Skip to main content
RB
Open to opportunities

Rafael Bosch

@rafaelbosch

CRTE/CRTP-certified red team operator delivering CVE-driven enterprise security improvements.

Brazil
Message

What I'm looking for

I’m looking to lead red-team and offensive security engagements—mapping TTPs to MITRE, delivering CVE-driven findings, and partnering with dev teams to remediate vulnerabilities while improving detection in SIEM/EDR.

I’m a CRTE/CRTP-certified Red Team operator focused on offensive security that leads to measurable risk reduction. I’ve authored 3 published CVEs and documented enhanced security posture through exploits on Exploit-DB.

In my roles, I execute large-scale penetration testing and adversarial simulations mapped to MITRE ATT&CK TTPs. I’ve run 10 adversarial simulations to drive outcomes like domain compromise, credential harvesting, and EDR bypass across multiple kill chain phases.

I bring hands-on experience across web, mobile, wireless, and infrastructure environments—penetrating targets beyond one layer of the attack surface. I’ve executed 300+ penetration tests, covering OWASP Top 10, and I’ve supported enterprise remediation by reporting and guiding cross-functional teams.

I also contribute to malware research and security tooling. I’ve reverse-engineered macOS malware, developed detection logic (including Yara rules), and improved internal threat detection through adversary simulations—pairing operational findings with training and Secure Development Lifecycle (SDLC) discipline.

Experience

Work history, roles, and key accomplishments

CB

Application Security Engineer

Claro Brasil

Jan 2023 - Jan 2024 (1 year)

Improved security threat detection by applying 60+ CI/CD application manual reviews and authoring custom security rules. Validated remediation using SAST/DAST findings and helped integrate regex-based detection patterns into the CI/CD pipeline.

CI CD SecurityDASTBurp suiteOWASP ZAPNucleiNmapMetasploitBloodHoundWireshark
EA

Offensive Security Engineer

Ernesto Borges Advogados

Jul 2022 - Jan 2024 (1 year 6 months)

Performed advanced infrastructure penetration testing and security assessments for web extensions and RPA systems. Conducted Red Team operations including WPA2-Enterprise and Evil Twin wireless assessments, delivering executive reports and remediation guidance while reducing cloud assessment overhead by 40%.

Penetration TestingRed Team OperationsWireless Security Testing (WPA2 Evil Twin)Executive Reporting
MO

Malware Researcher

Mosyle

Jan 2022 - Jun 2022 (5 months)

Reverse-engineered macOS malware and produced documented malicious indicators and behavioral fingerprints. Developed YARA rules and conducted threat intelligence research to identify emerging macOS malware and malicious groups.

Malware AnalysisYARAThreat IntelligenceBehavioral Fingerprinting
IS

Penetration Tester

IBLISS Digital Security

Oct 2021 - Apr 2022 (6 months)

Performed mobile penetration testing and Red Team operations across client sectors. Improved assessment kickoff and delivery practices while strengthening penetration testing methods.

Red Team OperationsVulnerability AssessmentPenetration Testing

Education

Degrees, certifications, and relevant coursework

FA

FIAP - Paulista Faculty of Informatics and Administration

Master of Business Administration (MBA), Cybersecurity & Governance

2026 - 2027

Completed an MBA in Cybersecurity & Governance at FIAP (remote) from 2026 to 2027.

II

IPOG - Postgraduate and Undergraduate Institute

Postgraduate Degree, Cyber/Computer Forensics and Counterterrorism

2024 - 2025

Completed a postgraduate degree in Cyber/Computer Forensics and Counterterrorism from 2024 to 2025.

IE

IDESP - Daryus Institute of Higher Education

Postgraduate Degree, CyberThreat Intelligence (CTI)

2024 - 2025

Completed a postgraduate degree in CyberThreat Intelligence (CTI) from 2024 to 2025.

FA

FIAP - Paulista Faculty of Informatics and Administration

Degree, Cybernetic Defense

2021 - 2023

Completed a degree in Cybernetic Defense at FIAP from 2021 to 2023.

Tech stack

Software and tools used professionally

GitHub logo

GitHub

DB logo

DB

.NET logo

.NET

Wireshark logo

Wireshark

macOS logo

macOS

ZAP logo

ZAP

Zap logo

Zap

Mapped logo

Mapped

Nmap logo

Nmap

Metasploit logo

Metasploit

OWASP ZAP logo

OWASP ZAP

Nuclei logo

Nuclei

Bruno logo

Bruno

Remote logo

Remote

Mosyle logo

Mosyle

Availability

Open to opportunities

Location

Brazil

Authorized to work in

Brazil

Website

saravejo.com

Portfolio

github.com/saravejo

Job categories

Red Team OperatorPenetration TesterApplication Security EngineerMalware ResearchCybersecurity OperationsRed TeamerRed Team SpecialistRed Team EngineerRed Team LeadRed Team ManagementAI Red Team SpecialistRed Team LeadershipRed Team Engineering

Skills

Red Team OperationsPenetration TestingWeb SecurityOWASP Top 10OWASP ZAPBurp suiteNmapMetasploitNucleiBloodHoundWiresharkMimikatzHashcatCobalt StrikeNetExecNessusAircrack NgYARASASTDASTEDR SIEM ToolsSDLCCI CDAWSPCI DSSISO 27001CIS.NETBrunoGitHubMappedMosyleZAPMacOSExploitDB Remote

Interested in hiring Rafael?

You can contact Rafael and 90k+ other talented remote workers on Himalayas.

Message Rafael

People also viewed

View all talent

Find your dream job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan