Rafael B.
Principal Security Architect
Experience
Oct 2023 - Present
2 years 3 monthsPortugal
Principal Security Architect
Reltio
- APIDetector: Efficiently scan for exposed Swagger endpoints across web domains and subdomains (presented at BlackHat Arsenal 2024)
- Reltio Rockstar 2024.3 award winner
Jul 2022 - Oct 2023
1 year 4 monthsCyber Security Specialist
Volkswagen Digital Solutions
- CVE-2009-3036 – Symantec IM
- Local-access cross-site scripting
- Security guidance for critical areas of focus in cloud computing
Jul 2021 - Jul 2022
1 year 1 monthSenior Security Architect – Senior Software Engineer (Security)
Avaya
- Comparison between LSTM and CLCNN machine learning techniques in detecting malicious requests in web attacks
Nov 2016 - Jul 2021
4 years 9 monthsAraquari, Brazil
Professor & Software Engineering Manager
Federal Institute of Santa Catarina
- Provided comprehensive instruction in information security, software development, cloud computing, scripting, project management, and related subjects to undergraduate and postgraduate programs
- Led software development projects using multiple platforms and technologies such as Django, mobile, React, Vue, and GitLab, integrating cutting-edge research into practical applications
Jan 2016 - Nov 2016
11 monthsUnited States
Senior Application Security Architect – Contractor – Global Information Security
U.S. Bank
- Reported directly to the VP of Assurance & Security Consulting
- Focused on application security across various platforms and technologies
- Provided security consulting services to internal teams and stakeholders
- Conducted web application penetration testing to assess security risks
- Performed static application security testing (SAST) and dynamic application security testing (DAST) on over 50 applications to identify vulnerabilities and potential threats
Jul 2009 - Jan 2016
6 years 7 monthsSenior Cybersecurity Swiss Army Knife & Information Security / Innovation Committee Coordinator
NeoGrid
- Supported company growth from 180 to 700 employees, managing and adapting information security strategy during rapid expansion
- Developed and implemented comprehensive information security strategies
- Ensured application security across various platforms and technologies
- Coordinated the information security committee
- Conducted security testing to identify vulnerabilities and potential threats
- Established security metrics and dashboards for monitoring and reporting
- Integrated security best practices into the software development life cycle (SDLC)
- Performed web application penetration testing to assess security risks
- Handled security incidents and coordinated response measures
- Conducted manual and automated penetration testing for thorough security evaluations
- Utilized tools such as IBM Rational AppScan and custom scripts for in-depth security assessments
Aug 2008 - Jul 2009
1 yearSenior IT Security Consultant
DELL
- Conducted IT information security risk assessments to identify potential threats and vulnerabilities
- Provided information security project management and guidance for over 40 projects, collaborating with a team of more than 400 developers
- Performed static application security testing (SAST) and dynamic application security testing (DAST) to evaluate application security
- Executed web application penetration testing to assess security risks and recommend mitigations
- Offered security consulting services as a member of the red team, simulating attacks and testing the effectiveness of security measures
Aug 2005 - Jul 2008
3 yearsSecurity Testing – Global Security Testing Board
Electronic Data Systems (now HP)
- Only member in Brazil of the Global Security Testing Board
- EDS had 180 000 employees and was acquired by HP in 2008
Jun 2005 - Aug 2005
3 monthsResearcher – Part-time
Network Management Laboratory – UFSC
- Researched web services QoS and network security
Feb 2004 - Oct 2004
9 monthsNetwork Administrator
DMI – Medical Image Diagnostic Clinic
- Oversaw network management to ensure efficient and secure connectivity
- Administered information systems and maintained their integrity and availability
- Implemented and managed firewall configurations for optimal security
- Deployed and monitored intrusion prevention systems (IPS) and intrusion detection systems (IDS) to safeguard against potential threats
- Administered web servers to ensure smooth operations and high performance
- Performed server hardening on both Linux and Windows servers to enhance security and reduce vulnerabilities
Sep 2003 - Dec 2003
4 monthsVoluntary Teacher
Committee for Democracy in Information Technology (CDI)
- Pro bono teaching of computer basics
Jan 1998 - Feb 2005
7 years 2 monthsCo-Founder
TCSUL – South Technology and Communication
- Business Development
- Software Development
- Security Testing
- Penetration Testing
Summary
Accomplished Information Security Expert, boasting over 20 years of experience in fields like Security Architecture, Application Security and Pentesting.
I excel in crafting tailor-made Information Security programs, assessments, and frameworks that align with risk management, security, and governance practices to bolster organizational resilience.
My expertise spans manual and automated security testing, Pentesting, DevSecOps, SCA, SAST, and DAST.
Throughout my career, I have had the privilege of working with industry-leading organizations across various sectors, such as Dell (technology), US Bank (financial services), EDS (now HP, information technology), AVAYA (telecommunications) and Volkswagen Digital Solutions/MAN (automotive).
I continue to apply my extensive knowledge and skills to enhance cybersecurity efforts within the data management industry.
Languages
Portuguese
NativeEnglish
AdvancedSpanish
ElementaryEducation
Jan 2017 - Oct 2023
Federal University of Santa Catarina
PhD, Computer Science (Information Security) · Computer Science · Brazil
Oct 2007 - Jun 2010
Federal University of Santa Catarina
Master, Computer Science (Information Security) · Computer Science · Brazil
Oct 2002 - Jun 2006
Federal University of Santa Catarina
Bachelor, Information Systems · Information Systems · Brazil
Certifications & licenses
CCSK
Certified Ethical Hacker (CEH) v11
ISC(2) CSSLP
ISTQB
Need a freelancer? Find your match in seconds.
Try FRATCH GPT More actions
Similar Freelancers
Discover other experts with similar qualifications and experience
Valeri M.
DORA Readiness – Gap Analysis and Implementation for Banks
View Profile
Syed G.
Cyber Security Professional
View Profile
Dirk M.
Senior Program Manager & CISO | IT Transformation, Cybersecurity & GRC Leader
View Profile
Niels S.
Azure Architect
View Profile
Kazim R.
Principal Security Architect - Contract Hands on
View Profile
Stefan R.
ISO27001 Certification
View Profile
Ali Y.
Principal Product Security Engineer
View Profile
Federico L.
ISO – Senior Consultant Quality & Information Security
View Profile
Sascha L.
CEO
View Profile
Tezcan D.
Solution Architect / Project Manager
View Profile
Bernhard B.
Senior Security Architect - Technical Consultant - Project Manager - Network Engineer
View Profile
Alexander N.
Security Expert
View Profile
Christian D.
Managing Director and Senior Consultant
View Profile
Nils K.
Vulnerability Management and Secure SDLC
View Profile
Erlijn V.
Advisory Committee Member for UNEP West Asia’s Frontiers Report 2022
View Profile
Henryk O.
Security Consultant
View Profile
Maryam M.
AI Red Team Engineer
View Profile
Valon J.
Cybersecurity and Data Scientist Engineer
View Profile
Seyed M.
Senior Product Security Engineer
View Profile
Rashida A.
Security Research Engineer (Freelance)
View Profile
Christian G.
DORA Implementation Project
View Profile
Sokol Ç.
Cybersecurity Engineer
View Profile
Petr P.
Freelance Cyber Security Consultant
View Profile
Stanislaus S.
Security Consultant
View Profile
Fabrizio D.
vCISO / Fractional CISO / Security Leadership
View Profile
Kevin E.
Lecturer on AI in Cybersecurity
View Profile
Martin W.
Security Auditor
View Profile
Ayesha A.
Senior Penetration Tester & Security Engineer
View Profile
Nikolaus B.
ICT Risk Management and Information Security
View Profile
Antonio Q.
Freelance IT Consultant & Content Creator
View Profile
