Security Engineer - GCP

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive. 

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

We are looking for a SOC Security Engineer based in Singapore to join our Security Engineering function at Xero. This role requires overlap with both South Africa and ANZ timezones as you will be part of a cross-regional team.

About the team

The Defence pod at Xero is a Detection and Software Engineering team within Security Operations. This team’s primary focus is to strengthen and enhance threat detection and improve security automation. The team manages tools such as SOAR, SIEM, and EDR, along with a variety of custom-built tools, primarily in Python.

About the role

The Defence pod works with our internal Security Response team and their analysts. It plays a key role in ensuring that detection tools are maintained, highly available, and adhere to strong engineering standards. Experience in cloud technologies (GCP specifically along with AWS and others) will be required.

This role requires a range of technical skills, the ability to adapt to new situations and technologies, and strong teamwork. 

What you'll do

• Developing Detection Logic: Crafting advanced queries, rules, and signatures for platforms like the SIEM to detect anomalous or malicious activity.
• Data Pipeline Management: Ensuring log sources are ingested, normalized, and enriched for maximum visibility, maintaining the integrity and performance of data pipelines.
• Automation and Scripting: Building tools and scripts to automate repetitive tasks, create custom detection mechanisms, and integrate platforms for streamlined workflows.
• Prototyping and Innovation: Experimenting with new technologies, techniques, and machine learning models to advance detection capabilities.
• Continuous Improvement: Iteratively refining detection logic based on attack simulations and post-incident reviews to address gaps and improve resilience.
• Threat Research and Intelligence: Staying updated on the latest threat actor tactics, techniques, and procedures (TTPs) and incorporating them into detection strategies.
• Incident Support: Collaborating with response teams during investigations by providing insights, creating custom queries, or adjusting detections in real time.
• Tool Development and Automation: Building scripts, dashboards, and playbooks to streamline and enhance detection and investigation processes.

What you'll bring with you

• Relevant engineering experience building and deploying solutions in a production environment on Google Cloud Platform (GCP)
• Experience with Python
• Experience with SOAR tools
• Understanding of Security Operations Centre (SOC)

Why Xero?

Offering very generous paid leave to use however you’d like (plus statutory holidays!), dedicated paid leave to care for your physical and mental wellbeing as well as an Employee Assistance Program to access mental health care for you and your family, life insurance, employee resource groups, 26 weeks of paid parental leave for primary caregivers, an Employee Share Plan, beautiful offices with weekly fitness and yoga classes, flexible working, career development, and many other benefits that reflect our human value, you’ll do the best work of your life at Xero.