Ariel Maiorano, Developer in Buenos Aires, Argentina
Ariel is available for hire
Hire Ariel

Ariel Maiorano

Verified Expert  in Engineering

Software Developer

Location
Buenos Aires, Argentina
Toptal Member Since
March 28, 2022

Ariel has more than 20 years of experience in professional information security and software development, including working on projects ranging from small applications to complex enterprise solutions. He focuses mainly on back-end security and development in C, C++, Java, .NET platform, Python, PHP, Perl, and shell scripting, with databases like MySQL, PostgreSQL, MS-SQL, Oracle, MongoDB, and SQLite. Ariel has a great hands-on background in commercial and open-source frameworks and environments.

CryptographySecurity ArchitectureLinuxPythonBack-end DevelopmentWeb DevelopmentWeb App DevelopmentSecurityWeb App SecuritySecurity Policies & ProceduresJavaAPI DevelopmentC#REST APIsCybersecurityIncident ResponseWeb Application SecurityVulnerability AssessmentSecurity Operation Center (SOC)Incident Response

Portfolio

GICSI - Faculty of Engineering of the Army, National Defense University
Cryptography, Applied Cryptography
m-sistemas
Application Security, Applied Cryptography, C, C#, C++, Cryptography, Java...
BBVA Argentina
Application Security, Applied Cryptography, Back-end Development, Python, Java...

Experience

Linux - 20 yearsJava - 15 yearsCryptography - 10 yearsApplied Cryptography - 10 yearsC# - 10 yearsApplication Security - 10 yearsPython - 5 yearsSecurity Architecture - 5 years

Availability

Part-time

Preferred Environment

Application Security, Source Code Review, Red Teaming, Cryptography, Applied Cryptography, Development, Risk Management, Compliance, Integration, Automation

The most amazing...

...projects I've developed were tailor-made systems for local and foreign customers that improved their security posture.

Work Experience

Teacher | Researcher

2012 - PRESENT
GICSI - Faculty of Engineering of the Army, National Defense University
  • Collaborated with the research group in Cryptology and Computer Security (GICSI) that carries out its activities in a laboratory belonging to the Faculty of Engineering of the Army, National Defense University, Argentina.
  • Carried out teaching tasks in the Cryptography and Discrete Mathematics departments at three local universities.
  • Published several papers, available at Scholar.google.com.ar/citations?user=7_prQU8AAAAJ&hl=es&oi=ao.
Technologies: Cryptography, Applied Cryptography

Consultant

2000 - PRESENT
m-sistemas
  • Provided IT consulting services and supported our customers in all software solution development stages.
  • Developed services, back ends, applications, and web-based solutions for the Internet, intranet, and mobile devices. Managed project analysis, development, implementation, security, and maintenance.
  • Developed tailor-made systems for local and foreign customers using the latest technologies, including open-source platforms, frameworks, and development environments.
Technologies: Application Security, Applied Cryptography, C, C#, C++, Cryptography, Java, Penetration Testing, Linux, PHP, Python, Security Architecture, Security Audits, Source Code Review, Web Security, Security Design, Red Teaming, MongoDB, MariaDB, Microsoft SQL Server, MySQL, PostgreSQL, Perl, Bash, Development, REST, REST APIs, Web Services, Web App Security, Cybersecurity, Go, Django, Docker, Mobile Security, Cloud Security, Compliance, Security, Web Development, App Development, Web App Development, API Development, Microservices, Security Policies & Procedures, Vulnerability Assessment, Risk Management

Security Architect

2020 - 2021
BBVA Argentina
  • Created security architecture, specifically general and multiple applications and systems security.
  • Performed source code auditing, including vulnerability assessment and penetration testing.
  • Implemented security solutions and tailor-made development.
Technologies: Application Security, Applied Cryptography, Back-end Development, Python, Java, Security Architecture, PostgreSQL, MongoDB, Development, Web Services, Web App Security, Cybersecurity, Go, Docker, Cryptography, Compliance, Security, Microservices, Security Policies & Procedures

Consultant

2016 - 2018
Airport Security Police (Argentina)
  • Provided consulting on Information Security. Managed the compliance with the Information Security Policy of the PSA, based on the ONTI model.
  • Coordinated with the Information Security Committee. Drafted and elevated rules and procedures complementary to the Policy.
  • Developed awareness and training programs. Provided risk analysis and management of information assets. Led Computer Security Incident Response Team.
Technologies: Incident Response, Incident Management, Threat Intelligence, Threat Analytics, Threat Modeling, CSIRT, Security Operations Centers (SOC), Information Security, Information Security Management Systems (ISMS), Compliance, Security, Security Policies & Procedures

Example of Application Security Audit/Source Code Review

https://github.com/arielmaiorano/analisis-qlink/blob/master/2-android/qlink_cacic2018.pdf
This academic paper presents results obtained by reviewing the source code of the Qlink.it web application. This application sends a "qlink," a standard link to a private message with the unique feature that its content gets auto-deleted once it is read. By sending this link to another user, you are guaranteed that its content can never be retrieved or viewed by anyone else again once the message is read.

In this article, we described the results of the source code review of the Qlink. Its Android application after summarizing previous findings. This analysis focused on the implementation of cryptographic functionalities. This publication aims to invite other researchers to analyze the application to determine if Qlink. It could be considered secure.

Automatic Analysis of Patches

https://github.com/arielmaiorano/aap/blob/master/README.en.md
A tool for reviewing patches (diffs/commits) and differences between project branches of open or closed source software. It is a Web application developed in Python using the Django Web framework. It depends on Git for managing projects' source code to analyze. It also depends on auxiliary Python libraries used in batch or unattended processes (cron), the web interface, and plugins that implement text-mining/machine-learning techniques (Natural Language Toolkit, or NLTK, version 3).

Auto-Feed-DefectDojo

https://github.com/arielmaiorano/auto-feed-defectdojo
A basic example of a web service is automating the execution of preconfigured tools and importing results in DefectDojo. Tools configured at the moment (according to import names in DefectDojo): "Nmap Scan," "Nikto Scan," "Wapiti Scan," "SSLyze 3 Scan (JSON)", "DrHeader JSON Importer," "ZAP Scan," "OpenVAS CSV."
2016 - 2022

Progress Toward a PhD in Cryptography

La Plata National University - La Plata, Buenos Aires, Argentina

AUGUST 2021 - AUGUST 2025

GIAC Defensible Security Architecture (GDSA)

Global Information Assurance Certification (GIAC)

Languages

Python, Java, C#, PHP, C, C++, Perl, Bash, Go

Platforms

Linux, Android, Docker

Other

Cryptography, Applied Cryptography, Security Architecture, Web Security, Development, Security Design, Security Audits, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Back-end Development, Web Services, Web App Security, Security, Web Development, Web App Development, Security Policies & Procedures, IT Security, OWASP, Web Standards, ISO Standards, ISO 27001, PCI DSS, Application Security, Source Code Review, Red Teaming, Mobile Security, Cloud Security, Machine Learning, Incident Response, Incident Management, Threat Intelligence, Threat Analytics, Threat Modeling, CSIRT, Security Operations Centers (SOC), Information Security, Information Security Management Systems (ISMS), Compliance, Vulnerability Assessment, Risk Management, Vulnerability Management, NIST, Integration

Libraries/APIs

REST APIs, API Development

Paradigms

Penetration Testing, REST, App Development, Microservices, Automation, DevSecOps

Industry Expertise

Cybersecurity

Frameworks

Django

Storage

MySQL, PostgreSQL, MongoDB, MariaDB, Microsoft SQL Server

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring