The role and it's impact

As a Senior Engineer in the Enterprise Identity team, you’ll be hands-on operating and improving the workforce identity platform, while actively mentoring teammates and fostering a culture of technical excellence.

You will lead technical direction, standards, and automation to deliver secure, low‑friction access at scale across Xero. You’ll combine deep domain ownership with collaborative problem-solving to reduce operational overheads, strengthen assurance, and empower the wider team to operate with greater autonomy and clarity.

The team and how they connect

The Enterprise Identity team is responsible for uplifting and operating internal access services, including workforce IAM, enterprise SSO, and directory services. We work closely with Xero Security and Production Platform teams to resolve complex incidents and ensure our workforce identity platform remains seamless and secure.

The team is currently working on

• Evolving enterprise SSO on Okta, including application integrations and authentication policies aligned to risk.

• Managing the lifecycle of directory services like Active Directory and secure remote access infrastructure.

• Developing event-driven automation and ChatOps bots using Python and AWS Lambda to reduce manual effort.

• Uplifting multi-factor authentication using Duo Security and Okta to meet business and compliance requirements.

Where and how you can work

We’re a team split across Wellington and Auckland, this role can be based anywhere in New Zealand. We feel our working environment allows you to do the best work of your life, supported by a diverse team that respects and challenges you.

Here are some of the things we are looking for

• You bring deep expertise in operating enterprise IAM systems with a focus on improving reliability and usability.

• Your background includes integrating SSO using SAML and OIDC patterns with identity providers such as Okta.

• You have a natural inclination toward an automation-first mindset, using tools like Python, Terraform, and CI/CD to reduce toil.

• Experience managing directory services and privileged access patterns in large-scale environments is something you can demonstrate.

• You enjoy mentoring other engineers, reviewing code, and championing modern engineering standards within a team.

• An understanding of MFA technologies and policy-based access controls helps you align technical solutions to enterprise risk.

Apply even if your experience isn't a perfect match! At Xero, we hire based on your skills, passion, and the unique perspective you can bring to enhance our culture and team.