Lead Security Operations Analyst

Xero is a beautiful, easy-to-use platform that helps small businesses and their accounting and bookkeeping advisors grow and thrive.

At Xero, our purpose is to make life better for people in small business, their advisors, and communities around the world. This purpose sits at the centre of everything we do. We support our people to do the best work of their lives so that they can help small businesses succeed through better tools, information and connections. Because when they succeed they make a difference, and when millions of small businesses are making a difference, the world is a more beautiful place.

As the Lead Security Operations Analyst you will work with internal Xero teams and 3rd party security service providers to monitor, detect and respond to events impacting the security of Xero and its customers.

You'll be expected to take a leading role in the Security Operations team, both from a technical perspective as well as from a people perspective; demonstrating an EQ-driven approach in collaborating with and communicating and delivering to stakeholders across Xero.

**What you'll do**:

- As part of a 24 x 7 Security Operations capability, you will deliver on the responsibilities described as follows:

- Lead the triaging of alerts received from the SIEM and other sources. Allocate remediation activities to appropriate Xero teams, track and escalate remediation activities to ensure timely resolution.
- Lead investigations and analyse customer security concerns and incidents, actual or suspected. This will involve working with CX and Legal counterparts to ensure we communicate to regulatory authorities and customer in a timely manner
- Lead the investigation of internal security incidents, actual or suspected, to contain and understand the extent of any impact. Invoke and manage the Security Incident Response Plan as the incident commander where required. Perform root cause analysis and recommend security improvements to prevent recurrence.
- Document standards defining requirements to meet operational security needs, such as security event logging and monitoring agent implementation/maintenance. Work with the other security teams to ensure these operational security standards are communicated and met across Xero.
- Define requirements to automate and continuously improve the efficiency of threat detection, alerting and response.
- Exploit security tools to continuously improve the detection, prevention and analysis of security incidents.
- Keep informed as to emerging security threats that have the potential to impact Xero and implement/recommend mitigating strategies. Utilise available threat intelligence sources to inform and improve attack detection techniques.
- Ensure the analyst team develops and maintains security operations playbooks and runbooks in support of the Security Incident Response Plan.
- Coach and mentor members of the security operations team to increase the technical efficacy of the team
- Assist the people leader with people-focused tasks including recruitment, training and development.
- Mentor pod team members from other disciplines about security operations and raise awareness of security and operational concerns as a key consideration of product development.
- Have a influential role in the development of the SOC design and how the tools and resourcing requirements to achieve this might be established
- Be actively engaged with the Product Owner to shape and develop the roadmap for Defense and Response Pods

**What you'll bring with you**:

- Previous experience in a role within the Information Security Practice
- Extensive experience in security operations.
- Proven experience in developing and maintaining a highly motivated team of individuals.
- Been recognised as a technical lead or the senior contributor in your team.
- Strong coordination and incident management skills.
- Excellent stakeholder management.
- Fast learner, detail oriented, decisive, and enjoys fast paced work environment.
- Xero is a Rainbow Tick certified employer._
- Xero strongly encourages employees and contractors to be vaccinated against COVID-19 in order to work from a Xero office, or engage in any face-to-face Xero business._