Rômulo Rocha

Rômulo Rocha Email and Phone Number

Lead Information Security Engineer @ Nubank
Rio De Janeiro, Rio De Janeiro, Brazil
Rômulo Rocha's Location
Rio de Janeiro, Rio de Janeiro, Brazil, Brazil
About Rômulo Rocha

I am an experienced Information Security professional with over 15 years in the field. My career has afforded me the opportunity to contribute to major projects and organizations, where I have played a key role as an Incident Handler and Technical Manager. I have developed expertise in building and leading CSIRT teams (Incident Response Teams) for critical operations, such as the Rio 2016 Olympic Games, which reached over a billion spectators, and Nubank, LATAM's largest digital bank, serving over 100 million clients. In these roles, I have successfully managed incidents involving international organizations across multiple countries.My expertise has also led me to speak at major security events worldwide, including FIRST.org in the US, secTOR in Canada, Nippon CSIRT Forum in Japan, and three times at the CSIRT Fórum in Brazil.Main Skills:- CSIRT Team & Service Management: Skilled in building from zero and managing services and teams.- Automation with SOAR Technologies: I excel in leveraging SOAR tools to solve real problems and provide data-driven insights, recognizing that a SOC without automation is a failed SOC.- Incident Investigation & Report Writing: Proficient in conducting thorough investigations and producing detailed reports.- Log Analysis Expertise: Extensive experience analyzing logs across platforms like AWS, Google Cloud, web servers, IPS, EDRs, Windows, and more.- Anomaly Detection with Splunk & Regex: Advanced skills in using Splunk and Regex for detecting anomalies.- Extensive knowledge of security tools including The Hive, Jira, Torq, Tines.io, Chronicle, Splunk, MISP, OpenCTI, OsQuery, Microsoft EDR, Palo Alto Cortex, Palo Alto Firewalls, AWS GuardDuty, Cisco Sourcefire, etc.

Rômulo Rocha's Current Company Details
Nubank

Nubank

View
Lead Information Security Engineer
Rio De Janeiro, Rio De Janeiro, Brazil
Website:
nubank.com
Employees:
10115
Rômulo Rocha Work Experience Details
  • Nubank
    Lead Information Security Engineer
    Nubank
    Rio De Janeiro, Rio De Janeiro, Brazil
    View
  • Nubank
    Security Engineer Manager Soc
    Nubank Jan 2024 - Present
    Brazil
    Leading a focused team of engineers and SMEs engaged in answering and creating solution of hard questions/problems to SOC. We build/buy tools and platforms to solve problems.- Is that possible to automatize an L1 triage?- How to be effective in grouping, enriching, and correlating security alerts automatically?- How to scale SOC platforms delivering context and usability to incident responders?- How to deliver quality and consistency in incident coordination and… Show more Leading a focused team of engineers and SMEs engaged in answering and creating solution of hard questions/problems to SOC. We build/buy tools and platforms to solve problems.- Is that possible to automatize an L1 triage?- How to be effective in grouping, enriching, and correlating security alerts automatically?- How to scale SOC platforms delivering context and usability to incident responders?- How to deliver quality and consistency in incident coordination and response?- How to make regulators and stakeholders happy with quality data and reports? Show less
    View
  • Nubank
    Incident Response Team Manager (Csirt)
    Nubank Feb 2022 - Mar 2024
    Rio De Janeiro, Brasil
    Responsible for building an Incident Response Team from scratch, managing a multi-country team, and supporting them to achieve their best work. Starting from day zero to scale up to multiple products and countries. - Building and designing platforms to scale up Security Ops, processing alerts, reducing false positives, and giving autonomy to incident handlers to perform their job.- Managing a diverse multi-country team to help them achieve their best.- After the initial ramp-up… Show more Responsible for building an Incident Response Team from scratch, managing a multi-country team, and supporting them to achieve their best work. Starting from day zero to scale up to multiple products and countries. - Building and designing platforms to scale up Security Ops, processing alerts, reducing false positives, and giving autonomy to incident handlers to perform their job.- Managing a diverse multi-country team to help them achieve their best.- After the initial ramp-up period, we got approved to be a team member of FIRST.org (https://www.first.org/members/teams/nubank_csirt).- Responsible for delivering great services in multiple countries in LATAM, delivering security through services like incident triage, handling, and coordination.- Besides my organization, I'm an active member of FIRST Group which is challenging the status quo and looking for an improvement in how to measure security based on security services, more about our work here (https://www.first.org/global/sigs/metrics/) Show less
    View
  • Nubank
    Lead Information Security Engineer
    Nubank Jan 2021 - Feb 2022
    Rio De Janeiro, Brazil
    Lead Security Engineer at SOC, supporting other engineers and working to scale up our CSIRT team, building:- Metrics to be shared- SOC Process- Incident response capabilities (tooling and process)- Integrations- Strategic roadmap
    View
  • Nubank
    Senior Information Security Engineer
    Nubank Jan 2020 - Jan 2021
    São Paulo E Região, Brasil
    Member of SOC Squad, working with incident investigation and response areas, responsible for delivering a new policy to deal with incidents, handling incidents and coordinating crisis, investigation, and preparing the foundation to scale a CSIRT team.
    View
  • Vale
    Senior Information Security Analyst
    Vale Sep 2018 - Jan 2020
    Rio De Janeiro, Rio De Janeiro
    Working at SOC team, responsible for incident response, playbook creation, processes improvement and investigations. - Incident response- playbook creation- Microsoft EDR/ATP Admin- Malware and Forensics analysis on Windows environment
    View
  • Tempest Security Intelligence
    Senior Information Security Consultant
    Tempest Security Intelligence Oct 2016 - Sep 2018
    Rio De Janeiro
    Information Security consultant, working on incident response and threat hunting.- Working with Splunk to design new rules for SOC;- Forensic investigations and malware analysis;- Log Analysis of webservers, firewalls, ips, authentication tools, active directory, endpoint hardening tools, mobile, etc;- Amazon AWS log analysis;-Deploying and testing solutions for incident response and investigations like Hive, Cortex, Misp and osquery;
    View
  • Comitê Organizador Dos Jogos Olímpicos E Paralímpicos Rio 2016™
    Information Security Specialist
    Comitê Organizador Dos Jogos Olímpicos E Paralímpicos Rio 2016™ Aug 2013 - Aug 2016
    Rio De Janeiro Area, Brazil
    Incident response leader at CSIRT, member of team responsible to guarantee cybersecurity of Rio 2016 Summer Olympic Games. Our main challenges are, rapid growth of users, relationship with government agencies, multiple partners to coordinate, enormous exposition in global media and complex infrastructure to deal before and during games time.My main responsibilities:- Responsible to develop strategy for Incident Response implementation;- Leader of Incident Response team… Show more Incident response leader at CSIRT, member of team responsible to guarantee cybersecurity of Rio 2016 Summer Olympic Games. Our main challenges are, rapid growth of users, relationship with government agencies, multiple partners to coordinate, enormous exposition in global media and complex infrastructure to deal before and during games time.My main responsibilities:- Responsible to develop strategy for Incident Response implementation;- Leader of Incident Response team (CSIRT);- Threat analysis and incident response using wireshark, paloalto, sourcefire, splunk, symantec sep, symantec atp and others tools. Correlation of events between SIEM, NIPS, MSS and multiple data sources.- Coordination of a team that is doing deployment of multiples security tools as antivirus, data leak protection, cryptography, and software/patch management (Altiris) from our security partner Symantec. (during project phase);- Vulnerability assessment;- Responsible to coordinate incident flow between different teams (gov, partners, sponsors and committees); Show less
    View
  • Vale
    Information Security Analyst
    Vale Sep 2010 - Aug 2013
    Rio De Janeiro Area, Brazil
    • Incident Response / Malicious Code Management (AntiVirus, Anti-malware, Phishing) / Vulnerabilities Management) : - Designing and implementation of operational process; - Definition of metrics, executive reports and KPI; - Coordination and Guidance for Incident Response Process (identification and mitigation) - Guidance and Operation Designing for Vulnerability/Threats Management Process (using Mcafee Foundstone) - Outbreak and Crisis Management;… Show more • Incident Response / Malicious Code Management (AntiVirus, Anti-malware, Phishing) / Vulnerabilities Management) : - Designing and implementation of operational process; - Definition of metrics, executive reports and KPI; - Coordination and Guidance for Incident Response Process (identification and mitigation) - Guidance and Operation Designing for Vulnerability/Threats Management Process (using Mcafee Foundstone) - Outbreak and Crisis Management; - Content Filtering Management : - Knowledge of Bluecoat Proxy, Bluecoat Content Filtering and Bluecoat Reporter; • Security Awareness Programs : - Instructor of Security Awareness Programs inside the company, more than 40 classes given. - Responsible of content and program updates;• Mobile Security definitions - Part of group that is creating new policies regarding Mobile Security; - Definition of BYOD policies; - Assessment on OS of different devices as IOS, Windows Mobile and Android; Show less
    View
  • Cipher - Segurança Da Informação
    Information Security Consultant
    Cipher - Segurança Da Informação Sep 2009 - Oct 2010
    Rio De Janeiro Area, Brazil
    As consultant I did PCI DSS audits, remediation and certification projects, performed auditing process of Security controls like physical security, data cryptography, firewall standards, servers hardening, log management and policies. I did as well implementation of security products like Mcafee Web Security Gateway with SSL Scanner, Vulnerabilities analysis (Mcafee Foundstone, Accunetix and NeXpose), hardening of Windows Servers and penetration testing (Linux tools, Nmap, Nessus, Hydra… Show more As consultant I did PCI DSS audits, remediation and certification projects, performed auditing process of Security controls like physical security, data cryptography, firewall standards, servers hardening, log management and policies. I did as well implementation of security products like Mcafee Web Security Gateway with SSL Scanner, Vulnerabilities analysis (Mcafee Foundstone, Accunetix and NeXpose), hardening of Windows Servers and penetration testing (Linux tools, Nmap, Nessus, Hydra, NetDiscover, Aircrack, etc). Show less
    View
  • Deloitte
    Information Technology And Risk Management Senior Consultant
    Deloitte May 2006 - Sep 2009
    Rio De Janeiro Area, Brazil
    As consultant I had the opportunity to work in big companies in Brazil and in different types of segments like oil and gas, insurance, banks and technology. My main projects on those fields were , mapping of IT Controls for compliance (SOX and audit), GRC for SAP and testing of it security controls.
    View
  • Losango
    Help Desk Level 3 Support Analyst
    Losango Oct 2006 - Feb 2007
    Rio De Janeiro
    Help desk giving support to all offices in Brazil (almost 20). The majority of this work was troubleshooting issues related to network operations, windows support and specific printers problems.
    View

Rômulo Rocha Skills

Pci Dss Information Security Management Vulnerability Management Incident Management Incident Response Antivirus Security Operations Center Information Security Consultancy It Audit Sarbanes Oxley Act Cobit Compliance English Brazilian Portuguese Security Policy Photography Process Improvement Siem Content Filtering Proxy Penetration Testing Tcp/ip Stack Vulnerability Assessment Information Security Security Mobile Security Iso 27001 Linux Network Security Firewalls Tcp/ip Nessus Windows Server Mcafee Information Technology Security Audits Application Security Ips Cryptography Cissp Computer Forensics Operating Systems Servers Computer Security Identity Management Checkpoint Cisa Ceh Security Architecture Design Ids

Rômulo Rocha Education Details

Frequently Asked Questions about Rômulo Rocha

What company does Rômulo Rocha work for?

Rômulo Rocha works for Nubank

What is Rômulo Rocha's role at the current company?

Rômulo Rocha's current role is Lead Information Security Engineer.

What schools did Rômulo Rocha attend?

Rômulo Rocha attended Universidade Federal Do Rio De Janeiro, Centro Universitário Da Cidade.

What are some of Rômulo Rocha's interests?

Rômulo Rocha has interest in Writing, New Technology, Gadgets, Traveling, Civil Rights And Social Action, Politics, Education, Web Vulnerabilities Research, Photography, Science And Technology.

What skills is Rômulo Rocha known for?

Rômulo Rocha has skills like Pci Dss, Information Security Management, Vulnerability Management, Incident Management, Incident Response, Antivirus, Security Operations Center, Information Security Consultancy, It Audit, Sarbanes Oxley Act, Cobit, Compliance.

Who are Rômulo Rocha's colleagues?

Rômulo Rocha's colleagues are Jonathan Marinho, Makiya Boykin, Claudia Isabel Peñalosa Bojórquez, Gisele Rocha, Jonathan Juan, Ane Carvalho, Saidy Vitor.

Not the Rômulo Rocha you were looking for?

View similar profiles

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.