Kelvin Clark, Developer in Rio de Janeiro - State of Rio de Janeiro, Brazil
Kelvin is available for hire
Hire Kelvin

Kelvin Clark

Verified Expert  in Engineering

Security and Threat Hunt Developer

Location
Rio de Janeiro - State of Rio de Janeiro, Brazil
Toptal Member Since
January 5, 2022

Kelvin is a skilled information security engineer with a background in fintech and banking services and critical infrastructure information security. He is experienced in working for huge companies worldwide. Kelvin has a vast knowledge of technical security areas like incident response and threat intelligence and is mainly focused on offensive security.

Portfolio

Cryptocurrency Market
Threat Intelligence, Cyber Threat Hunting, Azure, ELK (Elastic Stack)
United Healthcare (Amil Saude)
Application Security, ISO 27001
StoneCo
Penetration Testing, Application Security, RedTeam, Anti-fraud, Burp Suite...

Experience

Availability

Full-time

Preferred Environment

MacOS, Linux, Windows, Web Security, Burp Suite, OWASP, Penetration Testing, GitHub, Information Security

The most amazing...

...vulnerability I've tracked back on a fraud scheme—that isn't easy to disclose due to information confidentiality—allowed me to start a purple team.

Work Experience

Security Engineer Specialist

2021 - PRESENT
Cryptocurrency Market
  • Researched and built a threat intelligence tool that finds and works with dangerous sites in the Azure cloud.
  • Performed phishing modus research, operating and shutting down phishing scams and tracking scammers.
  • Ran application security enumeration and penetration testing.
  • Helped the incident response team with a few action points.
Technologies: Threat Intelligence, Cyber Threat Hunting, Azure, ELK (Elastic Stack)

Third-party Security Engineer

2020 - 2021
United Healthcare (Amil Saude)
  • Assessed the red team in hospitals systems infrastructure and mobile devices applications.
  • Managed the red team in its day-to-day jobs and orientation.
  • Helped build guidelines and the schedule for penetration tests in the group's companies.
Technologies: Application Security, ISO 27001

Security Engineer Specialist

2017 - 2020
StoneCo
  • Spearheaded the security of five group businesses incorporated in the holding while going public on the NASDAQ.
  • Found numerous vulnerabilities in some famous programs.
  • Collaborated with electronic fraud prevention task teams.
  • Worked on multipurpose security holes in different projects like banking, PoS security, and the payments gateway.
  • Performed DNS research, mapping domains with external multi-distributed DNS, and figuring how to protect the internal network using self-owned DNS servers.
  • Provided incident response in numerous cases, working as part of the purple team, acting from discovery to remediation and from targeted phishing to APT.
Technologies: Penetration Testing, Application Security, RedTeam, Anti-fraud, Burp Suite, Information Security, OWASP, PCI DSS, Open-source Intelligence (OSINT), Malware Analysis, Malware Information Sharing Platform (MISP), Wireshark, Cybersecurity, NIST, MITRE ATT&CK, Code Review, ISO 27001, Compliance, IT Security

Freelance Consulting

2016 - 2017
Freelancer
  • Consulting for business about security management of infrastructure and web protection.
  • Talked in more than 10 events in Brazil about network vulnerabilities and their countermeasures.
  • Teach classes about network exploitation, targeting wireless environments.
Technologies: Application Security, Web Security, Wireshark, Consulting

Instructor

2012 - 2016
Senac
  • Acted as an instructor on networks, virtualization, Linux, and security for the graduation course.
  • Performed as an RHCI Red Hat certified instructor in 2014, archiving the RHCA and RHCE in the same year.
  • Served as a Cisco NetClass instructor using a packet tracer to conceive the student's basics of network, static and dynamic routes, and network analysis.
Technologies: Networking, Linux, Virtual Machines, Security

Security Trainee

2014 - 2014
Conviso Application Security
  • Performed Linux server hardening and updated configurations based on NSA RedHat Hardening Document.
  • Worked on OSSEC hardening configuration and monitoring with agents and servers.
  • Reviewed security code and executed applications' penetration testing.
Technologies: Linux, Security, OSSEC

Purple Team Creation

I created and managed a purple team, a joint with the red team, DevSec, incident response, and blue team for particular purposes of fraud investigation and incident analysis in credit card transactions and its bank system.

Wild Internet Proxy Research

https://medium.com/@kelvinclrk/fuzzingaroundnet-0x01-c62441a8c6e0
I performed some research on a wild proxy around the internet and its exploitation for services. Criminals widely use this service in attacks in order to hide and camouflage its tracks in day-to-day hacks.

Incident Response

I took part in and led incident responses and anti-fraud task teams, building up some methodology of threat intelligence targeting frauds against Brazilian fintech and banks clients working in the banking area since its architecture to improve security.

Paradigms

Penetration Testing

Industry Expertise

Cybersecurity

Other

Web Security, Security, Threat Intelligence, Open-source Intelligence (OSINT), Application Security, RedTeam, Anti-fraud, Networking, Incident Response, ISO 27001, Consulting, IT Security, OWASP, Information Security, PCI DSS, Cyber Threat Hunting, Malware Analysis, Virtual Machines, NIST, MITRE ATT&CK, Code Review, Compliance

Tools

Wireshark, GitHub, OSSEC, ELK (Elastic Stack)

Platforms

Linux, MacOS, Windows, Burp Suite, Malware Information Sharing Platform (MISP), Azure

Languages

Python

JULY 2020 - JULY 2023

Certified Threat Intelligence Analyst

EC-Concil

MAY 2017 - PRESENT

OSWP

Offensive Security

FEBRUARY 2014 - FEBRUARY 2017

Security+

CompTIA

NOVEMBER 2013 - NOVEMBER 2016

RHCE

Red Hat

APRIL 2011 - APRIL 2016

LPIC-3

Linux Professional Institute

JANUARY 2011 - FEBRUARY 2017

Network+

CompTIA

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring