Independent Security Researcher — HackerOne & Bugcrowd
São Paulo, Brazil (remote) · Feb 2026 — Present
- Identified and validated web application and API vulnerabilities using Burp Suite, Nmap, OWASP ZAP, ffuf, and Kali Linux, contributing to 20+ security assessments across public and private bug bounty programs.
- Conducted reconnaissance, attack surface mapping, security automation, and manual security testing using Red Team methodologies and OWASP Top 10 frameworks, uncovering vulnerabilities across Authentication, Authorization, Business Logic, and Security Misconfiguration categories.
- Authored 20+ detailed vulnerability reports including PoC, risk analysis, and remediation guidance — enhancing triage quality by 30% and accelerating responsible disclosure timelines by 25%.