Open to opportunities

Gabriel Negreiros Lima

@gabrielnegreiroslima

Message

Senior application security leader driving secure development at scale.

Brazil

Message

What I'm looking for

I am looking for a senior security role where I can lead AppSec strategy, scale DevSecOps automation, mentor engineers, and drive measurable vulnerability reduction within collaborative engineering organizations.

I am a senior application security and cybersecurity leader with 7+ years of hands-on experience in application security, DevSecOps, penetration testing, cloud security, and secure SDLC governance. I design and scale security programs, automate controls, and integrate enterprise tooling across complex engineering organizations.

I have led red-team activities, mentored engineers, executed AI-assisted enterprise threat modeling, and driven vulnerability management across 600+ repositories. I build and maintain automated SAST/SCA pipelines (GitLab CI, Veracode, Snyk), improve vulnerability lifecycle governance (Jira + DefectDojo), and support incident detection and mitigation using solutions like Akamai WAF.

I partner with engineering leadership to embed secure development practices, perform in-depth application penetration tests, and implement DevSecOps automation across CI/CD, Kubernetes, containers, and IaC. I focus on measurable improvements to MTTR, risk reduction, and secure design adoption across product teams.

Experience

Work history, roles, and key accomplishments

Current

Senior Application Security Analyst

Current

Frete.com

Jan 2024 - Present (2 years)

Lead AppSec strategy and automation for a major LATAM logistics platform; implemented AI-assisted enterprise threat modeling and fully automated SAST/SCA pipelines covering 600+ repositories, improving vulnerability governance and MTTR.

Threat Modeling SAST SCA Veracode Snyk DefectDojo Penetration Testing

Application Security Analyst

Frete.com

Jan 2022 - Jan 2024 (2 years)

Drove DevSecOps improvements across engineering squads, performed end-to-end vulnerability analysis and exploitation, and strengthened CI/CD security controls and infrastructure hardening.

DevSecOps CI CD And Exploitation Docker Kubernetes

Pentester & DevSecOps Analyst

Dito CRM

Jan 2019 - Jan 2022 (3 years)

Founding member of the InfoSec team; led a three-person pentest team, implemented security governance and DevSecOps automation, and conducted high-impact penetration tests on cloud-hosted web applications.

Penetration Testing DevSecOps AWS GCP Kubernetes CI CD

DevOps Engineer

Dito CRM

Jan 2019 - Dec 2019 (11 months)

Automated CI/CD pipelines and implemented Docker/Kubernetes deployments to streamline secure delivery pipelines and improve deployment reliability.

CircleCi GitHub Docker Kubernetes CI CD Pipelines Docker Security Infrastructure as Code

Cloud Intern

IN8 Serviços Online

Jan 2017 - Jan 2018 (1 year)

Managed Linux servers and hosting environments while supporting early security product development using Metasploit, OpenVAS, SET, and BurpSuite.

Linux Administration Metasploit OpenVas Burp suite Hosting

IT Intern

CEFET-MG

Jan 2016 - Jan 2017 (1 year)

Maintained virtualization environments and critical campus systems, ensuring operational stability for academic infrastructure.

XenServer Virtualization IT Support Infrastructure Monitoring

Education

Degrees, certifications, and relevant coursework

Centro Federal de Educação Tecnológica de Minas Gerais

Bachelor of Engineering, Computer Engineering

2016 - 2023

Completed a Bachelor of Engineering in Computer Engineering with coursework and projects focused on networks, systems, and security-related topics.

Centro Federal de Educação Tecnológica de Minas Gerais

Technical Degree, Computer Networks & Information Security

2013 - 2015

Completed a technical degree in Computer Networks and Information Security covering networking, systems administration, and introductory security tools and practices.