Founder / AI Product Developer - MasterVoice BR
(2026-04)
Developing an AI-based desktop application focused on real-time technical communication support for technology professionals in international interviews, technical meetings, and multicultural environments.
- Designed and developed a real-time desktop overlay application using Python, FastAPI, WebSocket, Electron, React, and AI APIs, with a focus on low latency, cross-platform interoperability, and user experience.
- Built a workflow to capture technical conversations, process real-time transcription, combine context with resumes and job descriptions, and generate structured response suggestions in English.
- Implemented transcript preprocessing logic to remove noise, fillers, and irrelevant terms before AI processing, improving output quality and reducing token usage.
- Created architecture and documentation for an MVP under commercial validation, applying concepts of system integration, automation, real-time processing, and AI-assisted decision support.
Junior SOC Analyst - Practical Project - Practical Project
(2026-04 - 2026-04)
Developed a practical malware triage solution simulating the initial investigation workflow of a SOC environment, focused on Threat Intelligence, IoC analysis, incident classification, and structured technical reporting.
- Built a malware triage assistant that receives a SHA256 hash, queries the VirusTotal API, filters relevant intelligence, and generates a structured security analysis.
- Used AI assistance to support initial incident analysis, returning severity, malware category, IoCs, possible MITRE ATT&CK techniques, and recommended response actions.
- Implemented the backend using Python and Flask, with integrations to VirusTotal API and OpenAI API.
- Applied prompt engineering techniques to reduce hallucinations by using low temperature, fixed output structure, and explicit rules to prevent unsupported IoCs, IPs, domains, or MITRE techniques.
- Simulated a reduction in manual malware triage time from approximately 30 minutes to 15 seconds in a demonstration environment.
- Documented the investigation workflow, technical findings, risk context, and response recommendations for SOC N1/N2 decision support.
Junior SOC Analyst - Practical Project - Practical Project
(2026-03 - 2026-03)
Developed an AI-assisted SOC tool to simulate security alert analysis, event correlation, incident triage, and response recommendation workflows.
- Built a practical SOC simulation tool focused on security alert analysis, correlation, incident triage, and AI-assisted response recommendations.
- Implemented detection logic for suspicious behaviors including brute force attempts, valid account misuse, suspicious PowerShell execution, and SQL Injection attempts.
- Used the MITRE ATT&CK framework as a reference to map suspicious activities to known adversary techniques.
- Developed a SIEM-like correlation model to distinguish potential true positives from false positives and generate structured response recommendations.
- Created playbook-style outputs to support Tier 1 and Tier 2 SOC workflows.
- Built the backend using Python with FastAPI, a web dashboard using Flask, OpenAI API integration, and a JavaScript interface for alert visualization, risk review, and recommendation tracking.
Junior SOC Analyst - Blue Team Lab - Practical Project
(2026-03 - 2026-03)
Created a hands-on SOC lab using Wazuh SIEM to simulate, monitor, and investigate brute force activity in a controlled environment.
- Configured a controlled SOC lab environment using Kali Linux, a Windows target machine, and Wazuh SIEM for centralized security event collection and analysis.
- Simulated multiple failed authentication attempts followed by successful login activity, representing behavior associated with MITRE ATT&CK T1110 - Brute Force.
- Analyzed Windows security events, classified alerts, identified suspicious patterns, and documented the investigation process.
- Connected offensive behavior with defensive detection logic to improve understanding of alert context, triage, and incident investigation.
- Developed practical experience with SIEM monitoring, Windows Event Logs, brute force detection, security alert triage, and incident documentation.
Junior GRC Analyst - Practical Project - Practical Project
(2026-03 - 2026-03)
Developed a practical Information Security Management System portfolio based on ISO/IEC 27001:2022, using a real-world web vulnerability case as reference.
- Conducted risk assessment based on impact and likelihood, vulnerability classification with CVSS, and risk treatment planning.
- Created supporting governance documents, including risk analysis, treatment plan, Statement of Applicability, legal requirements mapping, and LGPD / PCI-DSS alignment.
- Mapped technical findings, such as exposed repositories and outdated versions, to governance, compliance, and data protection requirements.
- Applied ISO/IEC 27001 controls and information security best practices to support organizational security posture improvement.
Freelance Information Security Consultant - E-commerce / Online Store
(2026-03 - 2026-03)
Performed web application security analysis for a production environment, focused on vulnerability identification, technical risk assessment, and responsible reporting.
- Conducted web security assessment, including service enumeration, directory discovery, and validation of exposed sensitive application files.
- Identified a critical vulnerability involving public exposure of the .git directory, potentially allowing partial or full source code reconstruction.
- Assessed potential impact, including exposure of sensitive information, credential leakage risk, business logic disclosure, and increased attack surface.
- Delivered a technical report including evidence, risk classification, impact analysis, and mitigation recommendations.
- Supported secure remediation through clear communication and responsible disclosure practices.
Freelance Information Security Consultant - Centro Salutares
(2025-01 - 2025-02)
Performed information security consulting for a local healthcare clinic, focused on WordPress security analysis and risk reduction.
- Identified risks related to insecure configurations, outdated WordPress versions and plugins, exposed sensitive files, and authentication-related attack vectors.
- Evaluated risks involving XML-RPC brute force, outdated plugin exploitation, information exposure, and improper use of WordPress scheduled tasks.
- Delivered technical mitigation recommendations, including WordPress core and plugin updates, restricted access to sensitive files, permission review, and configuration hardening.
- Supported improved security posture, reduced attack surface, and better protection of sensitive information.
Sales Assistant II - Kamaq Máquinas Implementos Agrícolas
(2024-10 - 2026-03)
Worked in an operational and administrative role focused on demand analysis, process mapping, documentation, communication between teams, and decision support.
- Collected internal demands, organized operational information, and supported structured decision-making.
- Mapped and documented internal processes, contributing to standardization.
