Thiago Goncalves

Thiago Goncalves Email and Phone Number

Cyber Security Manager | AppSec, CloudSec and RedTeam @ Avenue
State of São Paulo, Brazil
Thiago Goncalves's Location
São Paulo, São Paulo, Brazil, Brazil
About Thiago Goncalves

With 19 years of experience in IT, including 14 years as a Software Engineer, I've transitioned into specializing in AppSec, DevSecOps, and the Secure Development Lifecycle.My journey began with a strong emphasis on secure development (focused on backend), persuading my teammates about its importance. I then moved into DevOps, gaining expertise in AWS and its ecosystem. For the last 5 years, I've achieved my professional goal of leading AppSec and Red Team efforts, implementing security tools in CI/CD pipelines, managing vulnerabilities, conducting pentests, and educating development teams on secure practices aligned with OWASP guidelines.## Key Skills:- AppSec and DevSecOps: Expertise in Secure Development Lifecycle, SAST, DAST, SCA, IaC, Vulnerability Management, and OWASP best practices.- Automation: Skilled in developing and implementing security automation workflows on CI/CD platforms (primarily GitHub), optimizing processes to enhance security posture.- Security Technologies: Proficient in tools including GitHub Advanced Security, Snyk, Checkmarx, Veracode, Sonar Cloud for SAST, Acunetix for DAST, Snyk, Black Duck, Dependabot for SCA, AWS security services (Security Hub, Control Tower, Firewall Manager, WAFs), and others.## Development and Operations:- Development: PHP (Laravel, Lumen, Symfony, Slim, Zend), Shell Script, JavaScript/NodeJS, Python, TDD, MVC, OOP, Web Servers (Apache and Nginx), Databases (MySQL, SQL Server, Oracle).- Ops: Linux, Docker, CI/CD (GitHub Actions, Bit Bucket Pipelines, Jenkins), Troubleshooting, Observability (New Relic, Data Dog), Ansible, Terraform.## Current Focus:- AppSec & Red Team Leadership: Driving initiatives to reduce vulnerabilities and enhance security maturity across software development teams, emphasizing a security-first approach from project inception (shifting security left).- Promotion of Secure Development Culture: Advocating for secure development practices across all teams.- Infrastructure Support: Providing AWS and GCP infrastructure expertise for security implementations, ensuring alignment with organizational goals.

Thiago Goncalves's Current Company Details
Avenue

Avenue

View
Cyber Security Manager | AppSec, CloudSec and RedTeam
State of São Paulo, Brazil
Thiago Goncalves Work Experience Details
  • Avenue
    Cyber Security Manager | Appsec, Cloudsec And Redteam
    Avenue
    State Of São Paulo, Brazil
    View
  • Avenue
    Team Lead - Application Security (Appsec) & Red Team
    Avenue Jul 2024 - Present
    São Paulo, Brasil
    View
  • Avenue
    Staff Application Security Engineer
    Avenue Jun 2023 - Present
    São Paulo, Brasil
    Tool Implementation: Managing the integration of SAST, SCA, DAST, Secret Scanning, and IaC scanning tools in GitHub Workflows. - Achieved 85% code coverage with security tools, ensuring comprehensive vulnerability detection. Security Tools Research: Researching, testing, and implementing new security tools. Coordinating with vendors for PoC environments and conducting training sessions for development teams. - Tested 9 security tools in the past year, successfully implementing 4. Vulnerability Management: Overseeing vulnerability management across squads, working with Engineering Managers to prioritize and address issues. - All critical and high vulnerabilities were fixed according to the defined SLA. Secure Development Training: Delivering secure development training to developers, promoting best practices in application security. - Trained over 100 developers, resulting in a 20% improvement in code quality (according to SonarCloud metrics) - Established and Led Security Champions Program to Empower and Educate Development Teams Dashboard Generation:Creating and maintaining dashboards to track open, resolved, and dismissed vulnerabilities, providing clear visibility of the security status. - Provided real-time visibility, leading to proactive mitigation of 100% of vulnerabilities high and critical.
    View
  • Loft
    Senior Application Security Engineer
    Loft Oct 2021 - Jun 2023
    São Paulo, São Paulo, Brasil
    Focused on SAST, DAST and SCA solutions to search for vulnerabilities within our projects and through that, sharing knowledge with developer teams to change their opinions about the importance of security. When these vulnerabilities had a low level of complexity, I fixed the code and submitted a pull request to repository, to reduce the toil on squads. Furthermore, working with cloud security in AWS, setup WAF ACLs for all accounts (we work with organizations in AWS) with AWS Firewall Manager, monitoring accounts to ensure compliance items (through AWS Security Hub) and doing POCs to test solutions to increase our security and gain cost efficiency.
    View
  • Letsbank
    Especialista Em Ti | Devsecops
    Letsbank Apr 2021 - Oct 2021
    São Paulo, Brasil
    Responsible for the environments (AWS and AppSec in general) of three squads. As a squad member, I was involved in all scrum ceremonies to understand all details about businesses and technology to be able to do a good job (in agreement with our scope). Setup CI/CD integrations with Veracode (DAST), Snyk (SAST/SCA) and produce vulnerability reports that PO used to prioritize security issues on next sprints. Our infrastructure was provisioned using Terraform (IaC).
    View
  • Rd
    Senior Software Engineer
    Rd Apr 2020 - Apr 2021
    São Paulo E Região
    Developed some integrations (PHP) between Magento (versions 1 and 2) and the mobile app to display special offers (the discounts were calculated in the system and were managed by my team).
    View
  • Finnet
    Tech Lead / Senior Software Engineer
    Finnet Apr 2019 - Jan 2020
    São Paulo, São Paulo, Brazil
    Tech lead of a squad that developed a system to process large files that generated bills. This system was developed in PHP and needed to be able to scale, because sometimes we need to process files that result in 80K bills. We were responsible for AWS environment (infrastructure, security and billing controls) and the systems were developed in PHP, MySQL, AWS SQS for queues (and some Lambdas) and ECS for high availability.
    View
  • Ec Miami
    Studying
    Ec Miami Feb 2019 - Mar 2019
    Miami
  • Fs
    Senior Software Engineer
    Fs Jul 2018 - Dec 2018
    São Paulo, São Paulo
    Developed some integrations in PHP and maintained other Java systems.
    View
  • A.Senses
    Tech Lead / Senior Software Engineer
    A.Senses Feb 2018 - Jul 2018
    São Paulo, São Paulo
    Tech lead of a developer (web and mobile) team.
    View
  • Easy (Easy Taxi)
    Senior Php Developer
    Easy (Easy Taxi) Jul 2017 - Feb 2018
    São Paulo, São Paulo
    One of the best projects/codes that I have seen was developed there. The developers followed all the best practices, like design patterns, SOLID, clean code, TDD, etc. I learned a lot with them and improved my coding skills. At that time, we used PHP (Symfony, Slim and Laravel), MongoDB, MySQL, Docker, New Relic to observability and AWS as cloud vendor.
    View
  • Fs
    Senior Php Developer
    Fs Jun 2016 - Jul 2017
    São Paulo
    View
  • Vivo (Telefônica Brasil)
    Senior Php Developer
    Vivo (Telefônica Brasil) Mar 2015 - Jun 2016
    São Paulo
    Development and management solutions and servers.
    View
  • Zanthus - Tecnologia De Resultados
    Analista Programador Php
    Zanthus - Tecnologia De Resultados Jan 2011 - Mar 2015
    São Paulo E Região, Brasil
    Desenvolvimento de notas features e manutenção das existentes, no sistema de retaguarda (produto) utilizado pelos clientes. É um concentrador das informações de venda da loja. Tecnologias utilizadas: Oracle, SQL Server, PHP 5, AJAX (jQuery + jSon)
    View
  • Agência Rs
    Analista Programador Php
    Agência Rs Mar 2009 - Jan 2011
    São Paulo E Região, Brasil
    Desenvolvimento de sistemas completos, desde banco de dados até codificação. Recebia todo o HTML pronto do desenvolvedor e codificava a parte programada. Tecnologias utilizadas: MySQL, PHP 5, AJAX (jQuery + XML).Projetos em que atuei:www.vecchiojoalheiros.com.brwww.blackcard.com.br
  • Microsistec
    Programador Php
    Microsistec Oct 2008 - Mar 2009
    Praia Grande / Sp
    Desenvolvimento de módulos para sistemas de imobiliárias. Utilizava PHP e MySQL.
    View
  • Senai - Serviço Nacional De Aprendizagem Industrial
    Instrutor Desenvolvimento Web
    Senai - Serviço Nacional De Aprendizagem Industrial Jan 2007 - Jun 2008
    Santos
    Instrutor dos cursos de Desenvolvimento Web Básico e Avançado. Tecnologias utilizadas: PHP 4, MySQL, Javascript (puro), XML, HTML, AJAX e CSS.
    View

Thiago Goncalves Education Details

Frequently Asked Questions about Thiago Goncalves

What company does Thiago Goncalves work for?

Thiago Goncalves works for Avenue

What is Thiago Goncalves's role at the current company?

Thiago Goncalves's current role is Cyber Security Manager | AppSec, CloudSec and RedTeam.

What schools did Thiago Goncalves attend?

Thiago Goncalves attended Universidade Cruzeiro Do Sul, Uninove - Universidade Nove De Julho, Ee Marechal Do Ar Eduardo Gomes.

Not the Thiago Goncalves you were looking for?

View similar profiles

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.