Senior Security Network Engineer

Wellington Auckland
Permanent
Full-time

27 days ago

Our PurposeAt Xero, we're here to help you supercharge your business. We do this by automating routine tasks, surfacing actionable insights and connecting businesses with the right data, advisors and apps. When that happens, we're not only making life better for small business, we'll be building a stronger economy that can change the world.About the teamThe Corporate Network team is one of the Cyber Security Engineering pods responsible for delivering Xero's underlying network infrastructure for our beautiful offices, seamless communication and work from anywhere methodology.How you'll make an impactAs a Senior Security Network Engineer, you'll be hands-on solving problems in Xero's corporate environment with a focus on Firewalls, SASE, ZTNA, WiFi, LAN Switching and WAN. You'll become deeply familiar with the capabilities of our vendors to build and support modern and adaptable security services that will delight our customers. We run mission-critical infrastructure, and you'll build resilient and scalable networks. You can deliver robust network security solutions across both BAU and project-based initiatives in a fast-paced dynamic environment.Automation will be the standard for you, and you'll seek new and interesting ways to reduce our operational overheads. Most importantly, you'll be a team player and get to work with an awesome group of engineers in an amazing and unique working environment.What you'll do

Develop, implement and manage scalable, reliable and secure network architectures such as SASE, ZTNA, DLP, CASB, SWG and SD-WAN.
Assess, design and enforce security protocols to protect the network from potential threats and meet compliance requirements (SOC2 and ISO27001).
Automate security configurations and infrastructure-as-code (IaC) practices to reduce operational overhead and improve reliability.
Perform routine assessments and optimize network devices (firewall, switches, access points) to enhance performance and reliability.
Perform capacity planning and implement upgrades to accommodate future network growth.
Drive troubleshooting efforts and manage incident response to minimise downtime and disruptions to Xero's operations.
Ensure network documentation is up to date along with periodic reviewing of network configuration and analyzing performance reports.
Engage in stakeholder and relationship management, working closely with security, IT, work experience teams and associated vendors.
Apply a strong background in supporting high-availability network security for BAU operations and delivering solutions in project-driven environments.
Lead incident response efforts related to network security breaches, misconfigurations, and policy violations, ensuring minimal downtime and risk exposure.
Provide coaching and mentorship, helping teach small groups of engineers and contributing to Xero's shared knowledge base.
Participate in the 24/7 on-call roster as required.

Success looks like

SASE, ZTNA, and SD-WAN solutions are deployed and optimised for secure and scalable access.
Zero Trust principles are enforced across network access and segmentation.
Network security automation reduces operational overhead and improves response times.
Network security monitoring, logging, and alerting are fully operational, providing real-time insights into security posture.
Incident response times are minimised, with clear remediation processes and root cause analysis.
SOC2, ISO 27001, and compliance requirements are continuously met through automated controls.
Teams across Xero actively engage with network security best practices and understand their role in securing cloud-based connectivity.
Security is seen as an enabler rather than a blocker, allowing teams to innovate securely.
Security awareness and best practices are embedded into IT and network engineering workflows.
You are a proactive champion of agile and delivery practices who coaches and develops others in this space to ensure a consistent approach to ways of working.
You have a strong drive to work in a team-oriented and collaborative environment.
You have a passion for delivering high quality products to your customers.

What you'll bring with you

Strong engineering experience in network security, cloud-based security solutions, and Zero Trust architectures.
Experience with well known products in the field of VPN, Firewalls, Switches, Routers and Wireless Controllers and Access Points.
Experience using network tools and SD-WAN would be advantageous.
Deep understanding of network security compliance frameworks (SOC2, ISO 27001, NIST, CIS Benchmarks).
Excellent grasp of modern software delivery practices and life cycle.
Strong stakeholder management skills, with the ability to influence without authority and align security priorities with business needs.
Proficiency in scripting and automation (Python, Terraform, or other infrastructure-as-code tools).
Ability to design secure, scalable, and resilient network architectures in a fast-paced environment.
Strong incident response and troubleshooting skills, ensuring rapid recovery and remediation of network security threats.
A growth mindset, continuously learning and adapting to emerging network security threats and technologies.
Experience working in high-availability network security environments, balancing BAU operations with project-driven security initiatives.
Strong understanding of network and system administration security.

Why Xero?Offering very generous paid leave to use however you'd like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, free medical insurance, wellbeing and sports programmes, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices, flexible working, career development, and many other benefits that reflect our human value, you'll do the best work of your life at Xero.

Xero

Apply Now