Rafael Souza, Developer in São Paulo - State of São Paulo, Brazil
Rafael is available for hire
Hire Rafael

Rafael Souza

Verified Expert  in Engineering

Security Software Developer

Location
São Paulo - State of São Paulo, Brazil
Toptal Member Since
May 10, 2022

Rafael is an information security professional with over ten years of IT experience. He is used to managing technical consultants, handling clients, architecting projects, designing services, improving business processes, training people, and delivering solutions. Rafael has spoken at many security conferences and events worldwide, including DefCamp, Secure Brazil, Hack in The Box, ISSA, ICSN, Hacks in Taiwan HITCON, CiberGuard, BSides, Cyber Secure Pakistan, HackMiami, ToorCon, and DEFCON.

Portfolio

Enterprise Technical Services
Vulnerability Assessment, Risk Management, Architecture, PCI, NIST, COBIT...
Enterprise Technical Services (Confidential)
Cybersecurity, Security, IT Security, Security Architecture...
Future Technologies
Cybersecurity, Security, IT Security, Security Architecture, Security Audits...

Experience

Availability

Full-time

Preferred Environment

Windows, Linux, MacOS, Google Cloud Platform (GCP), Azure, Applications, Networking, Systems, Amazon Web Services (AWS)

The most amazing...

...things I've done are speaking at DEFCON and getting recognition in the Security Hall of Fame from Microsoft and Apple.

Work Experience

Senior Consultant

2022 - PRESENT
Enterprise Technical Services
  • Developed risk assessment and guided system owners on requirements in alignment with security risk assessment results, thereby supporting IT compliance across multiple systems or applications according to the NIST 800-53, ISO 27001, SOC, and PCI DSS.
  • Performed third-party risk assessments by conducting and evaluating inherent risks questionnaires and vendor surveys. Assessed due diligence documentation following the risk management program standards, providing effective recommendations.
  • Established a level of excellence in the Governance Risk and Compliance (GRC) policies and procedures and other key governing initiatives that support risk and third-party risk management, such as vendor management, legal, and risk assessments.
  • Provided operational risk management support, including participating in risk assessments, managing system weaknesses, and providing ongoing risk monitoring, threat management, and mitigation support.
  • Drove remediation activities with stakeholders and business executives, including developing remediation plans and tracking and reporting remediation progress.
Technologies: Vulnerability Assessment, Risk Management, Architecture, PCI, NIST, COBIT, QualysGuard, HIPAA Compliance, IT Security, Security, Security Architecture, COSO ERM Framework, ISO 27001, Vendor Management, Vendors & Suppliers, GRC, IT Governance, Risk Assessment, Risk Models, Third-party Risk, SOC 2

Security and Compliance Lead

2020 - 2022
Enterprise Technical Services (Confidential)
  • Managed the security and compliance team. Ensured the company's compliance with market certifications, such as the ISO, SOC, and PCI.
  • Led the offensive security, i.e., red activities, including penetration testing, red team exercises, and vulnerability management. The results of the failures found were directed to the development teams that received support during the correction.
  • Helped to structure the area from the beginning, and we have achieved SOC 2 certification without any exceptions in the attestation report.
  • Led the defensive, i.e., blue activities, including implementing security features, planning and organizing blue team exercises, keeping the cloud and network environment secure, monitoring systems, and incident prevention, detection, and response.
Technologies: Cybersecurity, Security, IT Security, Security Architecture, Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, Security Audits, Compliance, PCI Compliance, SOC Compliance, ISO 27001

Head of Penetration Testing

2019 - 2020
Future Technologies
  • Worked at this innovation center that focuses on research projects on vulnerabilities and mitigation methods, developing new and proprietary security, monitoring and performance solutions to meet market demand.
  • Acted as the head of penetration testing practice and reported directly to the CTO.
  • Served various organizations across the globe, including governments, banks, the retail sector, and the payment card industry.
Technologies: Cybersecurity, Security, IT Security, Security Architecture, Security Audits, Penetration Testing, Network Security, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Amazon Web Services (AWS), Python, QualysGuard, Bash, Vulnerability Management

Director of Security

2017 - 2019
Occasio Security
  • Led projects related to penetration testing, vulnerability analysis, DevSecOps, computer forensics, incident response, cloud security, security architecture, governance, and risk and compliance assessments, like PCI DSS, ISO 27001, SOC 2, and GDPR.
  • Oversaw the cyber security and compliance practice.
  • Conducted compliance assessments, such as PCI DSS, ISO 27001, SOC 2, and GDPR.
Technologies: Security, Cybersecurity, Compliance, PCI Compliance, SOC Compliance, SOC 2, ISO 27001, System-on-a-Chip (SoC), Google Cloud Platform (GCP), Azure, NIST, DevSecOps, Architecture, Cloud Security, Risk Assessment, Risk Models, Threat Modeling, Risk, Technical Writing, Documentation, Vulnerability Management

HackersOnlineClub

https://hackersonlineclub.com
HackersOnlineClub is a global market-leading website for information security resources with an average of one million access per month. Our website is a source of information for the community, giving them the knowledge we've gained and posting about new techniques, tools, and security issues in general. We've been online for over ten years, consistently committed to ethically spreading information about hacking and information security.
2020 - 2021

Master's Degree in Business Administration (MBA)

University of São Paulo - São Paulo, Brazil

2016 - 2019

Professional Degree in International Business

University of South Santa Catarina - Santa Catarina, Brazil

Libraries/APIs

Node.js

Paradigms

DevSecOps, Management, Penetration Testing, HIPAA Compliance

Platforms

QualysGuard, Windows, Linux, MacOS, Google Cloud Platform (GCP), Azure, Amazon Web Services (AWS)

Languages

Python, Java, C, Bash

Frameworks

COBIT

Industry Expertise

Cybersecurity, Network Security

Other

IT Security, Compliance, Risk & Compliance, Security Architecture, Risk Assessment, Risk Models, Vulnerability Assessment, Vulnerability Management, Business, Administration, Business Administration, International Trade, International Affairs, Leadership, Security, Hacking, Applications, Networking, Systems, Security Audits, PCI Compliance, SOC Compliance, ISO 27001, Application Security, Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), SOC 2, System-on-a-Chip (SoC), NIST, Architecture, Cloud Security, Threat Modeling, Risk, Technical Writing, Documentation, Risk Management, PCI, COSO ERM Framework, Vendor Management, Vendors & Suppliers, GRC, IT Governance, Third-party Risk

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring