Marcelo Gimenes de Oliveira
Domain-driven Design (DDD) Developer
Marcelo can take a high-level goal and provide a shippable code. To do so, he can readily learn most technologies as he goes. He cares about the business implications of anything he builds, and he understands the balance between craft, speed, and the bottom line. Moreover, he thinks technologies are about tools and trade-offs, not an ideology. Marcelo has over eight years of experience building scalable applications in many technical and business domains.
Portfolio
Experience
Python - 4 yearsPHP - 4 yearsMicroservices - 3 yearsDomain-driven Design (DDD) - 3 yearsJava - 3 yearsApplication Security - 2 yearsRuby on Rails (RoR) - 2 yearsGo - 1 yearLocation
Availability
Preferred Environment
Linux, Git
The most amazing...
...project I've developed is a security vulnerability management app that improved the security team's workflow for one of Brazil's biggest fintech companies.
Work Experience
Lead Software Engineer
BoaCompra
- Developed a new API version to improve usability by using best REST practices.
- Created an API gateway library to build API gateways on-demand easily.
- Designed a sandbox solution to improve client onboarding.
- Helped new team members to understand the company business model and grasp the company's code rules.
Application Security Engineer
BoaCompra
- Gave web security training based on the OWASP standards to more than 100 colleagues.
- Mapped and penetration tested the entire system's attack surface to meet PCI obligations.
- Wrote handcrafted reports, which not only pointed security vulnerabilities but also gave instructions and best practices for mitigation.
- Provided specific security advice to developers teams about features they were developing at the time.
- Defined model risk of new features, microservices, and APIs.
- Managed the security vulnerabilities to meet deadlines.
- Tested new mitigations and security features after delivery to see if there wasn't a bypass way.
Software Engineer
BoaCompra
- Broke a core part of a monolith into a resilient microservice, which improved the development process of adding new features.
- Developed a new refund solicitation UI, which improved usability.
- Built a new checkout microservice, improving the conversion rate by 10%.
- Created many reusable libraries to improve development speed and readability.
- Worked with old frameworks and legacy systems such as osCommerce and Tomato.
- Used and promulgated the domain-driven design techniques together with SOLID and Clean Code practices to improve the code maintainability.
System Analyst
Benner
- Analyzed and described requirements for the new features.
- Created many different features focused on each client-specific need.
- Developed COM objects to increase the system's functionalities through reusable components.
Software Developer
TecnoSpeed
- Created a REST API on top of an existing one, improving its features without changing the old code.
- Developed a new UI, improving both usability and performance.
- Found and fixed an old bug that caused significant random problems.
- Developed a new product that improved the client's overall resilience in his primary line of business.
- Created DLLs and COM objects to facilitate the integration of new clients.
- Built and implemented many important invoice-related features, such as cross-field semantic validations and digital invoice sending.
Experience
BoaCompra API
BoaCompra is specialized in payment integrations for more than fifteen countries, giving access to almost 150 payment methods from 10 different countries, making it possible for partners to sell in other currencies and buyers to use their local payment methods. It's a partner of major game companies such as Riot (League of Legends), Valve (Steam), and EA (Battlefield and Need for Speed).
Vulnerability Management App
https://github.com/cgimenes/appsec-adminFile Transferring through QR Code Images
https://github.com/cgimenes/binqr-serverVeterinary Clinic Management App
https://github.com/cgimenes/gohorse-backendSkills
Languages
PHP, Java, Delphi, Bash, GraphQL, SQL, XML, PHP 7, PHP 5, Go, Python, JavaScript, Ruby, C#, CSS, Visual Basic 6 (VB6), CSS3, HTML5, R, Clojure, HTML, Haskell, Elixir, TypeScript
Frameworks
Ruby on Rails (RoR), ActiveX, PHPUnit, Twig, PhalconPHP, Bootstrap, Spring Boot, Tailwind CSS, Bulma, AngularJS, ASP.NET, Flask, Spring, Django, .NET Core, .NET
Libraries/APIs
API Development, Node.js, jQuery, Vue
Tools
Git, Docker Compose, Jenkins, RabbitMQ, Redmine, Subversion (SVN), NMap, Metasploit, Jira, Amazon Simple Queue Service (SQS), Amazon Elastic Container Service (Amazon ECS), RSpec, Apache, NGINX, Traefik
Paradigms
Microservices, CQRS, Event Sourcing, Requirements Analysis, Agile, Scrum, Kanban, Unit Testing, REST, Responsive Web Design (RWD), Penetration Testing, Functional Programming, Object-oriented Programming (OOP), ETL, DevOps
Platforms
Linux, Docker, Windows, Amazon EC2, Heroku, Android, Oracle, Amazon Web Services (AWS), Google Cloud Platform (GCP), DigitalOcean, Firebase
Storage
SlimPHP, Databases, PostgreSQL, MySQL, MongoDB, PL/SQL, Amazon S3 (AWS S3), Redis, Microsoft SQL Server
Other
Domain-driven Design (DDD), Application Security, Software Engineering, Software Architecture, DLL, COM, Hardware, Software Development, Lean, Networks, Risk Modeling, Vulnerability Assessment, Vulnerability Management, Payment Gateways, APIs, Fintech, Online Payments, Payment APIs, Architecture, Single Sign-on (SSO), Back-end, System Integration, Integration Testing, Web App Security, Web Security, Secure Web Development, LDAP, Software Design, Risk Analysis, Metabase, Full-stack, Front-end, CI/CD Pipelines, Native Mobile Apps, Inno Setup, Business Psychology, Mathematics, Statistics, QR Codes, Leadership, API Gateways, Amazon API Gateway
Industry Expertise
Banking & Finance, Security, Cybersecurity
Education
Bachelor of Engineering Degree in Software Engineering
Centro Universitário Cesumar (UniCesumar) - Maringá, Paraná, Brazil
Certifications
Certified Application Security Engineer (CASE)
EC-Council