Experience

🇺🇸 Dub - dub and replicate, anyone's investment portfolio

Senior Software Engineer. (Dec/22 - Present)

▶ Building the next big thing in finance.

▶ Made the stocks charts and prices resilient and real time by decreasing the processing time.

Website

🇧🇷 Legiti - Fighting digital payment fraud at e-commerces

Senior Software Engineer. (May/22 - Dec/22)

▶ Handled +100 transactions per second (TPS) concurrently by developing a Python-Kinesis-Kubernetes consumer library.

▶ Decreased the processing time by 15x from several microservices by rewriting the application in Golang

▶ Decreased 10x the CI/CD pipelines build time by caching Docker container dependencies

▶ Improved services architecture by implementing Clean Architecture and design patterns

Worked mainly with legiti's core platform, responsible for large-scale data ingestion. Responsible for the increase in its scalability and consistency maintaining the services with low latency.

Website

🇵🇹 Feedzai - Real-time fraudulent payment transactions identification

Senior Software Engineer. (Nov/21 - May/22)

▶ Developed new use cases for fraud prevention for our clients (major banks in Brazil) to prevent several frauds in Credit card Issuing, Account Opening, and Credit Card transactions.

▶ Helped to increase the NPS for the LATAM region by 20%

Website

🇧🇷 XP - Investment management company

Senior Software Engineer. (May/20 - Nov/21)

▶ Build and architected the facial recognition system that authorizes +100K transactions daily, across several critical business transactions in the Bank, such as PIX (Brazilian Instant payment method), Digital Account (onboarding, account management), and Credit Card (Issuing credit cards, password reset).

Worked developing highly scalable, resilient, and secure APIs for Fraud Prevention, Anti Money Laundering (AML), Authentication, and Authorization to assure security within the entire company and provide security to our +3MM customers. Ensuring code maintainability, quality, and stability with the unit, integrated, and load testing, with a fast development cycle using CI/CD.

Website

Projects

🔥 A Deep Learning Approach to (WAF) -
Web Application Firewall


Web applications receives a variety of input parameters from users and attackers which generally inject malicious payloads trying to whether steal data or manipulate the application on their favor. An approach widely used to protect the application is the WAF (web application firewall), which generally is rule based. In the present work, deep learning and Transformer, which is a state-of-the-art model in natural language processing, are applied in the scenario of hard-coded rules, successfully evading anti-WAF techniques. The proposed method achieves 96.5% accuracy in the proposed dataset.

Blog post Code

👾 GonnaCry - A Linux Ransomware (malware)


Code behind these Medium blog posts:
- Ransomware encryption techniques
- How can malware encrypt a company's existence

GonnaCry is an academic Linux ransomware made for awareness about security/cryptography.
It encrypts all the user files with a strong encryption scheme (RSA 2048 bits, AES 256 bits, SHA256).

Ransomware encryption techniques How can malware encrypt a company's existence Code

🔑 RSA - Encryption algorithm implementation


Code behind the Medium: RSA encryption algorithm
Simple implementation of the RSA Asymmetric Encryption Algorithm

Blog Post Code

🔐 Bitbox - password generator

Bitbox is a strong password generator, using the diceware technique.
The process of generating a password generally involves the usage of personal information, such as names and dates, being vulnerable to social engineering.
Bitbox generates strong and easy to remember passwords.
Password example: keys went apes front dirt palm

Github

Blog Posts

🔥 Using machine learning to identify API attacks

In this blog post I propose the usage of machine learning to identify the anatomy of API attacks, therefore, protecting our API from several types of attacks.

Read

👾 Ransomware encryption techniques

Ransomware use a lot of encryption, using both symmetrical and asymmetrical cryptography, for file and keys encryption. In this blog post I talk about the encryptions schemes and some ransomware vulneraiblities.

Read

🤖 How can a malware encrypt a company existence ?

In this blog post I analyze how ransomware behaviours when attacking and destroying companies, and its impacts on industry. Also explain how criminals don' t get caught after cyber crimes.

Read

🔐 RSA asymmetric encryption algorithm

How RSA algorithm works and the math behind it's encryption power, explained.

Read

Talks

Name Description Slides Date
Identifying attacks with Machine Learning at IA PE Group Link Feb/2020
Securing your web application at Geek Night Recife Link Dec/2019
Securing Python APIs at PyJamas Link Dec/2019
Ransomware Internals at Python Users Group (PUG-PE) Link Sep/2019
Python to Data Science during Computer Week at UNICAP Link May/2019
Secure Web Development at Python Users Group (PUG-PE) Link Apr/2019
Malware development with Python at Python Users Group (PUG-PE) Link Dec/2018
Introduction to Python during Computer Week at UNICAP Link May/2018

Photos