Download CV Cover Letter

Marcos
Santos
CyberSecurity
Engineer

About Me

From Developer to Defender: My Global Cybersecurity Odyssey

I am Marcos Santos, a Cybersecurity Specialist who began his career as a software developer working with C# and PHP. Driven by a growing interest in information security, I shifted my focus to vulnerability analysis, compliance testing, and integrating security tools into development pipelines. In October 2022, I moved to Germany to expand my professional horizons, where I now work as a Linux Security Engineer in Karlsruhe—reviewing code, detecting vulnerabilities, and implementing SAST, SCA, and CI/CD best practices.

My goal is to ensure the robust security and efficiency of systems by combining deep technical expertise with effective teamwork and communication. Having collaborated with global teams on compliance standards such as CIS Bechmark, CIS-CAT, OWASP, NIST, FISMA, and PCI, I am continuously exploring new methodologies and technologies to keep organizations protected against evolving cyber threats.

Multidisciplinary Experience
Deep Technical Knowledge
Security Tool Integration
Compliance Rule Development

Years of Experience

my services

Here's how I can help!

Code Review & Vulnerability Assessment

I perform code reviews in various code languages to identify potential security gaps using SAST and SCA tools. Based on these assessments, I recommend effective solutions to mitigate vulnerabilities before they can become actual threats.

Conducting secure code analysis for embedded systems
Auditing microservices for common security pitfalls
Implementing SAST scans to automate detection of SQL injection or XSS

Secure Development

I help development teams incorporate secure coding practices, ensuring applications are designed and maintained with a focus on reliability and resilience, in accordance with key security standards and frameworks.

Implementing input validation and sanitization measures
Training teams on secure coding guidelines like OWASP ASVS
Conducting security-centric code walkthroughs for quality assurance

Compliance & Standards

I support the implementation of security and compliance requirements based on frameworks such as CIS Benchmark, CIS-CAT, OWASP TOP 10, NIST, FISMA, and PCI. This includes creating detection rules and defining customized policies for both Windows and Linux environments.

Mapping organization-specific rules to OWASP Top 10 categories
Defining automated checks for PCI-DSS compliance on e-commerce platforms
Implementing periodic FISMA audits for government-related applications

CI/CD & DevSecOps Integration

I integrate security tools (SAST, DAST, SCA) into CI/CD pipelines, optimizing continuous development and ensuring that any vulnerabilities are proactively identified and addressed throughout the software lifecycle.

Configuring Jenkins and TeamCity pipelines to run security scans automatically
Setting up real-time alerts for newly discovered vulnerabilities in dependencies
Incorporating container security checks in Kubernetes deployments

Infrastructure & Cloud Security

I work to secure servers and cloud services by establishing robust configurations and access controls. My experience includes Firewalls, WAF, and KMS, as well as best practices for hybrid and cloud-based environments.

Hardening Linux servers based on CIS benchmarks
Implementing WAF solutions to mitigate common web exploits
Managing cloud key rotation and encryption strategies

Security Research & Testing

I conduct research on the latest cybersecurity trends, developing scripts and test checklists to identify new vulnerabilities. I also create custom verification routines tailored to each project’s or client’s specific requirements.

Designing targeted phishing simulations to measure user awareness
Developing proof-of-concept exploits for recently disclosed CVEs
Creating automated penetration testing scripts for internal networks

MY RESUME

Linux Security Engineer

IGEL

- Code Review
- Vulnerability Management
- SAST Scanner with Sonar
- SCA Scanner with SonarType
- Pipeline creation with Jenkins and TeamCity
- Implementation of checks for Linux

11/2024 - Current

CyberSecurity Security Researcher

Greenbone AG

- Observation and analysis of the latest vulnerability reports
- Creation of Windows and Linux Compliance vulnerability search rules using OpenVas
- Implementation of test routines to identify vulnerabilities
- Implementation of checks for Windows patch level and all standard tools for Windows
- Direct cooperation with customers for special applications

03/2023 - 10/2024

CYBER SECURITY COORDINATOR

Nova8

- Preparation of Pre-Sales Processes
- Creation of PoC Reports and presentations to the Board
- Creation and configuration of environments, SAST, DAST, IAST and SCA
- Realization of PoC of SAST, DAST, IAST and SCA products
- Presentation of final meeting with CISO and customer directors
- Creation of vulnerability search rules
- Integration with CI/CD Tools, IDE, Bug Tracking, etc.
- Vulnerability management based on OWASP TOP 10, NIST, FISMA and PCI compliance
- Fixing vulnerabilities with the help of SAST tools
- Azure Firewalls/WAF/KMS
- Tools: Checkmarx, Acunetix, Neuralegion, Probely, WhiteSource, Imperva

03/2021 - Current

INFORMATION SECURITY ANALYST

BRScan

- Code Review with Veracode
- Vulnerability analysis using SAST tools (Veracode)
- Application Testing
- Fixing vulnerabilities with the help of SAST tools
- Vulnerabiliy Management
- Modification and creation of queries and procedures
- Documentation of new features to the system
- Preparation of test scripts
- Tools: Veracode, Checkmarx, Synopsis, Fortify

03/2020 - 03/2021

Cyber Defense

FIAP

In this two-year program, you will learn essential cybersecurity practices such as risk management and data protection laws (LGPD and GDPR), and progress to advanced Offensive Security techniques, including Penetration Testing, Forensic Analysis, and Threat Intelligence, ultimately gaining the skills to develop automation tools with Python and JS, apply Hardware Hacking concepts, and incorporate Artificial Intelligence to fortify critical infrastructures against ever-evolving cyber threats.

08/2021 - Current

INFORMATION TECHNOLOGY MANAGEMENT

Anhanguera

The Information Technology (IT) college program provides a comprehensive education covering programming, software development, computer networks, information security, databases, and project management. In the early years, students study basic subjects like mathematics, programming logic, and algorithms, moving on to advanced topics such as software engineering, artificial intelligence, and cybersecurity. Classes blend theory and practice through labs and projects, alongside internships and final projects that equip students with practical experience for the job market.

06/2016 - 12/2018

Fundamentos e Práticas de Cibersegurança.: Abordagem Prática para Profissionais de Cibersegurança (Portuguese Edition)

Kindle eBook

The book was created based on my professional experiences over the years in the Cybersecurity market. With that, I gathered what I learned and decided to publish a book for those who are starting out in the market. With that, I included some cases and how the resolution was made in order to help and grow the cybersecurity community.

2024 - 2025

O Guia Definitivo de Checkmarx One

Online Course

With over 5 years using and also teaching about the Checkmarx Cybersecurity tool, I decided to create an online course with more than 5 modules related to teaching how SAST, SCA, IaC work, among other tools and the entire process that this includes such as implementation in CI/CD tools, Integration with repositories, threat modeling process, Vulnerability Management process, Bug Tracking, application tuning, customization of vulnerability search rules and much more.

2023 - Current

DevSecOps Podcast

Podcast

Podcast formed by Cassio Pereira where I am Co-Hosting and we talk about topics related to Cybersecurity, from training to controversial topics such as AI in the cybersecurity environment, data protection and other topics

2021 - Current

CyberSec News

Youtube Channel

Channel created in order to inform news related to Cybersecurity, where daily I present 4 informative news focused on some topics such as Data leaks, Cyberattacks, Cybersecurity, Malware, Ransomware, Social Engineering and other various topics related to the area

2024 - Current

Marcos
Santos
CyberSecurity
Engineer

From Developer to Defender: My Global Cybersecurity Odyssey