You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
André AtaídeAA

André Ataíde

Cyber Security Analyst

€190/day
Porto, PT
3-7 years

Average response time: 1 hour

About André

Security budgets grow. Policies multiply. Yet most organisations still can't trace who decided to ship that vulnerable component, or whether anyone decided at all.

I design the structural layer that lets GRC, CTI, and engineering functions verify each other's records instead of taking them on faith. Not another tool that sits inside one team — the trust architecture that makes their outputs independently confirmable under NIS2, CRA or any other EU Act.

Master’s in Information Systems. Currently pursuing a postgraduate specialisation in Applied Cybersecurity.
  • Portuguese

    Native or bilingual

  • English

    Conversational

  • French

    Basic

Remote only
Primarily works remotely

Experience

  • Grupo Boticário (GB.Tech)
    Cyber Security Analyst
    DIGITAL AND IT
    October 2025 - July 2026 (9 months)
    São Paulo, State of São Paulo, Brazil
    • ● Performed SCA-informed dependency and third-party component risk analysis across ML data pipelines and model deployment workflows, mapping supply chain attack surfaces to ISMS control objectives (ISO 27001 A.5.19, A.5.20, A.8.30).
    • ● Contributed to cross-functional risk reviews, translating vulnerability findings and compromised-dependency scenarios into prioritised risk register entries for non-security stakeholders, following a structured TPRM approach.
    • ● Produced failure-mode analysis and system-behaviour documentation aligned to supply chain security controls, generating audit-ready evidence for risk governance and ISO 27001 PDCA cycles.
    Risk and Vulnerability Assessment Machine learning Supply chain
  • Grupo Salvador Caetano (GSC)
    Application Security Intern
    RETAIL (LARGE RETAILERS)
    November 2023 - October 2024 (11 months)
    Porto, Portugal
    • ● Assessed software security maturity with OWASP SAMM across engineering and security functions, mapping findings against ISO 27001 controls (A.5.1, A.5.8, A.5.20, A.8.25, A.8.29, A.8.32) and documenting policy-practice gaps in the secure SDLC.
    • ● Designed and prototyped a risk-based release gate integrating CVSS, EPSS, asset criticality, operational exposure, and compensating controls into an decision matrix with role-mapped, append-only audit logging.
    • ● Built an entropy-based scanner for credential exposure detection in source code, producing structured findings for control monitoring and evidence collection.
    ISO 27001 DevSecOps OWASP SDLC
  • Federal University of Pernambuco (UFPE)
    IT Risk & Security Analyst
    April 2020 - August 2022 (2 years and 4 months)
    Recife, PE, Brazil
    • ● Formalised vulnerability identification across broadcast and IT infrastructure, building an internal risk assessment framework with audit-ready documentation.
    • ● Automated log analysis and anomaly detection with Python, producing technical risk reports for senior management.

Recommendations

Be the first to recommend André

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Post-Graduation
    Lusófona
    2026
    Applied Cybersecurity
  • Master's Degree
    School of Engineering, University of Minho
    2026
    Information Systems

Skill set

Categories