XP Inc.
Analista de Segurança da Informação Sr. | Application Security
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About XP Inc.
XP Inc. is a Brazilian financial services company that provides a platform for independent financial advisers (IFAs) to deliver investment and wealth management services. Founded in 2001 by Guilherme Dias Fernandes Benchimol, the company has grown to support over 18,200 advisers who utilize its infrastructure to serve clients. The company offers advisory services and access to a range of investment products, including fixed income and funds. Compensation for advisers is based on commissions or a fixed annual percentage fee on client assets, depending on agreements made with clients. As of the third quarter of 2025, XP Inc. reported R$1,425 billion in client assets and R$18.9 billion in gross revenue, with a strong earnings before taxes margin projected for 2026.
Security at XP Inc.
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“XP Inc.'s Application Security (AppSec) area is responsible for evaluating service provision/partnerships involving integrations or connections with the XP Inc. Group's systems/environment. The company's philosophy includes developing systems securely, considering security and privacy standards (within General Data Protection Law scope), and ensuring cybersecurity is designed and implemented throughout the systems development lifecycle. A core principle is to prevent, detect, and reduce vulnerability to incidents related to the cyber environment, with senior management maintaining a continuous commitment to cybersecurity. Information regarding developer enablement vs. gatekeeping and stated pain points or goals is not publicly available.”
Security Team
- The AppSec team at XP Inc. is responsible for evaluating service provision/partnerships involving integrations or connections with the XP Inc. Group's systems/environment.
- However, public, verifiable evidence describing the AppSec team's internal organizational structure, reporting line, named public AppSec leaders, team size estimates, and active AppSec job postings was not found in the accessible public documents during this research.
- Specifically, no public AppSec job postings were extracted.
Key Initiatives
XP Inc. implements a secure Software Development Life Cycle (SDLC) by developing systems securely, considering security and privacy standards, and ensuring cybersecurity is designed and implemented throughout the SDLC. Their 'shift-left' practices include performing security analysis with SAST/DAST tools on source code and applications, as well as Engineering Hacking Tests (EHT) and intrusion tests. Vulnerability management involves annual internal and external penetration tests at the network and application layers, periodic internal and external network scans, and efforts to prevent, detect, and reduce vulnerabilities. Operational controls include deploying automated audit trails for all system components and having a documented Access Management process. The company also applies risk and governance controls, including a requirement for suppliers to have a minimum cyber-health score of 'B'. Information regarding a Security Champions Program or specific recent initiatives (beyond policy updates) is not publicly available.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.