Information Security Manager

• Dec 2022 - Present

Information Security Tech Lead

• Feb 2021 - Dec 2022

My main mission is to help to structure the security area of ​​TokStok. I lead the team in both technical and strategic aspects. From the design of reference architectures including also practical implementation. In addition to strategic level actions such as the creation of a security score, definition of the pillars team performance, definition of OKRs and support in the best application of the area's budget. My main mission is to help to structure the security area of ​​TokStok. I lead the team in both technical and strategic aspects. From the design of reference architectures including also practical implementation. In addition to strategic level actions such as the creation of a security score, definition of the pillars team performance, definition of OKRs and support in the best application of the area's budget.

Content Teacher

• Aug 2020 - Feb 2022

MBA ON - Cyber Security Forensics, Ethical Hacking & DevSecOpsI work as a content teacher in the engineering and cloud security disciplines. MBA ON - Cyber Security Forensics, Ethical Hacking & DevSecOpsI work as a content teacher in the engineering and cloud security disciplines.

Cloud Security Engineer Lead

• Feb 2020 - Dec 2020

I act as directly responsible for the information security team of ​​one of Linx's business verticals known as Linx Digital.

Cloud Security Engineer

• Jun 2018 - Jan 2020

Here I am having the opportunity to create a security area from scratch. Working together with the Cloud team I was able to define and implement the entire security baseline of linx digital products including identity management, detection and response to incidents, analysis and management of vulnerabilities, management of infrastructure assets, implementation of the CIS framework, protection of intellectual property, among other topics.

Senior Information Security Analyst

• May 2017 - Jun 2018

During this period my work was focused on application security. I got involved with several teams (dev, infra / devops, architecture, etc.) in order to contribute with security aspects. Mainly with aspects related to offensive security. I had contact with several types of implementations. From mobile applications, web, microservice security or even architectural definitions. I also acted as an interface with several security consultancies. During this period my work was focused on application security. I got involved with several teams (dev, infra / devops, architecture, etc.) in order to contribute with security aspects. Mainly with aspects related to offensive security. I had contact with several types of implementations. From mobile applications, web, microservice security or even architectural definitions. I also acted as an interface with several security consultancies.

Penetration Tester [Red Team]

• May 2015 - May 2017

I worked as a consultant executing projects focused on the area of ​​offensive security. Under the stance of an ethical hacker, he conducted attacks against systems and infrastructure of several clients in order to test the security of their assets. At the end of each test, a technical report was written containing each point explored, as well as the exploration method used, in addition to the recommendations for correcting the identified weaknesses. I worked on projects of this nature in the most varied types of companies / segments / environments such as banks, hospitals, hotels, retail, government agencies, software development agencies, PCI environments, etc.

Infrastructure Engineer

• Aug 2014 - May 2015

During this period I had the opportunity to implement a perimeter using basic resources from Amazon Web Services (AWS). From network segregation to protection mechanisms such as NAT, proxy, firewall (SGs) and VPN. During this period I was responsible for issues related to infrastructure. Defined and implemented several security policies based on the ISO27002 standard, such as workstation encryption, secure document disposal, clean table policy, etc. Developed scripts for automation and management of the AWS environment using python and the AWS boto plugin.

Support Analyst

• Aug 2010 - Jul 2014

During this period, I had the main task of implementing a data center and business process automation platform.This platform was used to serve all areas of the RBS Group. From issues related to IT infrastructure such as monitoring, backup and various datacenter controls to the company's various ERP modules such as payroll, logistics, accounting and finance. I worked as an analyst responsible for this area for 4 years. During this period, I had the main task of implementing a data center and business process automation platform.This platform was used to serve all areas of the RBS Group. From issues related to IT infrastructure such as monitoring, backup and various datacenter controls to the company's various ERP modules such as payroll, logistics, accounting and finance. I worked as an analyst responsible for this area for 4 years.