Victor Lima

Experience

• 

  In.Voice Telecom

  May 2010 - May 2012

  System Analyst

  - Development of queries for data processing and account auditing for the customer base;- Issuance of analytical audit and cost reduction reports for the internal commercial area;- Technical support for the customer base and internal Sales area;

• 

  Officer Distribuidora

  Jun 2012 - May 2014

  Pre Sales Product Specialist

  - Technical responsible for the Information Security product line;- Pre-sales and technical support for the internal sales team and partners;- Provide product training to the internal commercial area and potential partners;- Preparation of technical proposals and business conditions for the internal commercial team;- Interface and assistance in strategic decision-making in the company's areas (Products, Commercial and Marketing);- Creation of business plans together with the internal Channels area;- Responsible for monitoring the sales process until delivery to the customer within the agreed deadline;- Recurring Forecast report for Product Managers; Show less

• 

  McAfee

  Jun 2014 - Mar 2015

  Inside Sales Representative

  - Monitoring pre-sales of products: NGFW, SIEM, DLP, IPS, IDS, Cryptography, Endpoint and SaaS;- Technical support and assistance in processes for partners and customers;- Provide product training to potential partners;- Responsible for sales of Information Security products through channels focused on the Southeast, Central-West and South regions for small and medium-sized companies;- Preparation of technical proposals according to the customer environment;- Identification and mapping of potential customers and partners;- Development of growth plans for partners and customers;- Recurring Forecast reports for the board; Show less

• 

  Aspect Software

  Mar 2015 - May 2016

  Inside Sales Representative

  - Pre-sales monitoring and creation of technical proposals according to the customer's environment;- Technical support and assistance to partners and customers;- Responsible for identifying and mapping potential partners and customers;- Interface between different areas of the company (Marketing, Legal, Finance, Support and Projects), to fulfill the booking processes within the agreed deadlines;- Recurring Forecast reports for the board;

• 

  UOL DIVEO

  Oct 2017 - Jun 2018

  Security Analyst

  - Response to cyber attack incidents (application attacks and DDoS);- WAF Management – ​​Implementation, creation of policies, activation of countermeasures to mitigate attacks, monitoring logs, investigating attacks and issuing monthly reports to the customer base;Management of DDoS Protection – Implementation, protection of infrastructures and applications, in addition to issuing monthly reports to the customer base. - Vulnerability Scan management and reporting for the customer base, verification and programming of routines;- Monitoring of tool and server logs based on SIEM correlations- Management of Digital Certificates (SSL) for the customer base;- Brand Protection – Analysis of Phishing and Spam related to the customer's brand for treatment and removal of inappropriate content (Takedown);- Handling security incidents (invasion attempt, malware, portscan, breach of company policies);- Identity & Access Management – ​​Cloud (AWS, Azure and Google Cloud), LDAP, TACACS, Syslog and VPN. - Access control to corporate networks (ACL);- Proxy management (Pulse Secure);- Hardening validation in the operating system (Windows). - Endpoint management. - Monitoring the development of security policies together with the Compliance area; Show less

• 

  Conquest One

  Jul 2018 - Sept 2018

  Application Security on Bayer Brasil

  - Support the Development team (internal and external) for secure development practices; - Use of tools for dynamic application analysis (DAST);- Application Vulnerability Management, definition of action plans and corrections;- Creation and execution of audit controls;- Related Incident Response to attacks and fraud;- Information Security technical guideline and good development practices for internal areas; - Technical support and guidance for Industry 4.0 adoption;- Information Security Representative on the Change Committee; Show less

• 

  Santander Brasil

  Oct 2018 - Oct 2019

  Application Security Analyst

  - Execution and strategy of static analysis tools in code (SAST);- Execution and strategy of dynamic application analysis tools (DAST);- Container security deployment and strategy;- Definition of the application Virtual Patch process (WAF and RASP);- PoC execution of AppSec pipeline tools;- Support the development team (Internal and External) for good coding practices;- Creation of Security Gates through secure development tools;- Creation of the company's risk acceptance process according to technological and business particularities;- Management of company-wide application vulnerabilities and definition of action plans and corrections;- Security methodologies in centralized and decentralized environments (OpenSAMM and OWASP SAMM);- Assistance with developer awareness strategy;- Defensive coding practices;- Execution of Threat Modeling;- Cyber ​​representative on the change committee; Show less

• 

  Banco Votorantim

  Oct 2019 - Aug 2020

  Application Security Analyst

  - PoC of tools for the entire SDLC focused on AppSec;- Execution of tools for automating security requirements and threat modeling;- Execution and strategy of static analysis tools in code (SAST);- Execution and strategy of dynamic analysis tools application (DAST) - Deployment and container security strategy - Definition of the application Virtual Patch process (WAF and RASP) - Creation of Security Gates through secure development tools - Management of company-wide application vulnerabilities and definition of action plans and corrections - Use of application security frameworks (OpenSAMM v1.5 and OWASP SAMM v2.0) - Support to the development team (Internal and External) for good coding practices - Assistance in the developer awareness strategy - Participation in agile ceremonies to support secure development - Technical support for secure development (following best practices and support of security requirements based on ASVS) Show less

• 

  PicPay

  Aug 2020 - Aug 2021

  Senior Application Security Analyst

  - Implementation of application security frameworks (OpenSAMM v1.5 and OWASP SAMM v2.0)- Assistance in the developer awareness strategy - Participation in the creation of the Security Champions program - Support developers for fix vulnerabilities;

• 

  Ambev

  Aug 2021 - now

  - Responsible for the scope of digital products in Latin America (SAZ); - Creation and presentation of the information security director plan; - Responsible for application security team (DevSecOps), offensive (pentest) and application vulnerability management;- Management and decision-making based on automated indicators, KPIs, KRIs and OKRs of projects and structures; - CAPEX and OPEX budget management;- Responsible for projects of pipeline security Implementation (SAST, DAST, SCA and container security); - Support in decision making for business regarding information security; - Creation of blueprint for application security within the secure development process;- Creation of DevSecOps strategy based on NIST and OWASP SAMM frameworks; - Responsible for application security controls support to attend Sarbanes-Oxley (SOX); - Management of the application security team and project leadership; - Application security maturity assessment (OWASP SAMM) and action plan to improve the secure development process; Show less - Creation and presentation of the information security director plan; - Responsible for application security team (DevSecOps), offensive (pentest) and application vulnerability management;- Management and decision-making based on automated indicators, KPIs, KRIs and OKRs of projects and structures; - CAPEX and OPEX budget management;- Responsible for projects of pipeline security Implementation (SAST, DAST, SCA and container security); - Support in decision making for business regarding information security; - Creation of blueprint for application security within the secure development process;- Creation of DevSecOps strategy based on NIST and OWASP SAMM frameworks; - Responsible for application security controls support to attend Sarbanes-Oxley (SOX); - Management of the application security team and project leadership; - Application security maturity assessment (OWASP SAMM) and action plan to improve the secure development process; Show less - Management of the application security team and project leadership; - Perform regular security assessments on applications to identify vulnerabilities and potential risks;- Coordinate penetration testing and vulnerability analysis.- Evaluate security risks associated with the development of new and legacy applications, propose and implement controls to mitigate those risks Identified;- Develop and apply application security training programs for developers focused on secure coding and architecture. Show less

  • Senior Cyber Security Manager

    Jan 2024 - now

  • Cyber Security Manager

    Jan 2023 - Jan 2024

  • Application Security Coordinator

    Jan 2022 - Dec 2022

  • Application Security Specialist

    Aug 2021 - Dec 2021