Frederico Monteiro

DevSecOps | iOS Security Researcher

Greater Belo Horizonte

About

Experience

  • DevSecOps & Pentester at Decentralized Security Labs
    2025 - Present · 1 yr 7 mos

    Responsible for coordinating and implementing the company's security strategies. - I perform detailed source code analysis to identify security vulnerabilities, logical flaws, and potential risks before deployment in production environments, continuous penetration testing in both whitebox and blackbox environments. - Implementation and automation of secure CI/CD pipelines, managing pipelines that integrate security, including continuous vulnerability checks during build, staging, and deployment. - I perform post-review activities, monitoring the code lifecycle during testing and production phases, ensuring that any updates or changes comply with established security standards. - I collaborate with developers to implement secure solutions, apply best coding practices, and validate that the code complies with security and regulatory requirements. - I oversee the web application with multi-layered security measures, API security, WAF/Firewall. I define WAF configurations and create protection rules for the entire application, ensuring robust defense, Zero Trust (CloudFlare), cloud security, and security frameworks such as CIS Benchmarks and OWASP. - I develop protection for the Mobile Application, integrating it with RASP, developing multi-factor detection for both Android and iOS, secure traffic via mTLS, advanced obfuscation, SAST, DAST, IAST, among others.

  • Security Researcher & Bug Bounty at Freelancer
    2020 - 2024 · 4 yrs

    Performed penetration testing engagements in corporate environments to identify and assess potential vulnerabilities across networks, systems, and applications using industry-standard security assessment methodologies. Conducted planning and scoping activities, system reconnaissance, enumeration, vulnerability assessment, exploitation, post-exploitation analysis, vulnerability classification, and preparation of comprehensive technical reports. Since 2015

  • Support TI at Ministério Público Federal
    2019 - 2020 · 1 yr

    IT Department – Federal Public Prosecutor's Office of Minas Gerais Provided on-site and remote technical support to institution staff, delivering efficient and high-quality IT services. Demonstrated excellence in incident and service request resolution, ensuring the accurate and timely execution of IT operations. Performed secure data sanitization using advanced encryption and data-wiping tools, guaranteeing the complete and irreversible removal of sensitive information in accordance with security and compliance requirements.

  • Developer at Infomix Ltda
    2017 - 2018 · 1 yr

    Contributed to the SmartDragon project, a SaaS solution providing security for e-commerce platforms by protecting against vulnerabilities through graphical visualizations, dashboards, and monitoring tools. Worked on the development and implementation of security features, ensuring online stores were safeguarded from potential threats. Supported the Reverse Marketplace Hub, integrating products from major national and international distributors and marketplaces with a catalog of over 50,000 items, and implemented Cross-Docking and DropShipping functionalities to enhance logistics and operational efficiency. Participated in the development of enterprise software and custom modules for platforms such as Magento, WooCommerce, and OpenCart, optimizing the management, scalability, and growth of online stores while collaborating with cross-functional teams to deliver secure, scalable, and high-performance solutions tailored to business needs.