Rafael B. - Principal Security Architect

Go to Website

A dos Cunhados e Maceira, Portugal

Experience

Oct 2023 - Present

2 years 2 months

Portugal

Principal Security Architect

Reltio

APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains (presented at BlackHat Arsenal 2024)
Reltio Rockstar 2024.3 award winner

Jul 2022 - Oct 2023

1 year 4 months

Cyber Security Specialist

Volkswagen Digital Solutions

CVE-2009-3036 – Symantec IM
Local-access cross-site scripting
Security guidance for critical areas of focus in cloud computing

Jul 2021 - Jul 2022

1 year 1 month

Senior Security Architect – Senior Software Engineer (Security)

Avaya

Comparison between LSTM and CLCNN machine learning techniques in detecting malicious requests in web attacks

Nov 2016 - Jul 2021

4 years 9 months

Araquari, Brazil

Professor & Software Engineering Manager

Federal Institute of Santa Catarina

Provided comprehensive instruction in information security, software development, cloud computing, scripting, project management, and related subjects to undergraduate and postgraduate programs
Led software development projects using multiple platforms and technologies such as Django, mobile, React, Vue, and GitLab, integrating cutting-edge research into practical applications

Jan 2016 - Nov 2016

11 months

United States

Senior Application Security Architect – Contractor – Global Information Security

U.S. Bank

Reported directly to the VP of Assurance & Security Consulting
Focused on application security across various platforms and technologies
Provided security consulting services to internal teams and stakeholders
Conducted web application penetration testing to assess security risks
Performed static application security testing (SAST) and dynamic application security testing (DAST) on over 50 applications to identify vulnerabilities and potential threats

Jul 2009 - Jan 2016

6 years 7 months

Senior Cybersecurity Swiss Army Knife & Information Security / Innovation Committee Coordinator

NeoGrid

Supported company growth from 180 to 700 employees, managing and adapting information security strategy during rapid expansion
Developed and implemented comprehensive information security strategies
Ensured application security across various platforms and technologies
Coordinated the information security committee
Conducted security testing to identify vulnerabilities and potential threats
Established security metrics and dashboards for monitoring and reporting
Integrated security best practices into the software development life cycle (SDLC)
Performed web application penetration testing to assess security risks
Handled security incidents and coordinated response measures
Conducted manual and automated penetration testing for thorough security evaluations
Utilized tools such as IBM Rational AppScan and custom scripts for in-depth security assessments

Aug 2008 - Jul 2009

1 year

Senior IT Security Consultant

DELL

Conducted IT information security risk assessments to identify potential threats and vulnerabilities
Provided information security project management and guidance for over 40 projects, collaborating with a team of more than 400 developers
Performed static application security testing (SAST) and dynamic application security testing (DAST) to evaluate application security
Executed web application penetration testing to assess security risks and recommend mitigations
Offered security consulting services as a member of the red team, simulating attacks and testing the effectiveness of security measures

Aug 2005 - Jul 2008

3 years

Security Testing – Global Security Testing Board

Electronic Data Systems (now HP)

Only member in Brazil of the Global Security Testing Board
EDS had 180 000 employees and was acquired by HP in 2008

Jun 2005 - Aug 2005

3 months

Researcher – Part-time

Network Management Laboratory – UFSC

Researched web services QoS and network security

Feb 2004 - Oct 2004

9 months

Network Administrator

DMI – Medical Image Diagnostic Clinic

Oversaw network management to ensure efficient and secure connectivity
Administered information systems and maintained their integrity and availability
Implemented and managed firewall configurations for optimal security
Deployed and monitored intrusion prevention systems (IPS) and intrusion detection systems (IDS) to safeguard against potential threats
Administered web servers to ensure smooth operations and high performance
Performed server hardening on both Linux and Windows servers to enhance security and reduce vulnerabilities

Sep 2003 - Dec 2003

4 months

Voluntary Teacher

Committee for Democracy in Information Technology (CDI)

Pro bono teaching of computer basics

Jan 1998 - Feb 2005

7 years 2 months

Co-Founder

TCSUL – South Technology and Communication

Business Development
Software Development
Security Testing
Penetration Testing

Summary

Accomplished Information Security Expert, boasting over 20 years of experience in fields like Security Architecture, Application Security and Pentesting.

I excel in crafting tailor-made Information Security programs, assessments, and frameworks that align with risk management, security, and governance practices to bolster organizational resilience.

My expertise spans manual and automated security testing, Pentesting, DevSecOps, SCA, SAST, and DAST.

Throughout my career, I have had the privilege of working with industry-leading organizations across various sectors, such as Dell (technology), US Bank (financial services), EDS (now HP, information technology), AVAYA (telecommunications) and Volkswagen Digital Solutions/MAN (automotive).

I continue to apply my extensive knowledge and skills to enhance cybersecurity efforts within the data management industry.