ability to detect and respond to threats.

The engineering work of a Detection Engineer revolves around designing and implementing systems and solutions that empower the Security Operations Center (SOC) to identify and mitigate threats effectively. Detection Engineers act as the technical architects of the SOC, leveraging coding, automation, and deep knowledge of security technologies.

This role requires a balance of technical expertise, curiosity, and adaptability, as Detection Engineers continuously refine capabilities to outpace adversaries and strengthen organizational defences.

**What you'll do**:
- Developing Detection Logic: Crafting advanced queries, rules, and signatures for platforms like the SIEM to detect anomalous or malicious activity.
- Data Pipeline Management: Ensuring log sources are ingested, normalized, and enriched for maximum visibility, maintaining the integrity and performance of data pipelines.
- Automation and Scripting: Building tools and scripts to automate repetitive tasks, create custom detection mechanisms, and integrate platforms for streamlined workflows.
- Prototyping and Innovation: Experimenting with new technologies, techniques, and machine learning models to advance detection capabilities.
- Continuous Improvement: Iteratively refining detection logic based on attack simulations and post-incident reviews to address gaps and improve resilience.
- Threat Research and Intelligence: Staying updated on the latest threat actor tactics, techniques, and procedures (TTPs) and incorporating them into detection strategies.
- Incident Support: Collaborating with response teams during investigations by providing insights, creating custom queries, or adjusting detections in real time.
- Tool Development and Automation: Building scripts, dashboards, and playbooks to streamline and enhance detection and investigation processes.

**What you'll bring with you**:
- Relevant engineering experience building and deploying solutions in a production environment on Google Cloud Platform (GCP)
- Experience with Python
- Experience with SOAR tools
- Understanding of Security Operations Centre (SOC)

**Please note**:
We will be observing a holiday shutdown period, during which there may be delays in our recruitment process, including responses and updates. We’ll resume full operations in the week commencing 13th January. Thank you for your patience and understanding.

**Why Xero?**

Offering very generous paid leave to use however you’d like (plus statutory holidays), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, health insurance, life insurance, and income protection, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.