Jean M.

Experience

• 

  UTFPR

  Apr 2017 - Apr 2021

  Cibersecurity Researcher

  • Developed tutorials on Information Security and Computer Systems for the community and for undergraduate courses in Computer Science.• Delivered lectures in schools and universities to spread knowledge about information security.• Analyzed and automated attacks and vulnerabilities.• Conducted penetration testing on computer systems and networks using the following tools: Wireshark, Netcat, Maltego, Hydra, John The Ripper, Ettercap, Nikto, Metasploit Framework, Ghidra, SQLmap, Hashcat.• Analyzed and reproduced malware and attacks on Unix/Linux, Android, and Windows systems.• Analyzed logs and wrote technical and scientific reports.• Studied the anatomy and behavior of ransomware, such as WannaCry. Show less

• 

  SiDi

  Jan 2022 - Jun 2023

  Software security analyst - (Red team)

  • Conducted security audits on Samsung software, including mobile devices, IoT, web applications, and APIs, using black-box, gray-box, and white-box approaches.• Performed code reviews on Java, Kotlin, and JavaScript projects, ensuring secure development best practices for the applications.• Led Dynamic Analysis (DAST) and Static Analysis (SAST), as well as penetration testing, referencing OWASP and MITRE ATT&CK standards. Main tools used: BurpSuite, Drozer, MobiSF, Frida, APKTool, ADB (Android Debug Bridge), JadX.• Developed technical reports and Proofs of Concept (PoC) for Samsung's development team, detailing vulnerabilities identified in the systems and providing mitigation strategies.Collaborated in creating a phishing awareness campaign for employees, contributing to a proactive security culture.• Practiced reverse engineering of Android applications, enhancing understanding and security measures.• Participated in the Security by Design process for projects involving major players in the technology industry, providing valuable insights to ensure threat-resistant architecture from the project’s inception. Show less

• 

  Quality Digital

  Jun 2023 - Feb 2025

  Information Security Analyst - Mid Level

  • Responsible for conducting black-box, gray-box, and white-box penetration testing to protect large-scale e-commerce environments: Use of tools such as Burp Suite, OWASP ZAP, SonarCloud, and SonarQube, and frameworks like OWASP and NIST to ensure compliance with security best practices and LGPD/GPDR.• Promoted secure development practices throughout the Software Development Life Cycle (SDLC), collaborating with development teams to perform detailed code reviews (mainly on Node.js and TypeScript projects).• Created information security content, conducting awareness sessions within the organization.• Responsible for creating CI/CD pipeline automation using the Python programming language, enhancing security processes and providing visibility for the development team. Show less

• 

  Capitani Group

  Jun 2024 - now

  Information Security Architect - SR

  • CLIENT (ALLOS) - Largest Shopping Mall Network in Brazil• Coordinated management committees and vulnerability prioritization.• Implemented Continuous Integration (CI) pipelines in collaboration with the DevOps team, providing visibility of vulnerabilities to developers by integrating GitLab with static analysis tools such as Snyk and Orca Security.• Led Red Team activities, including penetration testing and reverse engineering on Mobile (Android and iOS), Web, APIs, and Desktop applications.• Responsible for creating secure development best practices documentation for development teams.• Implemented DevSecOps processes within the company, such as the Security Champions program, and raised awareness among developers about secure development practices, secure by design, and SSDLC.• Managed vulnerabilities using tools such as Qualys and Appknox.• Implemented features in Cloud environments (Azure) using Terraform.• Conducted code reviews to ensure security best practices according to frameworks like OWASP and NIST. Show less

• 

  RNP

  Feb 2025 - now

  Cybersecurity mentor - "Hackers do bem" technology residency program

  Mentoring of students in the "Hackers do Bem program" with a specialization in Red Team, responsible for providing direct and personalized support to the residents, ensuring their theoretical, practical, and behavioral development, assisting them with doubts, and correcting technical reports.