nasgoncalbes

Lead Security SDLC modernization effort: SBOM and providence attestation for each step of the SDLC process and support systems (following SLSA + in-toto attestations). Standardization SDLC controls and policies across firmwide + entities. SAST pipeline integration for Software Security Assurance (SSA) controls. Expansion and standardization of the SAST offering. Security Scan Results Attestation. Migration Security Pipelines to new standard Security pipelines. Vulnerability management. Data feed and APIs to determine the security posture of a production deployment (Software and/or Services).

Development of reusable/repeatable architectural pattern around all aspects of software deployment and infrastructure provision (DevSecOps). Guide, support and upskill other squads in the development of automation projects and agile adoption. Reusable architectural patterns for Software and Infrastructure deployments (DevSecOps, CI/CD, Automation, BDD); Automation and pipeline architecture and development; Process simplification and optimisation (Value Stream Mapping). Stateless and Stateful applications strategies. Configuration-as-code, Infrastructure-as-code, configuration modelling. Knowledge Sharing Sessions, High-Level Design and Low-Level Design documentation. Automation and component Development, 3 service integrations 'glue' (Ansible, Python). Definition SLI, SLO and Error Budget Dashboards. Agile metrics, Business KPI’S, Value Stream Mapping. Aligned with SDLC.

Development of automation workflow to deploy fully functional Hadoop environment. Hadoop for Splunk integration, Hadoop data roll, unified search, archived indexes. On prem and Cloud compatible solution implementation. Tech stack, (Ambari, YARN, HDFS and Zookeeper).

Design and development of an organization Security Operation Centre: Hardware procurement and installation (e.g., Switches, Storage, Blade server, etc.). Architecture and Implementation multisite (private), terabyte Splunk environment: More than one thousand data sources. Data Lifecycle – retention & destruction policies. Data onboarding (parsing and field extraction) and validation. Design and develop an automated backup solution for Splunk operational data: Implementation based on the best security practices (Public key encryption) data at rest and in transit. On prem and cloud storage platforms.

Design and development of an organization Security Operation Centre [Energy - Portugal]. Deployment and configure ArcSight SIEM. Deployment and tuning of IT Governance (ISO 27001) and NERC CIP packages and use cases. Tunning rules for vulnerability Identification. Integration of multiple data sources.