Open to international opportunities

Natan Santos
Offensive Sec

Senior Offensive Security Engineer with 4+ years executing penetration tests, red team operations, and AppSec programs for Fortune-500 and financial-sector clients. Based in Brazil — open to relocation across EU, Canada, UAE, and APAC.

AppSec Red Team Purple Team AWS Azure GCP Active Directory OSCP → in progress
✉ Get in touch View my work

// work history

Experience

4+ years breaking into systems — legally. From DevSecOps pipelines to full-chain Azure red team simulations for national banks.

Offensive Security Senior Associate Jan 2024 — Present

PwC Brasil

  • Executed 12+ enterprise penetration tests per year across web, API, mobile, and multi-cloud (AWS, Azure, GCP) with 0% missed-SLA rate.
  • Designed and led a full-chain Azure red team simulation for a national bank — uncovered 3 critical detection gaps including Entra ID lateral movement and PRT abuse, triggering architectural remediation and new IR playbooks.
  • Conducted Active Directory attack simulations: Kerberoasting, AS-REP Roasting, Pass-the-Hash, and ADCS ESC1/ESC4 chains — improving client detection coverage across AD-based attack paths.
  • Reduced average report turnaround by 25% via reusable Burp Suite extension templates and Python automation for evidence collection.
  • Authored executive-level and technical findings reports consumed by C-suite and engineering teams across banking, retail, and energy sectors.
  • Mentored 2 junior analysts on red team methodology, tooling (BloodHound, Metasploit, Burp Suite Pro), and responsible disclosure.
Red TeamAzure / Entra ID Active DirectoryADCS ESC chains AWSGCP AppSecPurple Team
Application Security Engineer Feb 2023 — Jan 2024

act digital

  • Led web and mobile penetration testing across 8+ product squads — integrated security gates into GitLab CI pipelines, reducing time-to-fix for critical findings by ~40%.
  • Performed SAST (SonarQube) and manual code review in Java and JavaScript — identified and remediated 30+ high/critical vulnerabilities before production release.
  • Designed an AppSec workflow adopted across 4 development teams, cutting recurring OWASP Top-10 findings by 60% within two release cycles.
  • Built MobSF-based mobile security automation, reducing manual iOS/Android review effort by 50%.
  • Executed DAST campaigns and API security assessments (REST/GraphQL) covering auth bypass, IDOR, and business logic flaws.
AppSecSAST / DAST Mobile SecurityMobSF GitLab CISonarQube REST / GraphQL
Application Security Analyst Jun 2022 — Feb 2023

Claro Brasil

  • Conducted end-to-end security assessments of consumer-facing web and mobile apps (millions of subscribers) using Fortify SCA, Checkmarx, and Burp Suite Pro.
  • Integrated SAST/DAST checks into GitHub Actions CI/CD pipelines — enabling injection and auth flaw detection at pull-request stage.
  • Delivered threat modeling sessions (STRIDE) with 3 product teams, producing risk registers that prioritized remediation of 15 high-severity issues within a single sprint.
Fortify SCACheckmarx Burp Suite ProGitHub Actions STRIDEThreat Modeling
Information Security Analyst Feb 2022 — Jun 2022

Kyndryl

  • Administered RBAC and Segregation-of-Duties controls across Azure/AWS environments — reduced excessive-privilege findings by 35% in quarterly access reviews.
  • Produced cloud misconfiguration risk reports for the client's quarterly risk committee, improving executive visibility into IAM and network exposure.
AzureAWS IAMRBACCloud Security
Cybersecurity Analyst Jun 2021 — Feb 2022

Sinqia

  • Configured NGFW, IPS, and IDS systems — developed detection rules reducing mean-time-to-detect anomalous traffic by 30%.
  • Supported incident response investigations and maintained threat-hunting logging infrastructure across the financial platform.
  • Created security baselines for Windows Server and Linux endpoints adopted as company-wide hardening standards.
NGFWIPS / IDS Incident ResponseThreat HuntingHardening

// capabilities

Core Skills

Full attack-surface coverage — from web and mobile to enterprise Active Directory and multi-cloud environments.

🌐

Web & API Pentesting

  • OWASP WSTG / Top-10
  • REST & GraphQL assessments
  • Auth bypass, IDOR, BLF
  • Burp Suite Pro
  • eWPTX certified
🎯

Red Team Operations

  • Full-chain adversary simulation
  • MITRE ATT&CK emulation
  • Cobalt Strike / Metasploit
  • Lateral movement & pivoting
  • CRTA certified
🏰

Active Directory Attacks

  • Kerberoasting / AS-REP Roast
  • Pass-the-Hash / Pass-the-Ticket
  • ADCS ESC1 / ESC4 chains
  • DCSync / BloodHound
  • Impacket / CrackMapExec
☁️

Cloud Pentesting

  • AWS IAM privilege escalation
  • SSRF-to-IMDS / S3 chains
  • Azure Entra ID / PRT abuse
  • GCP service account abuse
  • GKE attack paths
📱

Mobile Security

  • iOS & Android pentesting
  • OWASP MSTG
  • MobSF automation
  • Frida & Objection
  • Runtime instrumentation
🔧

AppSec & DevSecOps

  • SAST / DAST integration
  • Secure code review (Java, JS)
  • CI/CD pipeline security
  • Threat modeling (STRIDE, PASTA)
  • SonarQube, Fortify, Checkmarx

// notable work

Highlights

Original research, CVEs, bug bounty findings, and freelance engagements. This section grows with every new discovery. Full writeups in the Writeups section.

Research · Network / L2

802.1X Bypass & MACsec Downgrade via MKPDU Suppression

Practical exploitation of Cisco switch port security — bypassing 802.1X authentication and downgrading MACsec through MKPDU frame suppression.

802.1XMACsecCiscoMKPDU
Original ResearchRead writeup →
Soon
🔎

CVE Research

Vulnerability disclosures will appear here

Soon
🏹

Bug Bounty

HackerOne / Bugcrowd findings will appear here

Soon
💼

Freelance

Independent security engagements will appear here

// credentials

Certifications

Hands-on, lab-based certifications that prove real attack skills — not multiple-choice theory.

eWPTX

Web Application Penetration Tester eXtreme

eLearnSecurity / INE

Certified

CRTA

Certified Red Team Analyst

Altered Security

Certified

eJPT

Junior Penetration Tester

eLearnSecurity / INE

Certified

SC-900

Microsoft Security, Compliance & Identity

Microsoft

Certified

OSCP

Offensive Security Certified Professional

Offensive Security

In progress

// academia

Education

MBA — Cybersecurity, Ethical Hacking & DevSecOps Aug 2022 — Aug 2023

FIAP, São Paulo

A.S. — Computer & Information Systems Security Aug 2019 — Jan 2022

UNINOVE, São Paulo

// let's talk

Contact

Open to full-time roles internationally, freelance engagements, and vulnerability research.
Drop a message — I reply fast.

✉ natanods4@gmail.com GitHub LinkedIn →