Lead Software Engineer
2020 - 2020BoaCompra- Developed a new API version to improve usability by using best REST practices.
- Created an API gateway library to build API gateways on-demand easily.
- Designed a sandbox solution to improve client onboarding.
- Helped new team members to understand the company business model and grasp the company's code rules.
Technologies: Docker, Apache, Nginx, RabbitMQ, MySQL, Bash, Git, Jenkins, Jira, Domain-driven Design (DDD), AWS ECS, SlimPHP, Amazon API Gateway, API Gateways, PHP, LeadershipApplication Security Engineer
2018 - 2020BoaCompra- Gave web security training based on the OWASP standards to more than 100 colleagues.
- Mapped and penetration tested the entire system's attack surface to meet PCI obligations.
- Wrote handcrafted reports, which not only pointed security vulnerabilities but also gave instructions and best practices for mitigation.
- Provided specific security advice to developers teams about features they were developing at the time.
- Defined model risk of new features, microservices, and APIs.
- Managed the security vulnerabilities to meet deadlines.
- Tested new mitigations and security features after delivery to see if there wasn't a bypass way.
Technologies: PHP, Vulnerability Management, Vulnerability Assessment, Risk Modeling, NMap, Risk Analysis, Application Security, Bash, Metasploit, Python, Ruby on Rails (RoR), RubySoftware Engineer
2016 - 2018BoaCompra- Broke a core part of a monolith into a resilient microservice, which improved the development process of adding new features.
- Developed a new refund solicitation UI, which improved usability.
- Built a new checkout microservice, improving the conversion rate by 10%.
- Created many reusable libraries to improve development speed and readability.
- Worked with old frameworks and legacy systems such as osCommerce and Tomato.
- Used and promulgated the domain-driven design techniques together with SOLID and Clean Code practices to improve the code maintainability.
Technologies: AWS ECS, Amazon SQS, Domain-driven Design (DDD), CQRS, Event Sourcing, GraphQL, Jira, Go, Node.js, Jenkins, Git, AWS S3, AWS EC2, MySQL, MongoDB, RabbitMQ, Nginx, PHP, Docker, Apache, JavaScriptSystem Analyst
2015 - 2016Benner- Analyzed and described requirements for the new features.
- Created many different features focused on each client-specific need.
- Developed COM objects to increase the system's functionalities through reusable components.
Technologies: ActiveX, DLL, Microsoft SQL Server, Oracle, PL/SQL, JavaScript, C#, Delphi, ASP.NET, Requirements AnalysisSoftware Developer
2012 - 2015TecnoSpeed- Created a REST API on top of an existing one, improving its features without changing the old code.
- Developed a new UI, improving both usability and performance.
- Found and fixed an old bug that caused significant random problems.
- Developed a new product that improved the client's overall resilience in his primary line of business.
- Created DLLs and COM objects to facilitate the integration of new clients.
- Built and implemented many important invoice-related features, such as cross-field semantic validations and digital invoice sending.
Technologies: Scrum, Inno Setup, COM, ActiveX, DLL, C#, Visual Basic 6 (VB6), Subversion (SVN), Jenkins, Redmine, PostgreSQL, JavaScript, HTML, CSS, Node.js, AngularJS, Delphi
Marcelo Gimenes de Oliveira
Domain-driven Design (DDD) Developer in Maringá - State of Paraná, Brazil
Member since November 23, 2018
Marcelo can take a high-level goal and provide a shippable code. To do so, he can readily learn most technologies as he goes. He cares about the business implications of anything he builds, and he understands the balance between craft, speed, and the bottom line. Moreover, he thinks technologies are about tools and trade-offs, not an ideology. Marcelo has over eight years of experience building scalable applications in many technical and business domains.
Marcelo is now available for hire
Experience
- Python 4 years
- PHP 4 years
- Microservices 3 years
- Domain-driven Design (DDD) 3 years
- Java 3 years
- Application Security 2 years
- Ruby on Rails (RoR) 2 years
- Go 1 year
Availability
Part-time
Preferred Environment
Linux, Git
The most amazing...
...project I've developed is a security vulnerability management app that improved the security team's workflow for one of Brazil's biggest fintech companies.
Employment
Experience
- BoaCompra API
BoaCompra is part of PagSeguro PagBank that has been connecting international merchants with local payments for over 15 years. PagSeguro PagBank is a disruptive provider of financial technology solutions for all kinds and sizes of business, including POS, eCommerce, and digital banking.
BoaCompra is specialized in payment integrations for more than fifteen countries, giving access to almost 150 payment methods from 10 different countries, making it possible for partners to sell in other currencies and buyers to use their local payment methods. It's a partner of major game companies such as Riot (League of Legends), Valve (Steam), and EA (Battlefield and Need for Speed). - Vulnerability Management Apphttps://github.com/cgimenes/appsec-admin
Created a Rails web app to substitute a spreadsheet and easily track vulnerabilities found during the security team's penetration tests. I also added a Metabase installation to give easy access to business intelligence and analytics.
- File Transferring through QR Code Imageshttps://github.com/cgimenes/binqr-server
A mobile app for file transferring through QR code images, where the user can send any small file to his smartphone without having his mobile phone connected to the computer in any way. I developed the whole project composed of a webpage, back end, and a native mobile app.
- Veterinary Clinic Management Apphttps://github.com/cgimenes/gohorse-backend
An application made with Spring Boot to demonstrate how DDD (tactical building blocks), CQRS, and ES features can be connected and how the trade-off, when applied in a wrong scenario, can drastically decrease the development speed and maintainability.
Skills
Languages
PHP, Java, Delphi, Bash, GraphQL, SQL, XML, PHP 7, PHP 5, Go, Python, JavaScript, Ruby, C#, CSS, Visual Basic 6 (VB6), CSS3, HTML5, R, Clojure, HTML, Haskell, Elixir, TypeScriptFrameworks
Ruby on Rails (RoR), ActiveX, PHPUnit, Twig, PhalconPHP, Bootstrap, Spring Boot, Tailwind CSS, Bulma, AngularJS, ASP.NET, Flask, Spring, Django, .NET Core, .NETLibraries/APIs
API Development, Node.js, jQuery, Vue.jsTools
Git, Docker Compose, Jenkins, RabbitMQ, Redmine, Subversion (SVN), NMap, Metasploit, Jira, Amazon SQS, AWS ECS, RSpec, Apache, Nginx, TraefikParadigms
Microservices, CQRS, Event Sourcing, Requirements Analysis, Agile, Scrum, Kanban, Unit Testing, REST, Responsive Web Design (RWD), Penetration Testing, Functional Programming, Object-oriented Programming (OOP), ETL, DevOpsPlatforms
Linux, Docker, Windows, AWS EC2, Heroku, Android, Oracle, Amazon Web Services (AWS), Google Cloud Platform (GCP), DigitalOcean, FirebaseStorage
SlimPHP, Databases, PostgreSQL, MySQL, MongoDB, PL/SQL, AWS S3, Redis, Microsoft SQL ServerOther
Domain-driven Design (DDD), Application Security, Software Engineering, Software Architecture, DLL, COM, Hardware, Software Development, Lean, Networks, Risk Modeling, Vulnerability Assessment, Vulnerability Management, Payment Gateways, APIs, Fintech, Online Payments, Payment APIs, Architecture, Single Sign-on (SSO), Back-end, System Integration, Integration Testing, Web App Security, Web Security, Secure Web Development, LDAP, Software Design, Risk Analysis, Metabase, Full-stack, Front-end, CI/CD Pipelines, Native Mobile Apps, Inno Setup, Business Psychology, Mathematics, Statistics, AWS, QR Codes, Leadership, API Gateways, Amazon API GatewayIndustry Expertise
Banking & Finance, Security, Cybersecurity
Education
- Bachelor of Engineering Degree in Software Engineering2013 - 2018Centro Universitário Cesumar (UniCesumar) - Maringá, Paraná, Brazil
Certifications
- Certified Application Security Engineer (CASE)SEPTEMBER 2020 - SEPTEMBER 2023EC-Council
