Marcelo Gimenes de Oliveira, Developer in Maringá - State of Paraná, Brazil
Marcelo is available for hire
Hire Marcelo

Marcelo Gimenes de Oliveira

Verified Expert  in Engineering

Software Engineer and Developer

Maringá - State of Paraná, Brazil
Toptal Member Since
November 24, 2020

Marcelo can take a high-level goal and provide a shippable code. To do so, he can readily learn most technologies as he goes. He cares about the business implications of anything he builds, and he understands the balance between craft, speed, and the bottom line. Moreover, he thinks technologies are about tools and trade-offs, not an ideology. Marcelo has over eight years of experience building scalable applications in many technical and business domains.


Ruby on Rails (RoR), GraphQL, React, Relay, Kubernetes, Helm, Apache Kafka...
Docker, Apache, NGINX, RabbitMQ, MySQL, Bash, Git, Jenkins, Jira...
PHP, Vulnerability Management, Vulnerability Assessment, Risk Modeling, NMap...




Preferred Environment

Linux, Git

The most amazing...

...project I've developed is a security vulnerability management app that improved the security team's workflow for one of Brazil's biggest fintech companies.

Work Experience

Senior Software Engineer

2021 - 2023
  • Centralized a common list feature that was spread all across different modules.
  • Improved IaC features using SparkleFormation; Developed an internal feature to run one-time jobs on Kubernetes.
  • Improved application logs indexation using Logstash, Kibana, and Elasticsearch.
  • Added many new features using React/Relay and GraphQL (Ruby).
  • Refactored the code of a job candidate portal written in React.
  • Migrated some application modules from bare-metal to Kubernetes.
Technologies: Ruby on Rails (RoR), GraphQL, React, Relay, Kubernetes, Helm, Apache Kafka, SparkleFormation, Git, JavaScript, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

Lead Software Engineer

2020 - 2020
  • Developed a new API version to improve usability by using best REST practices.
  • Created an API gateway library to build API gateways on-demand easily.
  • Designed a sandbox solution to improve client onboarding.
  • Helped new team members to understand the company business model and grasp the company's code rules.
Technologies: Docker, Apache, NGINX, RabbitMQ, MySQL, Bash, Git, Jenkins, Jira, Domain-driven Design (DDD), Amazon Elastic Container Service (Amazon ECS), SlimPHP, Amazon API Gateway, API Gateways, PHP, Leadership, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

Application Security Engineer

2018 - 2020
  • Gave web security training based on the OWASP standards to more than 100 colleagues.
  • Mapped and penetration tested the entire system's attack surface to meet PCI obligations.
  • Wrote handcrafted reports, which not only pointed security vulnerabilities but also gave instructions and best practices for mitigation.
  • Provided specific security advice to developers teams about features they were developing at the time.
  • Defined model risk of new features, microservices, and APIs.
  • Managed the security vulnerabilities to meet deadlines.
  • Tested new mitigations and security features after delivery to see if there wasn't a bypass way.
Technologies: PHP, Vulnerability Management, Vulnerability Assessment, Risk Modeling, NMap, Risk Analysis, Application Security, Bash, Metasploit, Python, Ruby on Rails (RoR), Ruby, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

Software Engineer

2016 - 2018
  • Broke a core part of a monolith into a resilient microservice, which improved the development process of adding new features.
  • Developed a new refund solicitation UI, which improved usability.
  • Built a new checkout microservice, improving the conversion rate by 10%.
  • Created many reusable libraries to improve development speed and readability.
  • Worked with old frameworks and legacy systems such as osCommerce and Tomato.
  • Used and promulgated the domain-driven design techniques together with SOLID and Clean Code practices to improve the code maintainability.
Technologies: Amazon Elastic Container Service (Amazon ECS), Amazon Simple Queue Service (SQS), Domain-driven Design (DDD), CQRS, Event Sourcing, GraphQL, Jira, Go, Node.js, Jenkins, Git, Amazon S3 (AWS S3), Amazon EC2, MySQL, MongoDB, RabbitMQ, NGINX, PHP, Docker, Apache, JavaScript, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

System Analyst

2015 - 2016
  • Analyzed and described requirements for the new features.
  • Created many different features focused on each client-specific need.
  • Developed COM objects to increase the system's functionalities through reusable components.
Technologies: ActiveX, DLL, Microsoft SQL Server, Oracle, PL/SQL, JavaScript, C#, Delphi, ASP.NET, Requirements Analysis, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

Software Developer

2012 - 2015
  • Created a REST API on top of an existing one, improving its features without changing the old code.
  • Developed a new UI, improving both usability and performance.
  • Found and fixed an old bug that caused significant random problems.
  • Developed a new product that improved the client's overall resilience in his primary line of business.
  • Created DLLs and COM objects to facilitate the integration of new clients.
  • Built and implemented many important invoice-related features, such as cross-field semantic validations and digital invoice sending.
Technologies: Scrum, Inno Setup, COM, ActiveX, DLL, C#, Visual Basic 6 (VB6), Subversion (SVN), Jenkins, Redmine, PostgreSQL, JavaScript, HTML, CSS, Node.js, AngularJS, Delphi, REST APIs, OOP Designs, SQL, Object-oriented Programming (OOP), Back-end

BoaCompra API

BoaCompra is part of PagSeguro PagBank that has been connecting international merchants with local payments for over 15 years. PagSeguro PagBank is a disruptive provider of financial technology solutions for all kinds and sizes of business, including POS, eCommerce, and digital banking.

BoaCompra is specialized in payment integrations for more than fifteen countries, giving access to almost 150 payment methods from 10 different countries, making it possible for partners to sell in other currencies and buyers to use their local payment methods. It's a partner of major game companies such as Riot (League of Legends), Valve (Steam), and EA (Battlefield and Need for Speed).

Vulnerability Management App
Created a Rails web app to substitute a spreadsheet and easily track vulnerabilities found during the security team's penetration tests. I also added a Metabase installation to give easy access to business intelligence and analytics.

File Transferring through QR Code Images
A mobile app for file transferring through QR code images, where the user can send any small file to his smartphone without having his mobile phone connected to the computer in any way. I developed the whole project composed of a webpage, back end, and a native mobile app.

Veterinary Clinic Management App
An application made with Spring Boot to demonstrate how DDD (tactical building blocks), CQRS, and ES features can be connected and how the trade-off, when applied in a wrong scenario, can drastically decrease the development speed and maintainability.
2013 - 2018

Bachelor of Engineering Degree in Software Engineering

Centro Universitário Cesumar (UniCesumar) - Maringá, Paraná, Brazil


Certified Application Security Engineer (CASE)



API Development, REST APIs, Node.js, jQuery, React, Vue


Git, Docker Compose, Jenkins, RabbitMQ, Redmine, Subversion (SVN), NMap, Metasploit, Jira, Amazon Simple Queue Service (SQS), Amazon Elastic Container Service (Amazon ECS), RSpec, Helm, Apache, NGINX, Traefik, SparkleFormation


Ruby on Rails (RoR), ActiveX, PHPUnit, Twig, PhalconPHP, Bootstrap, Spring Boot, Tailwind CSS, Relay, Bulma, AngularJS, ASP.NET, Flask, Spring, Django, .NET Core, .NET


PHP, Java, Delphi, Bash, GraphQL, SQL, XML, PHP 7, PHP 5, Go, Python, JavaScript, Ruby, C#, CSS, Visual Basic 6 (VB6), CSS3, HTML5, R, Clojure, HTML, Haskell, Elixir, TypeScript


Microservices, CQRS, Event Sourcing, Requirements Analysis, Agile, Scrum, Kanban, Unit Testing, Object-oriented Programming (OOP), REST, Responsive Web Design (RWD), Penetration Testing, Functional Programming, ETL, DevOps


Linux, Docker, Windows, Amazon EC2, Heroku, Kubernetes, Apache Kafka, Android, Oracle, Amazon Web Services (AWS), Google Cloud Platform (GCP), DigitalOcean, Firebase


SlimPHP, Databases, PostgreSQL, MySQL, MongoDB, PL/SQL, Amazon S3 (AWS S3), Redis, Microsoft SQL Server

Industry Expertise

Banking & Finance, Cybersecurity


Domain-driven Design (DDD), Application Security, Software Engineering, Software Architecture, DLL, COM, Hardware, Software Development, Lean, Networks, Risk Modeling, Vulnerability Assessment, Vulnerability Management, Payment Gateways, APIs, Fintech, Online Payments, Payment APIs, Architecture, Single Sign-on (SSO), Back-end, System Integration, Integration Testing, Web App Security, Web Security, Secure Web Development, OOP Designs, LDAP, Software Design, Risk Analysis, Metabase, Full-stack, Front-end, CI/CD Pipelines, Security, Native Mobile Apps, Inno Setup, Business Psychology, Mathematics, Statistics, QR Codes, Leadership, API Gateways, Amazon API Gateway, Machine Learning

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.


Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring