Rafael Maia

Information Security Professional | Application Security

Information Security professional with 10+ years in cybersecurity and 20+ years in IT, specialized in Application Security. Hands-on experience with threat modeling, SCA, SAST, DAST and web/API penetration testing. Combines solid security knowledge with practical skills in modern tools and frameworks to deliver secure applications.

Email: contato@rafaelmaia.pro.br · Website: www.rafaelmaia.pro.br

Contact Download PDF Email me

Key Competencies

DevSecOps

Azure DevOps

Snyk

Semgrep

OWASP ZAP

Contact

For opportunities or enquiries, please use the email below.

Email me

Professional Highlights

Led secure development initiatives using OWASP SAMM to improve AppSec maturity in agile environments.
Performed threat modeling with Microsoft Threat Modeling methodology, assessing system architectures to identify risks and recommend controls.
Executed vulnerability assessments, penetration tests, and managed vulnerability lifecycle through dashboards and remediation reports.
Integrated SonarCloud into Azure DevOps pipelines for Java projects to ensure code quality and SAST-aligned security analysis.
Used Gitleaks to detect and remediate secrets exposure in code repositories, strengthening project security.
Drove targeted activities using Snyk, Trivy, OWASP ZAP and Burp Suite, tailoring approaches to project needs.
Collaborated with cross-functional teams to develop security policies, promote secure coding, and raise awareness among developers and DevOps teams.
Managed and delivered security projects involving IAM, Darktrace, TableTop exercises and BeyondTrust.

Technical Skills

Dependency Track

DefectDojo

CDXGen

Horusec

Docker

Portainer

Nmap

Nessus

Metasploit

Snyk

Trivy

OWASP ZAP

Burp Suite

SonarCloud

Gitleaks

Microsoft Threat Modeling

Familiar with Azure, Salesforce and Security Scorecard.

Certifications

(ISC)² - Cybersecurity Certification

Microsoft - SC-900

ITIL 4 - Managing Professional

EXIN - ISO/IEC 27001/2 Foundation

CertiProf - DevOps Essentials

CertiProf - SCRUM Foundation

Summary

Passionate about building secure applications and continuously evolving AppSec skills. Broad cybersecurity background enables quick adaptation and effective contribution across infrastructure, operations and development areas.

Keywords: AppSec, DevSecOps, Threat Modeling, SAST, DAST, SCA, Web/API Pentest, Azure DevOps, Snyk, Semgrep, OWASP ZAP, Burp Suite, SonarCloud, Gitleaks, Trivy, Dependency Track, DefectDojo, CDXGen, Docker, Portainer, Nmap, Nessus, Metasploit, ISO 27001/2, ITIL 4.