Intermediate Security Engineer (Enterprise Identity)

The role and it's impact

As an Engineer in the Enterprise Identity team, you will be hands-on in operating and improving Xero’s workforce identity platform. Your work ensures that access to enterprise resources is seamless, secure, and auditable, delivering low-friction solutions at scale across the entire organisation.

By becoming deeply familiar with our identity services and vendor capabilities, you will build reliable and automated services that reduce operational overheads. Your impact lies in maintaining the integrity of our workforce identity and remote access infrastructure, ensuring these critical systems are managed in a repeatable and reliable manner.

The team and how they connect

The Enterprise Identity team is responsible for uplifting and operating internal access services, including workforce IAM, enterprise SSO, and directory services. We work closely with Xero Security and Production Platform teams to resolve complex incidents and ensure our workforce identity platform remains seamless and secure.

Initially, you will focus on

• Administering and supporting core identity platforms including Okta, Active Directory, and Duo Security.

• Developing and maintaining internal identity tooling and automation using AWS services like Lambda, S3, and CodePipeline.

• Managing secure remote access infrastructure such as Windows Bastions and Session Manager.

• Writing and refining code in Python and PowerShell to automate workforce identity lifecycles and bot integrations.

Where and how you can work

We’re a team split across Wellington and Auckland, this role can be based anywhere in New Zealand. We feel our working environment allows you to do the best work of your life, supported by a diverse team that respects and challenges you.

Here are some of the things we are looking for

• You bring a willingness to understand and support various technical solutions within a platform systems environment.

• Your background includes some understanding of DevOps and Agile practices to help ship quality code efficiently.

• You possess a drive to work in a collaborative, team-oriented environment where you can mentor and be mentored.

• A basic understanding of network and system administration security is something you can apply to our identity services.

• You feel comfortable writing and maintaining scripts in Python or other languages to solve complex engineering problems.

• Delivering high-quality, reliable products to your internal customers is a personal passion.

Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.