Marcelo Gimenes de Oliveira, Domain-driven Design (DDD) Developer in Maringá - State of Paraná, Brazil
Marcelo Gimenes de Oliveira

Domain-driven Design (DDD) Developer in Maringá - State of Paraná, Brazil

Member since November 24, 2020
Marcelo can take a high-level goal and provide a shippable code. To do so, he can readily learn most technologies as he goes. He cares about the business implications of anything he builds, and he understands the balance between craft, speed, and the bottom line. Moreover, he thinks technologies are about tools and trade-offs, not an ideology. Marcelo has over eight years of experience building scalable applications in many technical and business domains.
Marcelo is now available for hire


  • BoaCompra
    Docker, Apache, NGINX, RabbitMQ, MySQL, Bash, Git, Jenkins, Jira...
  • BoaCompra
    PHP, Vulnerability Management, Vulnerability Assessment, Risk Modeling, NMap...
  • BoaCompra
    Amazon ECS (Amazon Elastic Container Service), Amazon SQS...



Maringá - State of Paraná, Brazil



Preferred Environment

Linux, Git

The most amazing...

...project I've developed is a security vulnerability management app that improved the security team's workflow for one of Brazil's biggest fintech companies.


  • Lead Software Engineer

    2020 - 2020
    • Developed a new API version to improve usability by using best REST practices.
    • Created an API gateway library to build API gateways on-demand easily.
    • Designed a sandbox solution to improve client onboarding.
    • Helped new team members to understand the company business model and grasp the company's code rules.
    Technologies: Docker, Apache, NGINX, RabbitMQ, MySQL, Bash, Git, Jenkins, Jira, Domain-driven Design (DDD), Amazon ECS (Amazon Elastic Container Service), SlimPHP, Amazon API Gateway, API Gateways, PHP, Leadership
  • Application Security Engineer

    2018 - 2020
    • Gave web security training based on the OWASP standards to more than 100 colleagues.
    • Mapped and penetration tested the entire system's attack surface to meet PCI obligations.
    • Wrote handcrafted reports, which not only pointed security vulnerabilities but also gave instructions and best practices for mitigation.
    • Provided specific security advice to developers teams about features they were developing at the time.
    • Defined model risk of new features, microservices, and APIs.
    • Managed the security vulnerabilities to meet deadlines.
    • Tested new mitigations and security features after delivery to see if there wasn't a bypass way.
    Technologies: PHP, Vulnerability Management, Vulnerability Assessment, Risk Modeling, NMap, Risk Analysis, Application Security, Bash, Metasploit, Python, Ruby on Rails (RoR), Ruby
  • Software Engineer

    2016 - 2018
    • Broke a core part of a monolith into a resilient microservice, which improved the development process of adding new features.
    • Developed a new refund solicitation UI, which improved usability.
    • Built a new checkout microservice, improving the conversion rate by 10%.
    • Created many reusable libraries to improve development speed and readability.
    • Worked with old frameworks and legacy systems such as osCommerce and Tomato.
    • Used and promulgated the domain-driven design techniques together with SOLID and Clean Code practices to improve the code maintainability.
    Technologies: Amazon ECS (Amazon Elastic Container Service), Amazon SQS, Domain-driven Design (DDD), CQRS, Event Sourcing, GraphQL, Jira, Go, Node.js, Jenkins, Git, Amazon S3 (AWS S3), Amazon EC2 (Amazon Elastic Compute Cloud), MySQL, MongoDB, RabbitMQ, NGINX, PHP, Docker, Apache, JavaScript
  • System Analyst

    2015 - 2016
    • Analyzed and described requirements for the new features.
    • Created many different features focused on each client-specific need.
    • Developed COM objects to increase the system's functionalities through reusable components.
    Technologies: ActiveX, DLL, Microsoft SQL Server, Oracle, PL/SQL, JavaScript, C#, Delphi, ASP.NET, Requirements Analysis
  • Software Developer

    2012 - 2015
    • Created a REST API on top of an existing one, improving its features without changing the old code.
    • Developed a new UI, improving both usability and performance.
    • Found and fixed an old bug that caused significant random problems.
    • Developed a new product that improved the client's overall resilience in his primary line of business.
    • Created DLLs and COM objects to facilitate the integration of new clients.
    • Built and implemented many important invoice-related features, such as cross-field semantic validations and digital invoice sending.
    Technologies: Scrum, Inno Setup, COM, ActiveX, DLL, C#, Visual Basic 6 (VB6), Subversion (SVN), Jenkins, Redmine, PostgreSQL, JavaScript, HTML, CSS, Node.js, AngularJS, Delphi


  • BoaCompra API

    BoaCompra is part of PagSeguro PagBank that has been connecting international merchants with local payments for over 15 years. PagSeguro PagBank is a disruptive provider of financial technology solutions for all kinds and sizes of business, including POS, eCommerce, and digital banking.

    BoaCompra is specialized in payment integrations for more than fifteen countries, giving access to almost 150 payment methods from 10 different countries, making it possible for partners to sell in other currencies and buyers to use their local payment methods. It's a partner of major game companies such as Riot (League of Legends), Valve (Steam), and EA (Battlefield and Need for Speed).

  • Vulnerability Management App

    Created a Rails web app to substitute a spreadsheet and easily track vulnerabilities found during the security team's penetration tests. I also added a Metabase installation to give easy access to business intelligence and analytics.

  • File Transferring through QR Code Images

    A mobile app for file transferring through QR code images, where the user can send any small file to his smartphone without having his mobile phone connected to the computer in any way. I developed the whole project composed of a webpage, back end, and a native mobile app.

  • Veterinary Clinic Management App

    An application made with Spring Boot to demonstrate how DDD (tactical building blocks), CQRS, and ES features can be connected and how the trade-off, when applied in a wrong scenario, can drastically decrease the development speed and maintainability.


  • Languages

    PHP, Java, Delphi, Bash, GraphQL, SQL, XML, PHP 7, PHP 5, Go, Python, JavaScript, Ruby, C#, CSS, Visual Basic 6 (VB6), CSS3, HTML5, R, Clojure, HTML, Haskell, Elixir, TypeScript
  • Frameworks

    Ruby on Rails (RoR), ActiveX, PHPUnit, Twig, PhalconPHP, Bootstrap, Spring Boot, Tailwind CSS, Bulma, AngularJS, ASP.NET, Flask, Spring, Django, .NET Core, .NET
  • Libraries/APIs

    API Development, Node.js, jQuery, Vue
  • Tools

    Git, Docker Compose, Jenkins, RabbitMQ, Redmine, Subversion (SVN), NMap, Metasploit, Jira, Amazon SQS, Amazon ECS (Amazon Elastic Container Service), RSpec, Apache, NGINX, Traefik
  • Paradigms

    Microservices, CQRS, Event Sourcing, Requirements Analysis, Agile, Scrum, Kanban, Unit Testing, REST, Responsive Web Design (RWD), Penetration Testing, Functional Programming, Object-oriented Programming (OOP), ETL, DevOps
  • Platforms

    Linux, Docker, Windows, Amazon EC2 (Amazon Elastic Compute Cloud), Heroku, Android, Oracle, Amazon Web Services (AWS), Google Cloud Platform (GCP), DigitalOcean, Firebase
  • Storage

    SlimPHP, Databases, PostgreSQL, MySQL, MongoDB, PL/SQL, Amazon S3 (AWS S3), Redis, Microsoft SQL Server
  • Other

    Domain-driven Design (DDD), Application Security, Software Engineering, Software Architecture, DLL, COM, Hardware, Software Development, Lean, Networks, Risk Modeling, Vulnerability Assessment, Vulnerability Management, Payment Gateways, APIs, Fintech, Online Payments, Payment APIs, Architecture, Single Sign-on (SSO), Back-end, System Integration, Integration Testing, Web App Security, Web Security, Secure Web Development, LDAP, Software Design, Risk Analysis, Metabase, Full-stack, Front-end, CI/CD Pipelines, Native Mobile Apps, Inno Setup, Business Psychology, Mathematics, Statistics, AWS, QR Codes, Leadership, API Gateways, Amazon API Gateway
  • Industry Expertise

    Banking & Finance, Security, Cybersecurity


  • Bachelor of Engineering Degree in Software Engineering
    2013 - 2018
    Centro Universitário Cesumar (UniCesumar) - Maringá, Paraná, Brazil


  • Certified Application Security Engineer (CASE)

To view more profiles

Join Toptal
Share it with others