AppSec Engineer
CyberSecurity Engineer with a couple of years of experience in AppSec and Offensive Security, currently working on AppSec area and performing Web, API, Mobile, and AI/LLM pentests. I also mitigate risks before any code is developed or deployed through Threat Modeling and Secure by Design practices. In addition, I have worked on many projects involving Secure Code Reviews, SAST/DAST analyses, and help strengthen the Secure SDLC. The last but not the least, I have hands-on experience in complex corporate environments such as FinTechs and banking, actively collaborating with development teams to implement Shift Left Security strategies.
Active in the Bug Bounty and Vulnerability Research communities, with reports acknowledged by companies such as Apple, Uber, Amazon, Coinbase, Binance, Shopify, GitHub, Mercado Livre, Wordpress, Stripe, Twitch, Dropbox, Booking, Vercel, Grammarly and among many others. Contributor to public vulnerabilities such as CVE-2024-25184, CVE-2024-27544 and CVE-2025-64754
Certifications: OSCP, eWPTXv2, eCPPTv2, eMAPT, CWES, BSCP Tech Stack: JavaScript, Python, Java, C#, NodeJS and Golang Focus Areas: Vulnerability Management, Red Teaming, DevSecOps, Cloud Security, Automation, Threat Modeling Achievements: Winner of Ragnarok, Mercado Libre’s internal offensive security competition, ranking 1st place among 200+ professionals from 8 countries by identifying numerous high and critical vulnerabilities on different fronts/areas such as marketplace, fintech, shipping, etc
Naturally curious and driven by continuous learning, I believe security is not just about breaking, it’s about deeply understanding how things are built ;)
Skills
Languages
Employment History
No employment history.
Education
No education history.