Open to opportunities

Fernando Fresteiro

@fernandofresteiro

Message

Offensive security specialist delivering red-team pentesting and vulnerability remediation.

Brazil

Message

What I'm looking for

I want to achieve significant professional growth within a high-performance cybersecurity environment. I aim for deep technical specialization in Offensive Security, with potential leadership roles, in a healthy, collaborative workplace.

I’m an Offensive Security Specialist focused on Offensive Security (OffSec) execution—running continuous penetration tests, Red Team operations, and vulnerability research across digital ecosystems. Across Icatu Seguros, B2W Digital, Telefônica VIVO, and iFood, I manage the vulnerability lifecycle and partner with development teams to drive effective remediation.

I bring deep hands-on expertise across web, mobile, network, and wireless testing, including exploitation and reconnaissance automation with custom scripts. I’ve led Bug Bounty program triage and coordinated rapid patching, and I’m currently architecting proactive Attack Surface Management (ASM) solutions that integrate automation and LLMs for actionable technical insights and executive-level KPIs.

Experience

Work history, roles, and key accomplishments

Security Specialist (IT Risk)

Ifood

Jan 2026 - Apr 2026 (3 months)

Conducted IT risk assessments through an offensive lens and architected proactive Attack Surface Management (ASM) solutions. Integrated automation and LLMs to streamline threat prioritization and deliver actionable technical insights and executive-level KPIs.

IT Risk Management Attack Surface Management (ASM)Offensive Security Automation Security Analytics Executive Reporting

Security Specialist (OffSec)

Jusbrasil

Sep 2024 - Sep 2025 (1 year)

Performed web penetration tests and supported Attack Surface Management (ASM) implementation. Built headless crawling solutions and other techniques to avoid blocking during reconnaissance.

Penetration Testing Attack Surface Management (ASM)Web Reconnaissance Headless Crawling Vulnerability Research Offensive Security

Security Specialist (OffSec)

Ifood

Jul 2022 - Sep 2024 (2 years 2 months)

Performed security assessments for microservices and cloud-native applications, focusing on identifying and mitigating vulnerabilities. Managed the Bug Bounty program by triaging reports and coordinating rapid patching with internal squads, and implemented controls to prevent fraud and data leakage.

Microservices Security Bug Bounty Security Triage Vulnerability Patch Coordination

Security Specialist (OffSec)

Telefônica Vivo

Oct 2020 - Jul 2022 (1 year 9 months)

Executed large-scale infrastructure penetration tests and network security assessments across legacy and cloud architectures. Developed custom scripts for automated reconnaissance and exploitation to protect critical telecommunications data.

Security Assessments Penetration Testing Infrastructure Security Cloud Security Reconnaissance Automation Legacy Systems Testing

Security Specialist (OffSec)

B2W Digital

Sep 2019 - Sep 2020 (1 year)

Performed advanced penetration testing on web and mobile platforms for major e-commerce brands, focusing on business logic and API security flaws. Collaborated with AppSec to integrate automated scanning tools and promote secure coding practices across engineering chapters.

Penetration Testing Web Security Mobile Security API Security AppSec Automated Scanning Tools Secure Coding

Senior Security Analyst

Icatu Seguros

Mar 2017 - Sep 2019 (2 years 6 months)

Led the Offensive Security (OffSec) front, performing continuous penetration testing and Red Team operations to identify critical flaws across the digital ecosystem. Managed the vulnerability lifecycle and supported development teams with technical remediation guidance.

Offensive Security Red Teaming Penetration Testing Vulnerability Management Infrastructure Security Application Security Risk Assessment