Lucas Banker
@lucasbanker
Senior Vulnerability Management Engineer | CTEM Specialist | Attack Path Analysis & Risk-Based Prioritization | CrowdStrike Falcon
What I'm looking for
I am a Cybersecurity Specialist focused on Continuous Threat Exposure Management (CTEM) and Risk-Based Vulnerability Management integrated with Cyber Threat Intelligence (CTI). My expertise lies in transforming overwhelming vulnerability data into threat-informed risk mitigation by leveraging advanced Attack Path Analysis and Cyber Threat Intelligence (CTI).
What I bring to global enterprise environments:
- CTEM & Automation: Engineered automated pipelines integrating CrowdStrike Exposure Management with Jira (ITSM) and Active Directory to dynamically triage risks and reduce MTTR.
- Risk Prioritization: Shifted organizations from generic CVSS scores to business-context prioritization using CISA KEV, EPSS, zero-day intel, and critical attack path mapping.
- Full-Scale Infrastructure: Mapping exposures across hybrid architectures, cloud infrastructure, Kubernetes clusters, and industrial networks (OT).
- Holding a degree in Cyber Defense and an post-graduation specialization in Corporate Cybersecurity Management, I bridge the gap between technical threat engineering and business metrics for enterprise leadership.
⚡ In Progress: Certified Red Team Operator I (CRTO) & Red Team Lead (CRTL) from Zero Point Security.
Experience
Work history, roles, and key accomplishments
CTEM/VM Security Lead
Midway
Jan 2026 - Present (6 months)
Finance, Retail & Mfg Experience: Lead Vulnerability Management and CTEM programs across workstations, on-prem, multi-cloud, and Kubernetes. Prioritize risks via CTI and attack paths. Orchestrate automation with ITSM tools. Support incident response and ensure compliance with ISO 27001, NIST, SOC 2, and BCB 4,893.
Endpoint Security Leader
Midway
Jan 2025 - Dec 2025 (11 months)
Finance, Retail & Mfg Experience: Led technical strategy and administration for Endpoint Security. Managed and optimized CrowdStrike Falcon, Skyhigh Proxy, and Trellix DLP. Enforced policies (USB block/malicious web), managed IOCs/IOAs, and collaborated with CTI/IR for threat hunting. Served as technical lead for incident response and posture hardening.
IS internal Auditor (ISO 27001)
Mantu
Mar 2025 - Jul 2025 (4 months)
Industry: Financial
Internal audit (ISO 27001 & NIST CSF) for BNP Paribas Bank
• Temporary security audit engagement
• ISO 27001 internal audits
• NIST Cybersecurity Framework (CSF) alignment assessment
• Information security processes and controls validation
• Information security control evidence analysis
• Security gap analysis and reporting
• Physical data center audits and walkthroughs
Principal InfoSec Consultant (GRC)
Safra Bank
May 2024 - Dec 2024 (7 months)
Financial Industry Experience: Led GRC & TPRM lifecycles as primary contact. Assessed third-party risks, validating controls, evidence, and certifications (ISO 27001, CSA STAR, SOC 2). Enhanced security governance and ensured strict compliance with Banco Central do Brasil (BCB) Resolution No. 4,893.
Security Engineer
L'Oréal
Oct 2021 - Jun 2024 (2 years 8 months)
Cosmetics & Mfg Experience: Managed web, e-commerce, and on-prem server vulnerabilities. Coordinated pentests and AppSec (SAST, DAST, SCA), prioritizing risks by business context. Conducted threat intelligence (CTI) and supported incident response. Evaluated third-party architectures, managed GRC/TPRM lifecycles, and delivered security awareness programs.
Industry: Brewery, Consumer Goods.
• Managed Change Management processes
• Managed patch management and deployment
• Managed vulnerability management for cloud servers
• Led the Vulnerability Management and Patch Management lifecycle
Incident Response and CTI Analyst
Natura & Co.
Jul 2021 - Sep 2021 (2 months)
Industry: Cosmetics/Consumer Goods and Manufacturing.
• Incident response
• EDR administration
• Identity security incident response
• Conducted Cyber Threat Intelligence (CTI) analysis and reporting
• Managed Indicators of Compromise (IOCs)
Security Operations Center Analyst (L3)
ISH
Apr 2021 - Jun 2021 (2 months)
Industry: Cybersecurity Services, MSSP.
• Administered and tuned security tools
• Provided advanced support for the MSS SOC
Security Operations Center Analyst (L2)
Future Information Security
Jul 2020 - Mar 2021 (8 months)
Industry: Cybersecurity Services, MSSP.
• Administered and tuned security tools
• Provided Level 2 (L2) support for the MSS SOC
Security Operations Center Analyst (L1)
Future Information Security
Dec 2017 - Jun 2020 (2 years 6 months)
• Monitored network and security tools
• Administered and tuned security tools
• Provided Level 1 (L1) support for the MSS SOC
Infantry Soldier
Brazilian Army
Mar 2011 - Feb 2012 (11 months)
• Discipline and accountability
• Teamwork and leadership
• Operational planning and execution
• Decision-making under pressure
• Adaptability and resilience
• Attention to detail
• Commitment to mission objectives
Education
Degrees, certifications, and relevant coursework
Estácio
Post-gratudation Degree - Specialization, Enterprise Cybersecurity Management
2023 - 2023
Estácio
Associate of Technology, Cyber Defense
2020 - 2022
Estácio
Bachelor's Degree (Bacharelado), Business Administration
2017 - 2022
Undergraduate bachelor’s program in Business Administration.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Salary expectations
Social media
Job categories
Skills
Interested in hiring Lucas?
You can contact Lucas and 90k+ other talented remote workers on Himalayas.
Message LucasGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
