Open to opportunities

Pedro Ketzer

@pedroketzer

Message

Application Security Engineer securing cloud-native fintech systems processing $2B+ per quarter.

Brazil

Message

What I'm looking for

I’m looking for roles where I can help strengthen SSDLC practices by partnering with engineering teams on threat modeling, secure code reviews, and security tooling that enables developers to ship secure software.

I am an Application Security Engineer working on securing high-scale financial and cloud-native systems. In my current role, I contribute to protecting platforms that process more than $2B in transactions per quarter by identifying vulnerabilities and integrating security practices into fast-moving engineering environments.

My work sits at the intersection of Application Security and Software Engineering. I focus on threat modeling using STRIDE, secure code reviews, and penetration testing across systems written in Go, Java, and JavaScript. A large part of my work involves embedding security directly into the SDLC and CI/CD pipelines so that engineering teams can move quickly while maintaining strong security standards.

I am particularly interested in scaling security practices across engineering organizations, from vulnerability triage and architectural analysis to building practical controls that developers can adopt without friction.

Beyond the technical work, I also spend time helping developers understand security concepts. I currently teach web security topics for developers and previously served as a mentor in Brazil’s first government-backed DevSecOps residency program, helping guide new professionals entering the security field.

Core stack: Go, Java, Python, TypeScript, AWS, Kubernetes, Terraform, GitHub Actions
Specialties: Threat Modeling, Secure Code Review, Pentesting, Vulnerability Management, Bug Bounty Triage, DevSecOps

Experience

Work history, roles, and key accomplishments

Current

Instructor, Web Application Security

Current

Alura

Jun 2025 - Present (1 year)

Co-designed and delivered an introductory-to-intermediate web application security course covering browser security, XSS, CSRF, CORS, CSP, and secure coding practices for developers.

Web Security XSS CSRF Secure Coding Teaching

Current

Application Security Engineer

Current

Mercado Libre

Aug 2023 - Present (2 years 10 months)

Secured financial products processing $2.3B+ per quarter via threat modeling, penetration testing, and secure code reviews; identified a $300M PIX ecosystem risk and drove policies and cloud architecture standards during remediation and M&A integration.

Threat Modeling Secure Code Review Standards Penetration Testing CodeQl Go Java Python

Mentor, DevSecOps Residency

RNP – Hackers do Bem

Feb 2025 - Aug 2025 (6 months)

Guided residents in implementing SAST tools and a dependency catalog within an RNP application as part of a six-month government-backed DevSecOps residency program.

Mentoring SAST Dependency Management DevSecOps Application Security

Application Security Engineer

MadeiraMadeira

Sep 2022 - Aug 2023 (11 months)

Secured 30+ applications through threat modeling and code reviews, identifying 5 critical vulnerabilities and securing a $40M/year application to ensure zero security-related downtime while embedding security into CI/CD pipelines.

Threat Modeling Code Review DevSecOps CI CD JavaScript Java SAST

Cybersecurity Consultant

Daryus Consultoria e Treinamento

Jun 2022 - Aug 2022 (2 months)

Conducted high-velocity penetration tests for five enterprise clients over two months, delivering critical risk reports and remediation strategies to C-level stakeholders.

Penetration Testing Exploit Development Risk Assessment