Sep 2023 – Apr 2025 · 1 yr 7 mos · Remote

• At SEK Security Ecosystem Knowledge, I worked as a Penetration Tester performing comprehensive security assessments across web applications, mobile platforms, APIs, and cloud environments. My responsibilities included identifying security vulnerabilities, validating exploitation paths, and simulating realistic attack scenarios to evaluate the resilience of systems and applications.
• In addition to penetration testing activities, I also contributed to the development and maintenance of infrastructure used to support advanced security testing and adversary simulation exercises. This included preparing environments for offensive security tooling, payload testing, and controlled attack simulations. I collaborated with security and development teams to ensure vulnerabilities were clearly understood and effectively remediated.
• Technologies & Solutions:
• Web Application Security: Testing for vulnerabilities such as SQL Injection, XSS, authentication flaws, and access control issues
• Mobile Security Testing: Security assessments for Android and iOS applications, including insecure storage, reverse engineering, and API misuse
• API Security: Testing RESTful APIs for authorization flaws, input validation issues, and business logic vulnerabilities
• Cloud Security: Security assessments of cloud infrastructures and services
• Security Testing Infrastructure: Development of environments to support advanced offensive security testing
• Results:
• Identified critical vulnerabilities across web, mobile, API, and cloud environments
• Improved application and infrastructure security through detailed technical reports and remediation guidance
• Supported secure development practices by working closely with development and infrastructure teams
• Built and maintained infrastructure used to support advanced security testing activities

Jun 2022 – Dec 2023 · 1 yr 6 mos · Remote

• As a Penetration Tester at ISH Tecnologia, I was responsible for conducting comprehensive security assessments across web applications, mobile platforms, APIs, and cloud environments. My work focused on identifying vulnerabilities, simulating real-world attack scenarios, and providing actionable recommendations to improve the overall security posture of client infrastructures and applications.
• I performed both black-box and gray-box penetration tests following industry best practices, analyzing application logic, authentication mechanisms, and cloud configurations to uncover security weaknesses. Additionally, I worked closely with development and infrastructure teams to ensure vulnerabilities were properly understood and remediated in accordance with secure development practices.
• Technologies & Solutions:
• Web Application Security: Identification of vulnerabilities such as SQL Injection, XSS, authentication bypass, and access control issues
• Mobile Security Testing: Security assessments for Android and iOS applications, focusing on insecure data storage, API misuse, and authentication flaws
• API Security: Testing RESTful APIs for authorization flaws, input validation issues, and logic vulnerabilities
• Cloud Security: Security assessments of cloud-based infrastructures and services
• Security Testing Tools: Burp Suite, Nmap, and other offensive security tools and frameworks
• Results:
• Identified critical security vulnerabilities across web, mobile, API, and cloud environments
• Improved client security posture through detailed vulnerability reports and remediation guidance
• Simulated real-world attack scenarios to validate security controls and application resilience
• Supported development teams in implementing secure coding practices and strengthening application security

Sep 2021 – Sep 2022 · 1 yr · Remote

• I was responsible for bridging offensive and defensive security operations by simulating real-world adversary techniques and validating detection capabilities across enterprise environments. My work focused on adversary emulation, detection engineering, and continuous improvement of defensive controls based on threat intelligence and the MITRE ATT&CK framework.
• I conducted controlled attack simulations using red team tools to replicate real threat actor behavior, while collaborating closely with blue team analysts to improve detection, response procedures, and security monitoring effectiveness. In addition, I performed phishing analysis and investigation to identify social engineering campaigns and strengthen organizational awareness and response capabilities.
• Technologies & Solutions:
• Adversary Emulation: MITRE Caldera for automated attack simulation based on the MITRE ATT&CK framework
• Red Team Tooling: Cobalt Strike and Impacket for post-exploitation activities and lateral movement simulation
• Detection Engineering: Validation and improvement of detection rules and security monitoring capabilities
• Phishing Analysis: Investigation and analysis of phishing campaigns and social engineering attempts
• Results:
• Improved detection and response capabilities by validating defensive controls through adversary emulation exercises
• Strengthened blue team visibility by mapping attack simulations to MITRE ATT&CK techniques
• Enhanced incident investigation processes through detailed phishing analysis and threat validation
• Fostered collaboration between red and blue teams to continuously improve the organization’s security posture

Jul 2021 – Sep 2021 · 2 mos · Remote

• As a Penetration Tester at Intelliway, I was responsible for conducting security assessments across corporate infrastructures, web applications, and internal networks to identify vulnerabilities and strengthen the organization’s security posture. My work involved simulating real-world attack scenarios to evaluate the effectiveness of existing security controls and provide actionable remediation guidance.
• I performed both internal and external penetration tests, leveraging industry-standard tools and methodologies to uncover weaknesses in authentication mechanisms, network configurations, and application logic. Additionally, I collaborated with development and infrastructure teams to ensure vulnerabilities were properly understood and remediated.
• Technologies & Solutions:
• Offensive Security: Network and Web Application Penetration Testing
• Vulnerability Assessment: Identification, exploitation, and risk validation of security weaknesses
• Security Testing Tools: Nmap, Burp Suite, Metasploit, and other offensive security frameworks
• Reporting & Remediation: Technical reporting and guidance for secure remediation practices
• Results:
• Identified critical vulnerabilities across web applications and corporate infrastructure environments
• Improved organizational security posture by delivering detailed remediation recommendations
• Simulated real-world attack scenarios to validate defensive controls and incident response readiness
• Supported secure development practices by collaborating with technical teams during vulnerability remediation

May 2020 – Jul 2021 · 1 yr 2 mos · Hybrid

• I was responsible for managing and operating enterprise security infrastructure based on Check Point technologies while supporting the design and implementation of a Security Operations Center (SOC). My role involved monitoring network activity, improving defensive controls, and helping build processes and detection capabilities to enhance the organization's security posture.
• I initially focused on firewall management and network protection using Check Point solutions, including rule optimization, threat prevention tuning, and incident investigation. As the security program evolved, I contributed to the development and structuring of the SOC, supporting the implementation of monitoring processes, alert triage workflows, and security event analysis.
• Technologies & Solutions:
• Network Security: Check Point Firewall (policy management, rule optimization, threat prevention)
• Threat Detection: Security event monitoring and incident analysis
• SOC Development: Design of monitoring workflows, alert triage processes, and incident response procedures
• Vulnerability Management: Security assessments and remediation tracking
• Results:
• Improved network security posture by optimizing Check Point firewall policies and threat prevention controls
• Contributed to the creation and operational structuring of the company’s Security Operations Center (SOC)
• Enhanced incident detection and response capabilities through improved monitoring and analysis workflows
• Strengthened security governance by supporting vulnerability remediation and continuous monitoring practices