Rafael Souza
Verified Expert in Engineering
Security Software Developer
São Paulo - State of São Paulo, Brazil
Toptal member since May 10, 2022
Rafael is an information security professional with over 10 years of IT experience. He is used to managing technical consultants, handling clients, architecting projects, designing services, improving business processes, training people, and delivering solutions. Rafael has spoken at many security conferences and events worldwide, including DefCamp, Secure Brazil, Hack in The Box, ISSA, ICSN, Hacks in Taiwan HITCON, CiberGuard, BSides, Cyber Secure Pakistan, HackMiami, ToorCon, and DEFCON.
Portfolio
Experience
- Hacking - 17 years
- Security - 10 years
- Cybersecurity - 10 years
- Leadership - 8 years
- Vulnerability Management - 8 years
- Risk & Compliance - 7 years
- Management - 7 years
- Compliance - 7 years
Availability
Preferred Environment
Windows, Linux, MacOS, Google Cloud Platform (GCP), Azure, Applications, Networking, Systems, Amazon Web Services (AWS)
The most amazing...
...things I've done are speaking at DEFCON and getting recognition in the Security Hall of Fame from Microsoft and Apple.
Work Experience
Senior Consultant
Enterprise Technical Services
- Conducted application security and red team testing to identify weaknesses in the company's custom-built software system.
- Contributed to ongoing efforts to maintain and improve the overall security of the platform.
- Advised on and implemented best practices for security in collaboration with the development team.
- Supported certifications/frameworks projects such as SOC, HIPAA, HITRUST, ISO.
Senior Consultant
Enterprise Technical Services
- Developed risk assessment and guided system owners on requirements in alignment with security risk assessment results, thereby supporting IT compliance across multiple systems or applications according to the NIST 800-53, ISO 27001, SOC, and PCI DSS.
- Performed third-party risk assessments by conducting and evaluating inherent risks questionnaires and vendor surveys. Assessed due diligence documentation following the risk management program standards, providing effective recommendations.
- Established a level of excellence in the governance, risk, and compliance (GRC) policies and procedures and other key governing initiatives that support risk and third-party risk management, such as vendor management, legal, and risk assessments.
- Provided operational risk management support, including participating in risk assessments, managing system weaknesses, and providing ongoing risk monitoring, threat management, and mitigation support.
- Drove remediation activities with stakeholders and business executives, including developing remediation plans and tracking and reporting remediation progress.
Security and Compliance Lead
Enterprise Technical Services (Confidential)
- Managed the security and compliance team. Ensured the company's compliance with market certifications, such as the ISO, SOC, and PCI.
- Led the offensive security, i.e., red activities, including penetration testing, red team exercises, and vulnerability management. The results of the failures found were directed to the development teams that received support during the correction.
- Helped to structure the area from the beginning, and we have achieved SOC 2 certification without any exceptions in the attestation report.
- Led the defensive, i.e., blue activities, including implementing security features, planning and organizing blue team exercises, keeping the cloud and network environment secure, monitoring systems, and incident prevention, detection, and response.
Head of Penetration Testing
Future Technologies
- Worked at this innovation center that focuses on research projects on vulnerabilities and mitigation methods, developing new and proprietary security, monitoring and performance solutions to meet market demand.
- Acted as the head of penetration testing practice and reported directly to the CTO.
- Served various organizations across the globe, including governments, banks, the retail sector, and the payment card industry.
Director of Security
Occasio Security
- Led projects related to penetration testing, vulnerability analysis, DevSecOps, computer forensics, incident response, cloud security, security architecture, governance, and risk and compliance assessments, like PCI DSS, ISO 27001, SOC 2, and GDPR.
- Oversaw the cyber security and compliance practice.
- Conducted compliance assessments, such as PCI DSS, ISO 27001, SOC 2, and GDPR.
Experience
HackersOnlineClub
https://hackersonlineclub.comEducation
Master's Degree in Business Administration (MBA)
University of São Paulo - São Paulo, Brazil
Professional Degree in International Business
University of South Santa Catarina - Santa Catarina, Brazil
Skills
Libraries/APIs
Node.js
Platforms
QualysGuard, Windows, Linux, MacOS, Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS)
Paradigms
DevSecOps, Management, Penetration Testing, HIPAA Compliance
Languages
Python, Java, C, Bash
Frameworks
COBIT, Jakarta Server Pages (JSP)
Industry Expertise
Cybersecurity
Other
IT Security, Compliance, Risk & Compliance, Security Architecture, Risk Assessment, Risk Models, Vulnerability Assessment, Vulnerability Management, Business, Administration, Business Administration, International Trade, International Affairs, Leadership, Security, Hacking, Applications, Networking, Systems, Security Audits, PCI Compliance, SOC Compliance, ISO 27001, Network Security, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), SOC 2, System-on-a-Chip (SoC), NIST, Architecture, Cloud Security, Threat Modeling, Risk, Technical Writing, Documentation, Risk Management, PCI, COSO ERM Framework, Vendor Management, Vendors & Suppliers, GRC, IT Governance, Third-party Risk
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring