Gilmar Rocha, Developer in Belo Horizonte - State of Minas Gerais, Brazil
Gilmar is available for hire
Hire Gilmar

Gilmar Rocha

Verified Expert  in Engineering

Back-end Developer

Location
Belo Horizonte - State of Minas Gerais, Brazil
Toptal Member Since
November 7, 2022

Gilmar is a cybersecurity specialist passionate about software development and security. He focuses on the software development lifecycle, including analysis, design, development, testing, and maintenance, because it gives him a clearer view of security issues. As a result, Gilmar knows how to help teams solve these issues.

Web DevelopmentBack-endSecure Web DevelopmentApplication SecurityWeb App SecuritySecurityCode ReviewC#C#.NET.NETJavaScriptASP.NETDocker.NET CoreReverse EngineeringAuthentication

Portfolio

MercadoLibre
Application Security, APIs, Architecture, Web Development, CORS...
Mercado Bitcoin
C#, Blockchain, Web Security, Authentication, APIs, .NET, REST...
Localiza Car Rental
Docker, API Gateways, Identity & Access Management (IAM), C#, C#.NET...

Experience

C# - 15 yearsWeb Security - 10 yearsWeb API - 7 yearsIdentity & Access Management (IAM) - 5 yearsDocker - 5 yearsApplication Level Gateways - 5 yearsMobile Security - 3 yearsBlockchain - 2 years

Availability

Part-time

Preferred Environment

C#, Docker, Web Security, Reverse Engineering, Blockchain, C#.NET, Authentication

The most amazing...

...thing I've developed is the back end for BS2, one of Brazil's first digital banking platforms.

Work Experience

Cybersecurity Tech Lead

2022 - PRESENT
MercadoLibre
  • Analyzed more than 300 cases of fraud to implement solutions that improved security and directly saved the company $2 million per year.
  • Discovered vulnerabilities on mobile applications that could compromise all customers from Mercadolibre.
  • Created a solution to map and identify possible data leakage from third-party members that manage Mercadolibre customer data.
Technologies: Application Security, APIs, Architecture, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, eCommerce

Cybersecurity Specialist

2022 - 2022
Mercado Bitcoin
  • Created a threat model for private wallets and custody on the exchange.
  • Improved login authentication and authorization on internal and external identity management systems to comply with OAuth.
  • Created the security by design guide based on the NIST framework to guide developers and architects in implementing security features.
Technologies: C#, Blockchain, Web Security, Authentication, APIs, .NET, REST, Secure Web Development, Application Security, Vulnerability Assessment, Security, Code Review, HTML, JavaScript, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end

Senior Security Analyst

2020 - 2022
Localiza Car Rental
  • Developed an identity management system to handle OAuth protocol on multiple internal and external web applications.
  • Tracked and fixed security issues on the server side of the Localiza Mobile application.
  • Conducted a security test on a mobile application called Meoo, which enabled users to unlock rental cars only using their cell phones.
Technologies: Docker, API Gateways, Identity & Access Management (IAM), C#, C#.NET, Authentication, APIs, .NET, REST, Secure Web Development, Application Security, Vulnerability Assessment, Security, Code Review, Azure, HTML, JavaScript, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end, eCommerce

Cybersecurity Specialist

2020 - 2022
C&A Loja Online
  • Developed Auth0 integration to provide an authentication solution to over 20 million users of C&A's eCommerce website and mobile apps.
  • Designed a credit card solution to replace an external credit card provider at C&A. This credit card solution was used by over five million users.
  • Implemented AWS Security Reference Architecture (AWS SRA) to the cloud environment.
Technologies: C#, Java, Amazon Web Services (AWS), Web Security, C#.NET, Authentication, APIs, .NET, REST, Kubernetes, Secure Web Development, Application Security, Vulnerability Assessment, Security, Architecture, Code Review, Azure, HTML, JavaScript, AWS Cloud Architecture, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end, eCommerce

Senior Security Analyst

2019 - 2020
BS2 Bank
  • Developed security controls on API Gateway to improve external application security.
  • Reviewed code of applications to ensure safety and implement security features.
  • Set security standards for the web API development process.
Technologies: Docker, C#, Identity & Access Management (IAM), C#.NET, Authentication, APIs, .NET, REST, ASP.NET MVC, Python, Kubernetes, Secure Web Development, Application Security, Vulnerability Management, Security, Architecture, Code Review, .NET Core, HTML, JavaScript, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end

Senior Architect and Developer

2017 - 2019
BS2 Bank
  • Created web API services for BS2's bank application.
  • Developed user identification and risk score log to prevent fraud.
  • Built a security solution to obfuscate users' sensitive data.
Technologies: C#, Docker, API Gateways, C#.NET, Authentication, APIs, .NET, REST, ASP.NET MVC, Kubernetes, ASP.NET, Architecture, .NET Core, HTML, JavaScript, Web Development, CORS, CSRF Protection, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end, CSS

Senior Developer

2013 - 2017
BHS Axter
  • Developed a balanced scorecard for Andrade Gutierrez, one of the most important Brazilian engineering companies.
  • Built a system to manage billing targets of all Andrade Gutierrez resources.
  • Developed a variety of programs to help internal systems to communicate with SAP.
Technologies: C#, Web, Web API, C#.NET, APIs, .NET, REST, ASP.NET MVC, ASP.NET, HTML, JavaScript, Web Development, Back-end, CSS

Owner

2010 - 2013
Varuna Tecnologia
  • Created an ERP system for specific engineering companies, focusing on local Brazilian laws.
  • Developed a system to monitor heavy machine management.
  • Created a suite to construct reports based on XML schemes.
Technologies: C#, Enterprise Resource Planning (ERP), C#.NET, .NET, HTML, JavaScript, Web Development, Back-end, CSS

BS2 Bank

http://www.bs2.com
I developed the back end of BS2 iOS and Android applications. Since this project was focused on security and performance, with high-security features to prevent fraud and intrusion, I played a key role in implementing security controls in C# to the web server. I also learned much about mobile application development to help other developers connect with these security features.

C&A Pay

https://www.cea.com.br/cea-pay
It is an Android and iOS application that provides credit card management. I architected this project and was part of the team that decided which credit card provider would be used at C&A Pay. I identified, suggested, and implemented security features to handle more than ten million system users.

Custody System Bitrust for Mercado Bitcoin

https://www.bitrustcustody.com
A project that handled customers and enterprise private keys to communicate with the blockchain. I was in charge of documenting a threat model of the custody system and suggesting improvements to provide more secure options to the system.

Languages

C#, C#.NET, HTML, JavaScript, Python, Java, CSS

Frameworks

.NET, ASP.NET, .NET Core, ASP.NET MVC

Paradigms

REST, CSRF Protection

Platforms

Docker, Blockchain, Kubernetes, Azure, Amazon Web Services (AWS), Web, Blockchain Platforms

Other

APIs, Secure Web Development, Application Security, Security, Architecture, Code Review, Web Development, CORS, Cross-site Request Forgery, Cookies, Cross-site Scripting, IT Security, Web App Security, XSRF, Back-end, eCommerce, Reverse Engineering, Identity & Access Management (IAM), Authentication, Vulnerability Assessment, Web Security, API Gateways, Enterprise Resource Planning (ERP), Mobile Security, Application Level Gateways, Credit Risk, Credit Cards, Risk Models, Vulnerability Management, AWS Cloud Architecture

Libraries/APIs

Web API

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring