Experience

Personio

• Germany
• Software Development
• 700 & Above Employee

• Engineering Manager Security

  • Apr 2022 - Present

  Munich, Bavaria, Germany



Nubank

• Brazil
• Financial Services
• 700 & Above Employee

• Infosec Engineering Manager

  • Nov 2020 - Apr 2022

  São Paulo, Brazil - Accountable for three squads: Defensive security, Application Security and Cloud Security. - Spinning-off of new squads with hiring and strategy. - Accountable for big cross BU/Squads programs like Data Loss Prevention (DLP) and Zero Trust Architecture (ZTA) - Focus in advising on strategy and long term direction for the Infosec BU and streamline current squads for smart efficiency and value delivery.

• Infosec Tech Manager

  • Apr 2019 - Nov 2020

  - Accountable for the Defensive Security Squad (blue team) and responsible for security architecture and implementation of security controls. - Promoted a huge and organic growth of the squad through hiring and advertising work and culture to other engineering squads (400% in the period) - Some key projects were: internationalization, secrets management, data sharing, EDR implementation, secret scanning, OS baseline hardening - Developed and nourished a strong engineering culture on… Show more - Accountable for the Defensive Security Squad (blue team) and responsible for security architecture and implementation of security controls. - Promoted a huge and organic growth of the squad through hiring and advertising work and culture to other engineering squads (400% in the period) - Some key projects were: internationalization, secrets management, data sharing, EDR implementation, secret scanning, OS baseline hardening - Developed and nourished a strong engineering culture on the team, supporting cross-squad functions.



FIAP

• Brazil
• Higher Education
• 700 & Above Employee

• Professor

  • Apr 2019 - Jul 2021

  São Paulo, Brazil Responsible for teaching the following courses using technology as AWS, AWS educate, AWS training, Azure, Microsoft Learning paths, and Github. On Cyber Defense undergrad: - Cloud Architecture - Cloud Security On Cloud Technologist: - Infrastructure as Code (IaC) using terraform and packer During this period, I got close to the AWS and Github learning community and become AWS Cloud Ambassador faculty and a Github verified teacher.



Pagar.me

• Brazil
• Technology, Information and Internet
• 700 & Above Employee

• Tech Leader and Head of Security

  • Nov 2017 - Apr 2019

  São Paulo Area, Brazil - Building Pagar.me's security program with a focus on InfoSec awareness, automation, and security embedded on software lifecycle and DevOps processes. - Overviewing security team day-to-day work, clearing road-blockers and helping them making decisions and supporting the creation of the course of action and any technical aspect. - Development of tools to automate processes using Golang, Python and Shellscript. - Working directly with the DevOps and SRE team to maintain and monitor… Show more - Building Pagar.me's security program with a focus on InfoSec awareness, automation, and security embedded on software lifecycle and DevOps processes. - Overviewing security team day-to-day work, clearing road-blockers and helping them making decisions and supporting the creation of the course of action and any technical aspect. - Development of tools to automate processes using Golang, Python and Shellscript. - Working directly with the DevOps and SRE team to maintain and monitor infrastructure using Slack, Pagerduty, AWS Cloudtrail, AWS Cloudwatch, ELK stack, Elastalert and Grafana. - Deployed and managed a diverse infrastructure stack using several technologies like Hashicorp Consul, Nomad, Vault, AWS EC2, Fargate, Apache Cassandra and others. - Building security monitoring and SIEM and improving automation/orchestration on incident response. - Responsible for PCI compliance. - Developing and reviewing infrastructure as code using Terraform, Packer, Ansible, and AWS Cloudformation. - Member of the technology leadership, advising on building Pagar.me's technology strategy. Show less



EY

• United Kingdom
• IT Services and IT Consulting
• 700 & Above Employee

• Senior Cybersecurity Consultant

  • May 2017 - Oct 2017

  São Paulo Area, Brazil Responsible for reviewing technical deliveries of the EY's Cybersecurity team (São Paulo). Worked on several projects like black-box pentesting, vulnerability classification framework, SDLC code review policies, and fraud investigation.



Tempest Security Intelligence

• Brazil
• Computer and Network Security
• 300 - 400 Employee

• Information Security Analyst

  • Aug 2016 - Apr 2017

  São Paulo Area, Brazil Mainly SecOps/ Networking responsibilities. Managed firewalls (Juniper), Loadbalancers ( A10, F5 Big IP), Proxy (Squid), WAF (Mod Security), EDR (SEP), Secure authentication (Symantec VIP). Implemented active monitoring using Zabbix. Documented processes and activities. On spare time, used to do some networking pentesting.



Grupo Bandeirantes de Comunicação

• Brazil
• Broadcast Media Production and Distribution
• 700 & Above Employee

• Information Security Analyst

  • Aug 2016 - Apr 2017

  São Paulo Area, Brazil



Rivet360

• United States
• Technology, Information and Internet
• 1 - 100 Employee

• IT Support Engineer

  • Oct 2015 - Apr 2016

  Greater Chicago Area Responsible for Chicago HQ's IT infrastructure, operation and monitoring. Active Directory, Firewall, VPN, Wireless Networking, Backup, Studio infrastructure. Pentesting REST API and local infrastructure. Auditing and hardening AWS IAM structure.



Ultrapar

• Brazil
• Oil and Gas
• 500 - 600 Employee

• IT Governance Analyst

  • Jan 2012 - Apr 2014

  São Paulo Area, Brazil IT Technical Leader/ Project Manager (Jan 2013 - Apr 2014) Responsible for the technical leadership of Ultrapar's ITSM program - Service Desk/ ITSM tool selection and implementation. ITSM process review of incident, problem, change/release, configuration and service catalog management. Responsible for gather and sum up business requirements, project chronogram followup, internal and external stakeholders' alignment, process homologation, establishment and training. Problem… Show more IT Technical Leader/ Project Manager (Jan 2013 - Apr 2014) Responsible for the technical leadership of Ultrapar's ITSM program - Service Desk/ ITSM tool selection and implementation. ITSM process review of incident, problem, change/release, configuration and service catalog management. Responsible for gather and sum up business requirements, project chronogram followup, internal and external stakeholders' alignment, process homologation, establishment and training. Problem manager (jan 2012 - dec 2012) Objective: Reduce the occurrence of high impact and recurring incidents through root cause analysis and implementation of a final solution. Scope: enterprise IT and IT business of Ultra Group: Ultragaz, Ipiranga and Oxiteno. (approximately 250 analysts) Improvements achieved in 2012: -Decrease the percentage of incidents of very high priority to 2.69% in 2011 to 1.53% in 2012. -25% decrease in overall problem backlog. -Increase in the relationship between incidents and problems from 4% in 2011 to 11% in 2012. -Implementation and operation of process management problems in IT Ipiranga.

• IT Intern

  • Jan 2011 - Jan 2012

  São Paulo e Região, Brasil Structured internship program where competencies are identified and developed through participation in projects, day-to-day area activities, technical and interpersonal development training. The areas in which I participated in job rotation were: 1. IT Governance -Self-evaluation of the Sarbanes-Oxley controls. -Monitoring of ITIL processes: incident, problem, change, release and configuration management. 2. Commercial Systems -Business Intelligence tool prospecting project… Show more Structured internship program where competencies are identified and developed through participation in projects, day-to-day area activities, technical and interpersonal development training. The areas in which I participated in job rotation were: 1. IT Governance -Self-evaluation of the Sarbanes-Oxley controls. -Monitoring of ITIL processes: incident, problem, change, release and configuration management. 2. Commercial Systems -Business Intelligence tool prospecting project for IT KPI's management. -Technical leader of the IT personal management tool. -Support to various systems.



Itaú Unibanco

• Brazil
• Banking
• 700 & Above Employee

• IT Intern

  • Jan 2009 - Mar 2009

  São Paulo Area, Brazil Working on a special program called Itaú Summer Job, for 2 months, that consists in helping implementation of ITIL on the bank's IT service support process and getting a overview of all IT management areas.