About
Highly accomplished Senior Security Engineer with extensive experience across application, platform, and infrastructure security within regulated banking environments. Experience in secure software development lifecycle (SSDLC), vulnerability management, detection and response, and security automation, driving the delivery of resilient and secure products. Proven ability to build security tooling, conduct comprehensive code reviews, and design scalable security baselines, ensuring robust protection against emerging threats.
Work
Angolan Investment Bank of Cape Verde
|Senior Security Engineer
Praia, Cape Verde, Cabo Verde
→
Summary
Led comprehensive security initiatives across product, application, infrastructure, and compliance within a regulated banking environment, ensuring robust protection and operational efficiency.
Highlights
Spearheaded the integration of security across the Software Development Lifecycle (SDLC), collaborating with engineering teams to conduct application security design reviews and threat modeling, reducing security risks proactively.
Designed, deployed, and managed a comprehensive vulnerability management program, encompassing discovery, risk-based prioritization, and remediation tracking, significantly improving the bank's security posture.
Developed and implemented security automation workflows that supported SSDLC processes and platform security, boosting efficiency and consistency of security controls.
Hardened critical banking systems by implementing CIS Benchmarks and applying defense-in-depth and least-privilege principles, significantly enhancing network and system architecture resilience.
Led critical incident response activities for security events, performing root cause analysis and implementing preventive controls that reduced future risk and bolstered organizational resilience.
Translated complex security frameworks (OWASP ASVS/MAVSV, ISO 27001) into practical, enforceable technical controls, ensuring regulatory compliance and strengthening the security framework.
Provided leadership and mentorship, regularly deputizing for the Security Manager to oversee day-to-day security operations, strategic decision-making, and team development.
Operational Center of the Information Society | NOSi
|Security Analyst
Praia, Cape Verde, Cabo Verde
→
Summary
Monitored technological infrastructures, applied security controls for data protection, and managed incident response and compliance audits to enhance organizational security.
Highlights
Monitored and maintained technological infrastructures, implementing robust security controls in alignment with Personal Data Protection regulations, safeguarding sensitive information.
Developed and enforced comprehensive policies, plans, and procedures for incident management, ensuring rapid and effective response to security threats.
Conducted rigorous security and compliance audits on services, products, and networks, ensuring adherence to national and international standards and best practices.
Defined and established secure information security procedures, including secure development guidelines and proactive vulnerability management strategies.
Managed and delivered internal and external training programs, including User Awareness and Ethical Hacking, significantly improving organizational security awareness and capabilities.
Operational Center of the Information Society | NOSi
|Security and Compliance Internship
Praia, Cape Verde, Cabo Verde
→
Summary
Executed intrusion tests, developed security applications, and conducted compliance audits to strengthen the security posture of state and private networks.
Highlights
Planned and executed targeted intrusion tests on diverse services, applications, and networks, identifying critical vulnerabilities and contributing to enhanced security postures.
Developed specialized applications for system recognition, network analysis, and vulnerability assessment, supporting proactive security intelligence efforts.
Conducted thorough security and compliance audits for web and mobile applications, ensuring adherence to industry standards and best practices.
Monitored and analyzed network traffic across the State's Technological and Private Network, contributing to early threat detection and incident prevention.
Languages
Portuguese
Native
English
Fluent
Skills
Technical Skills
Python, Ansible, CIS Benchmarks, Docker Security, SIEM (Elastic Stack), Bash, Log Analysis & Correlation, Threat Modeling (STRIDE), MITRE ATT&CK, EDR, OWASP, ISO 27001, SAST, DAST, Generative AI, SDLC Security, Vulnerability Management, Incident Response, Network Security, System Hardening, Compliance Auditing.
Soft Skills
Team Leadership, Mentoring, Strategic Planning, Decision-Making, Cross-functional Collaboration, Risk Management, Problem-Solving, Communication, Project Management, Training & Development.