Marcos
Santos
CyberSecurity
Engineer
From Developer to Defender: My Global Cybersecurity Odyssey
I am Marcos Santos, a Cybersecurity Specialist who began his career as a software developer working with C# and PHP. Driven by a growing interest in information security, I shifted my focus to vulnerability analysis, compliance testing, and integrating security tools into development pipelines. In October 2022, I moved to Germany to expand my professional horizons, where I now work as a Linux Security Engineer in Karlsruhe—reviewing code, detecting vulnerabilities, and implementing SAST, SCA, and CI/CD best practices.
My goal is to ensure the robust security and efficiency of systems by combining deep technical expertise with effective teamwork and communication. Having collaborated with global teams on compliance standards such as CIS Bechmark, CIS-CAT, OWASP, NIST, FISMA, and PCI, I am continuously exploring new methodologies and technologies to keep organizations protected against evolving cyber threats.
- Multidisciplinary Experience
- Deep Technical Knowledge
- Security Tool Integration
- Compliance Rule Development
Here's how I can help!
Code Review & Vulnerability Assessment
I perform code reviews in various code languages to identify potential security gaps using SAST and SCA tools. Based on these assessments, I recommend effective solutions to mitigate vulnerabilities before they can become actual threats.
- Conducting secure code analysis for embedded systems
- Auditing microservices for common security pitfalls
- Implementing SAST scans to automate detection of SQL injection or XSS
Secure Development
I help development teams incorporate secure coding practices, ensuring applications are designed and maintained with a focus on reliability and resilience, in accordance with key security standards and frameworks.
- Implementing input validation and sanitization measures
- Training teams on secure coding guidelines like OWASP ASVS
- Conducting security-centric code walkthroughs for quality assurance
Compliance & Standards
I support the implementation of security and compliance requirements based on frameworks such as CIS Benchmark, CIS-CAT, OWASP TOP 10, NIST, FISMA, and PCI. This includes creating detection rules and defining customized policies for both Windows and Linux environments.
- Mapping organization-specific rules to OWASP Top 10 categories
- Defining automated checks for PCI-DSS compliance on e-commerce platforms
- Implementing periodic FISMA audits for government-related applications
CI/CD & DevSecOps Integration
I integrate security tools (SAST, DAST, SCA) into CI/CD pipelines, optimizing continuous development and ensuring that any vulnerabilities are proactively identified and addressed throughout the software lifecycle.
- Configuring Jenkins and TeamCity pipelines to run security scans automatically
- Setting up real-time alerts for newly discovered vulnerabilities in dependencies
- Incorporating container security checks in Kubernetes deployments
Infrastructure & Cloud Security
I work to secure servers and cloud services by establishing robust configurations and access controls. My experience includes Firewalls, WAF, and KMS, as well as best practices for hybrid and cloud-based environments.
- Hardening Linux servers based on CIS benchmarks
- Implementing WAF solutions to mitigate common web exploits
- Managing cloud key rotation and encryption strategies
Security Research & Testing
I conduct research on the latest cybersecurity trends, developing scripts and test checklists to identify new vulnerabilities. I also create custom verification routines tailored to each project’s or client’s specific requirements.
- Designing targeted phishing simulations to measure user awareness
- Developing proof-of-concept exploits for recently disclosed CVEs
- Creating automated penetration testing scripts for internal networks
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
MY RESUME
Linux Security Engineer
IGEL- Code Review
- Vulnerability Management
- SAST Scanner with Sonar
- SCA Scanner with SonarType
- Pipeline creation with Jenkins and TeamCity
- Implementation of checks for Linux
CyberSecurity Security Researcher
Greenbone AG- Observation and analysis of the latest vulnerability reports
- Creation of Windows and Linux Compliance vulnerability search rules using OpenVas
- Implementation of test routines to identify vulnerabilities
- Implementation of checks for Windows patch level and all standard tools for Windows
- Direct cooperation with customers for special applications
CYBER SECURITY COORDINATOR
Nova8 - Preparation of Pre-Sales Processes
- Creation of PoC Reports and presentations to the Board
- Creation and configuration of environments, SAST, DAST, IAST and SCA
- Realization of PoC of SAST, DAST, IAST and SCA products
- Presentation of final meeting with CISO and customer directors
- Creation of vulnerability search rules
- Integration with CI/CD Tools, IDE, Bug Tracking, etc.
- Vulnerability management based on OWASP TOP 10, NIST, FISMA and PCI compliance
- Fixing vulnerabilities with the help of SAST tools
- Azure Firewalls/WAF/KMS
- Tools: Checkmarx, Acunetix, Neuralegion, Probely, WhiteSource, Imperva
INFORMATION SECURITY ANALYST
BRScan - Code Review with Veracode
- Vulnerability analysis using SAST tools (Veracode)
- Application Testing
- Fixing vulnerabilities with the help of SAST tools
- Vulnerabiliy Management
- Modification and creation of queries and procedures
- Documentation of new features to the system
- Preparation of test scripts
- Tools: Veracode, Checkmarx, Synopsis, Fortify
Cyber Defense
FIAPIn this two-year program, you will learn essential cybersecurity practices such as risk management and data protection laws (LGPD and GDPR), and progress to advanced Offensive Security techniques, including Penetration Testing, Forensic Analysis, and Threat Intelligence, ultimately gaining the skills to develop automation tools with Python and JS, apply Hardware Hacking concepts, and incorporate Artificial Intelligence to fortify critical infrastructures against ever-evolving cyber threats.
INFORMATION TECHNOLOGY MANAGEMENT
AnhangueraThe Information Technology (IT) college program provides a comprehensive education covering programming, software development, computer networks, information security, databases, and project management. In the early years, students study basic subjects like mathematics, programming logic, and algorithms, moving on to advanced topics such as software engineering, artificial intelligence, and cybersecurity. Classes blend theory and practice through labs and projects, alongside internships and final projects that equip students with practical experience for the job market.
Fundamentos e Práticas de Cibersegurança.: Abordagem Prática para Profissionais de Cibersegurança (Portuguese Edition)
Kindle eBookThe book was created based on my professional experiences over the years in the Cybersecurity market. With that, I gathered what I learned and decided to publish a book for those who are starting out in the market. With that, I included some cases and how the resolution was made in order to help and grow the cybersecurity community.
O Guia Definitivo de Checkmarx One
Online CourseWith over 5 years using and also teaching about the Checkmarx Cybersecurity tool, I decided to create an online course with more than 5 modules related to teaching how SAST, SCA, IaC work, among other tools and the entire process that this includes such as implementation in CI/CD tools, Integration with repositories, threat modeling process, Vulnerability Management process, Bug Tracking, application tuning, customization of vulnerability search rules and much more.
DevSecOps Podcast
PodcastPodcast formed by Cassio Pereira where I am Co-Hosting and we talk about topics related to Cybersecurity, from training to controversial topics such as AI in the cybersecurity environment, data protection and other topics
CyberSec News
Youtube ChannelChannel created in order to inform news related to Cybersecurity, where daily I present 4 informative news focused on some topics such as Data leaks, Cyberattacks, Cybersecurity, Malware, Ransomware, Social Engineering and other various topics related to the area