Marcelo Gimenes de Oliveira
Domain-driven Design (DDD) Developer
Marcelo can take a high-level goal and provide a shippable code. To do so, he can readily learn most technologies as he goes. He cares about the business implications of anything he builds, and he understands the balance between craft, speed, and the bottom line. Moreover, he thinks technologies are about tools and trade-offs, not an ideology. Marcelo has over eight years of experience building scalable applications in many technical and business domains.
ExperiencePython - 4 yearsPHP - 4 yearsMicroservices - 3 yearsDomain-driven Design (DDD) - 3 yearsJava - 3 yearsApplication Security - 2 yearsRuby on Rails (RoR) - 2 yearsGo - 1 year
The most amazing...
...project I've developed is a security vulnerability management app that improved the security team's workflow for one of Brazil's biggest fintech companies.
Lead Software Engineer
- Developed a new API version to improve usability by using best REST practices.
- Created an API gateway library to build API gateways on-demand easily.
- Designed a sandbox solution to improve client onboarding.
- Helped new team members to understand the company business model and grasp the company's code rules.
Application Security Engineer
- Gave web security training based on the OWASP standards to more than 100 colleagues.
- Mapped and penetration tested the entire system's attack surface to meet PCI obligations.
- Wrote handcrafted reports, which not only pointed security vulnerabilities but also gave instructions and best practices for mitigation.
- Provided specific security advice to developers teams about features they were developing at the time.
- Defined model risk of new features, microservices, and APIs.
- Managed the security vulnerabilities to meet deadlines.
- Tested new mitigations and security features after delivery to see if there wasn't a bypass way.
- Broke a core part of a monolith into a resilient microservice, which improved the development process of adding new features.
- Developed a new refund solicitation UI, which improved usability.
- Built a new checkout microservice, improving the conversion rate by 10%.
- Created many reusable libraries to improve development speed and readability.
- Worked with old frameworks and legacy systems such as osCommerce and Tomato.
- Used and promulgated the domain-driven design techniques together with SOLID and Clean Code practices to improve the code maintainability.
- Analyzed and described requirements for the new features.
- Created many different features focused on each client-specific need.
- Developed COM objects to increase the system's functionalities through reusable components.
- Created a REST API on top of an existing one, improving its features without changing the old code.
- Developed a new UI, improving both usability and performance.
- Found and fixed an old bug that caused significant random problems.
- Developed a new product that improved the client's overall resilience in his primary line of business.
- Created DLLs and COM objects to facilitate the integration of new clients.
- Built and implemented many important invoice-related features, such as cross-field semantic validations and digital invoice sending.
BoaCompra is specialized in payment integrations for more than fifteen countries, giving access to almost 150 payment methods from 10 different countries, making it possible for partners to sell in other currencies and buyers to use their local payment methods. It's a partner of major game companies such as Riot (League of Legends), Valve (Steam), and EA (Battlefield and Need for Speed).
Vulnerability Management Apphttps://github.com/cgimenes/appsec-admin
File Transferring through QR Code Imageshttps://github.com/cgimenes/binqr-server
Veterinary Clinic Management Apphttps://github.com/cgimenes/gohorse-backend
Ruby on Rails (RoR), ActiveX, PHPUnit, Twig, PhalconPHP, Bootstrap, Spring Boot, Tailwind CSS, Bulma, AngularJS, ASP.NET, Flask, Spring, Django, .NET Core, .NET
API Development, Node.js, jQuery, Vue
Git, Docker Compose, Jenkins, RabbitMQ, Redmine, Subversion (SVN), NMap, Metasploit, Jira, Amazon Simple Queue Service (SQS), Amazon Elastic Container Service (Amazon ECS), RSpec, Apache, NGINX, Traefik
Microservices, CQRS, Event Sourcing, Requirements Analysis, Agile, Scrum, Kanban, Unit Testing, REST, Responsive Web Design (RWD), Penetration Testing, Functional Programming, Object-oriented Programming (OOP), ETL, DevOps
Linux, Docker, Windows, Amazon EC2, Heroku, Android, Oracle, Amazon Web Services (AWS), Google Cloud Platform (GCP), DigitalOcean, Firebase
SlimPHP, Databases, PostgreSQL, MySQL, MongoDB, PL/SQL, Amazon S3 (AWS S3), Redis, Microsoft SQL Server
Domain-driven Design (DDD), Application Security, Software Engineering, Software Architecture, DLL, COM, Hardware, Software Development, Lean, Networks, Risk Modeling, Vulnerability Assessment, Vulnerability Management, Payment Gateways, APIs, Fintech, Online Payments, Payment APIs, Architecture, Single Sign-on (SSO), Back-end, System Integration, Integration Testing, Web App Security, Web Security, Secure Web Development, LDAP, Software Design, Risk Analysis, Metabase, Full-stack, Front-end, CI/CD Pipelines, Native Mobile Apps, Inno Setup, Business Psychology, Mathematics, Statistics, QR Codes, Leadership, API Gateways, Amazon API Gateway
Banking & Finance, Security, Cybersecurity
Bachelor of Engineering Degree in Software Engineering
Centro Universitário Cesumar (UniCesumar) - Maringá, Paraná, Brazil
Certified Application Security Engineer (CASE)