André O.

Experience

• 

  CPqD

  Jun 2013 - Dec 2013

  Intern

  Projects: Methodology to validate cryptographic systems• Used static and dynamic analysis to evaluate the security of cryptographic libraries;• Implementation of Assembly backdoors to exercise the methodology.Security analysis of a cryptographic primitive• Security analysis of a cryptographic primitive used for password transmissionover networks;• Calculation of the theoretical effort to break each property of the cryptographicprimitive;• Implementation of a python script to break the primitive.Mobile suite for secure communication• Implemented a password recovery library for Android applications;• Implemented the padding oracle attack described in the paper "Practical PaddingOracle Attacks" Show less

• 

  CPqD

  Feb 2014 - Apr 2018

  Security Engineer

  Smart Authentication - Biometric Authentication• Implementation of a C wrapper for a native cryptography library;• Implementation of a simplified version of the Kerberos protocol for web pages;• Implementation of an anti-tamper algorithm for Flash applications;• Implementation of routines to protect biometric templates using the secure coding guidelines for C language specified by CERTASAP - Android Security Attack Paths• Implemented a system call tracer;• Study of software vulnerabilities in the AndroidSecurity analysis of an electric lock for bank vaults• Source code analysis of a C implementation of AES algorithm using C securecoding guidelines from CERT.Security analysis of a Java application• Source code analysis using Java secure coding guidelines from CERTSecurity analysis of a Java application• Source code analysis using Java secure coding guidelines from CERTSecure Component - Protection for financial transactions• Implemented Java microservices with REST interfaces for communication;• Creation of automated tests using Selenium and AutoIt;• Creation of multiple shell scripts to aid installation, monitoring and proper execution of various software components;• Static and dynamic analysis of banker malwares;• Implemented an anti-tamper algorithm for JavaScript language;• Installed the solution at the client. Show less

• 

  Kryptus EED SA

  Apr 2018 - Apr 2021

  Security Analyst

  • Pentest of web and mobile applications• Secure code review using SonarQube and secure coding guidelines like CERT C andCERT Java.• Responsible for coordinating a new product development for approx. 6 months, while also developing components of machine learning, backend and frontend.• Meeting with clients and potential clients

• 

  SiDi

  Apr 2021 - Oct 2021

  Software Security Analyst

  • Implementation of a portal (backend/frontend) to allow the trial of a single Knox service.• Partial implementation of a security feature for Samsung devices• Features discussion

• 

  Universidade de São Paulo

  Aug 2021 - Sept 2021

  Student Mentor

  Student mentor in the course "Infrastructure Security" taught as part of their MBA in Data Security.

• 

  IFood

  Oct 2021 - now

  Software Engineer