SIEM Management (Splunk, Microsoft Sentinel, IBM QRadar, and Rapid7): Maintenance of health, creation of log sources, event mapping, log parsers with property extraction, rule tuning, use case development, dashboard creation, and integrations with other tools.SIEM focal point within the CSIRT;Detection, analysis, and mitigation of cyber threats;Cyber incident management;Development of defense techniques to protect clients across various economic sectors;Risk assessment and… Show more SIEM Management (Splunk, Microsoft Sentinel, IBM QRadar, and Rapid7): Maintenance of health, creation of log sources, event mapping, log parsers with property extraction, rule tuning, use case development, dashboard creation, and integrations with other tools.SIEM focal point within the CSIRT;Detection, analysis, and mitigation of cyber threats;Cyber incident management;Development of defense techniques to protect clients across various economic sectors;Risk assessment and potential business impacts;Creation of playbooks and runbooks for incident handling and alert resolution from security tools;SOAR Management - Automation of tasks to reduce operational errors and increase the productivity of cyber incident response analysts;Preparation of security incident reports;Responsible for the implementation and maintenance of MISP, ensuring communication with institutions from various segments, external feeds, and specific nodes. Integration with security tools such as Firewall, Endpoint, WAF, SIEM, and other threat intelligence tools;Review and identify points for improvement in the cybersecurity architecture;Ensure control of security indicators. Show less

Managed SIEM (IBM QRadar): Maintained system health, created log sources, mapped events, parsed logs for property extraction, tuned rules, developed use cases, created dashboards, and integrated with other tools. Served as the SIEM focal point in the CSIRT. Detected, analyzed, and mitigated cyber threats. Managed cyber incident responses. Developed defense techniques to protect a critical banking environment. Assessed risks and potential business impacts. Managed Endpoint… Show more Managed SIEM (IBM QRadar): Maintained system health, created log sources, mapped events, parsed logs for property extraction, tuned rules, developed use cases, created dashboards, and integrated with other tools. Served as the SIEM focal point in the CSIRT. Detected, analyzed, and mitigated cyber threats. Managed cyber incident responses. Developed defense techniques to protect a critical banking environment. Assessed risks and potential business impacts. Managed Endpoint (CrowdStrike and Symantec), WAF (F5 BIG-IP), and Firewall (Fortigate and Check Point). Created playbooks and runbooks for incident handling and security alert resolutions. Produced security incident reports, fraud analyses, and computer forensics.Managed tool procurement processes, creating supporting documentation from identifying needs to selecting the best solutions for the desired scenario. Responsible for implementing and maintaining MISP, ensuring communication with banking institutions, external feeds, and specific nodes. Integrated with security tools like Firewall, Endpoint, WAF, SIEM, and other threat intelligence tools. Reviewed and identified areas for improvement in cybersecurity architecture. Ensured security indicator control. Show less

Information security manager, responsible for CSIRT, forensics and audits. Responsible for LGPD compliance, from conceptualizing flows to Personal Data Inventory (IDP)and Personal Data Protection Impact Report (RIPD) production, Privacy and Cookie Policies, Terms of Use, contractual adjustments, and indicator monitoring.Created security norms, policies and procedures to meet regulatory entities and maintain certifications.Reviewed cybersecurity defense architecture… Show more Information security manager, responsible for CSIRT, forensics and audits. Responsible for LGPD compliance, from conceptualizing flows to Personal Data Inventory (IDP)and Personal Data Protection Impact Report (RIPD) production, Privacy and Cookie Policies, Terms of Use, contractual adjustments, and indicator monitoring.Created security norms, policies and procedures to meet regulatory entities and maintain certifications.Reviewed cybersecurity defense architecture, focusing on best practices and security controls, using frameworks like CIS Controls, NIST and ISO 27001.Managed infrastructure contracts (data centers, backups, servers, containers and network devices).Managed SIEM (IBM QRadar): Maintained system health, created log sources, mapped events, parsed logs for property extraction, tuned rules, developed use cases, created dashboards, and integrated with other tools. Served as the SIEM focal point in the CSIRT. Detected, analyzed, and mitigated cyber threats. Managed cyber incident responses. Managed security tools such as Firewall (Palo Alto), Endpoint (Trend Micro) and WAF (F5 BIGIP).Responsible for tool procurement processes, creating supporting documentation from identifying needs to selecting the best solutions for the desired scenario.Direct interaction with high-level agency administration and other ministries. Show less

Implemented and defined cybersecurity guidelines, policies and baselines.Created playbooks, alerts and use cases for threat detection, prevention, and mitigation.Managed a highly available and critical environment consisting of Firewalls (Palo Alto and Fortigate). Led the firewall migration process and integrated with monitoring and threat intelligence tools.Managed SIEM (IBM QRadar): Maintained system health, created log sources, mapped events, parsed logs for property… Show more Implemented and defined cybersecurity guidelines, policies and baselines.Created playbooks, alerts and use cases for threat detection, prevention, and mitigation.Managed a highly available and critical environment consisting of Firewalls (Palo Alto and Fortigate). Led the firewall migration process and integrated with monitoring and threat intelligence tools.Managed SIEM (IBM QRadar): Maintained system health, created log sources, mapped events, parsed logs for property extraction, tuned rules, developed use cases, created dashboards, and integrated with other tools.Detected, analyzed, and mitigated cyber threats.Managed Endpoints (Kaspersky and McAfee): defined security baselines, threat detection, software homologation and incident resolution.Managed Load Balancer and WAF (F5 BIG-IP): application control, virtual server deployment, firewall rule definition, bot defense, iRules and log profiles.Managed Layer 3 Switches (Cisco, Dell, Enterasys, Extreme, and HP): VLAN creation, access lists, Radius and LDAP integration, IEEE 802.1X enablement and Netsight maintenance.Created analytical reports and integrated security tools with Graylog, Nagios, Zabbix, Splunk, Honeypots and Grafana. Show less

Administered Linux servers (Suse and Debian), IBM Lotus Notes email, Active Directory and network devices (Cisco switches and pfSense firewall).Participated in Antarctic Operations XXXII and XXXIII in 2014.

During my time at SENAI, I was prepared to participate in the 2012 Skills Olympics as a representative of the State of Bahia in the field of Computer Network Installation and Maintenance, achieving a top-10 national ranking in the competition.