Paulo Dayrell

Experience

• 

  Laboratório Midiacom

  Jan 2019 - Jan 2020

  IT Infrastructure

  At MidiaCom, I focused on the implementation and support of Identity and Access Management (IAM) using FreeIPA and its associated technologies. I managed the administration, configuration, and troubleshooting for workstations and servers, always adhering to best security practices.Additionally, I was responsible for developing and maintaining comprehensive internal procedures and documentation to ensure operational efficiency and compliance

• 

  Epic Leet Team

  Jun 2019 - Jun 2020

  CTF Player

  Playing capture-the-flag competitions, solving problems related to different security categories, with a focus on Reverse Engineering and Binary Exploitation (pwn).Contributed to the Pwn2Win CTF by creating challenges related to Pwn, Forensics and Reverse Engineering,

• 

  Kryptus EED SA

  Jan 2020 - Jan 2021

  Cyber Security Consultant

  As a member of the CyberSecurity team, I was focused exclusively on offensive security, conducting in-depth penetration tests on APIs, web, and mobile applications for both Android and iOS platforms. With a focus on technical quality, I aimed to provide the highest possible value to the customer by identifying vulnerabilities and improving their overall security posture.

• 

  Clavis Segurança da Informação

  Mar 2020 - Jan 2020

  Cyber Security Consultant

  Conducted thorough penetration testing for various companies, identifying vulnerabilities and evaluating their system security measures. Detailed recommendations were provided based on the findings, assisting customers in enhancing their security posture and ensuring the timely resolution of identified risks.Contributed to the Clavis Academy by reviewing courses and suggesting enhancements to the materials. Actively engaged with the SegInfo portal, a public blog about security maintained by the company, by writing articles on security news. This involvement allowed me to leverage my expertise, improving the quality and effectiveness of the educational and informative content provided to students and the wider community.Lastly, automated processes related to report writing to support the GRC and Red teams. This automation streamlined operations and improved efficiency, enabling teams to concentrate more on core cybersecurity tasks and specific client requirements. Exibir menos

• 

  Olist

  Jan 2021 - Jan 2023

  Offensive Security Analyst

  As an Offensive Security Analyst at Olist, I was among the initial members of the CyberSecurity team, contributing to the establishment and enhancement of the organization's security infrastructure. My responsibilities included conducting secure code reviews and penetration testing on our APIs, web, and mobile applications for both Android and iOS, as well as on the cloud environment (AWS).Collaborating closely with the Application Security (AppSec) team aiding in managing the vulnerability lifecycle. Additionally, I led technical training sessions for the Security Champions program. Together, we identified, prioritized, and promptly addressed vulnerabilities, empowering internal teams with the necessary knowledge and skills to bolster the organization's security culture and practices.Furthermore, I conducted Red Team operations and Phishing Campaigns to simulate real-world cyber-attacks, helping to identify vulnerabilities in our defense mechanisms and contributing to the enhancement of our overall security posture through collaboration with the Incident Response/SecOps team. Exibir menos

• 

  Celcoin

  Jan 2023 - now

  Senior Security Engineer

  I'm part of the CyberSecurity team at Celcoin, where my role involves performing penetration tests on our APIs, mobile apps, microservices, and web services, as well as conducting network and cloud security assessments.