🛠 Tech Stack

💼 About This Role

You'll define security architecture and AppSec strategy for strategic projects at XP Inc., one of Brazil's largest independent financial institutions. Your core impact is translating security risks into actionable requirements for dev teams and integrating Security by Design into cloud-native environments.

🎯 What You'll Do

• Define secure architecture standards and security guardrails for development squads.
• Evolve the AppSec program including Security Gates, vulnerability management, and maturity metrics.
• Conduct architecture and design reviews focusing on API security, auth, encryption, and data protection.
• Collaborate with DevOps to integrate security into CI/CD pipelines with shift-left approach.

📋 Requirements

• Solid experience in Application Security defining secure architectures across the SDLC.
• Hands-on with SAST, DAST, SCA, and Secret Scanning tools (e.g., CodeQL, Sonatype, Hashicorp, Dependabot).
• Deep knowledge of OWASP Top 10 and OWASP ASVS frameworks.
• Experience with Security by Design in cloud-native environments (containers, Kubernetes, serverless), preferably Azure.

✨ Nice to Have

• AppSec experience in financial sector (BACEN, CVM, PCI-DSS regulations).
• Experience defining Security Gates in CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins).
• Knowledge of AI/LLM security (OWASP Top 10 for LLM Applications).

🎁 Benefits & Perks

• 🏥 Health and dental insurance (full medical and dental plans).
• 🏋️ Wellhub (Gympass) access to fitness and wellness programs.
• 🍽️ Flexible meal and food vouchers (VA/VR) via iFood Benefit.
• 🚗 Transportation voucher.
• 👶 Extended parental leave (6 months maternity, 20 days paternity) and childcare allowance.

📨 Hiring Process

Estimated timeline: 3-5 weeks

1. 1Initial Resume Screening· 1 week
2. 2General Tests (Mindsight & Predictive Index)· 30 min each
3. 3Recruitment Interview· 45 min
4. 4Leadership Interview· 1 hour
5. 5Peer Interview· 45 min
6. 6Culture Fit Interview· 30 min