Eduardo Vasconcelos

Computer Engineer | Senior Mobile Security Engineer @ iFood | Master's Student | eCPPTv2 + 6

TryHackMe


About Me

I’m a computer engineer currently working for a tech company as a senior mobile security engineer. My duties comprise mainly designing and coding Android and iOS application security mechanisms.

Before that, I used to work at a research institute that provided penetration testing services for a major Android device manufacturer. My job was to find and exploit vulnerabilities in global Android applications.

I’m currently pursuing a Master’s degree in Computer Science and Computational Mathematics. My research focuses on leveraging mutation testing techniques to inject vulnerabilities into Android apps as a means to evaluate mobile security testing procedures.

I’m a Catholic and a husband. I absolutely love building stuff, especially when I can literally get my hands dirty. Apart from building and sometimes reversing software, I also enjoy carrying out electronics and woodworking projects, reading and camping.

Contact Me

Skills

  • Technical Writing & Reporting ◼◼◼◼◼
  • Scripting & Tool Development ◼◼◼◼◼
  • Android Application Security Testing ◼◼◼◼◻
  • Software Engineering ◼◼◼◼◻
  • Secure Programming ◼◼◼◼◻
  • Interpersonal Skills ◼◼◼◼◻
  • Network Security Testing ◼◼◼◼◻
  • Android Application Development ◼◼◼◻◻
  • Reverse Engineering ◼◼◼◻◻
  • Web Application Security Testing ◼◼◼◻◻
  • iOS Application Development ◼◻◻◻◻

Certifications

  • eLearnSecurity Certified Professional Penetration Tester (eCPPTv2)
  • CompTIA PenTest+
  • EC-Council Certified Ethical Hacker (CEHv10)
  • TryHackMe Throwback (Attacking Windows Active Directory)
  • EXIN Ethical Hacking Foundation
  • EXIN Secure Programming Foundation
  • IBM Certified Administrator (Security Guardium V10.0)

What I Do (For The Most Part)

Experience

iFood

Senior Mobile Security Engineer | February 2022 – Present

  • Designing and coding Android and iOS application security and fraud prevention mechanisms
  • Integrating Runtime Application Self-Protection (RASP) solutions into mobile app pipelines

SiDi

Senior Software Security Analyst | February 2021 – February 2022
Software Security Analyst | April 2019 – February 2021

  • Engaged in Android, Web and Network infrastructure security assessments, as well as security code reviews
  • Carried out two R&D projects, namely: Android Permissions System circumvention & Android UI deception abusing a11y services and application overlays

Hacker Rangers (formerly Perallis Security)

Information Security Analyst | September 2017 – April 2019
Information Security Trainee | June 2017 – September 2017

  • Worked as a consultant providing several Offensive Security services such as Web Application and Network security assessments and Phishing campaigns
  • Engaged in application Cloud Identity development and integration
  • IBM Security Guardium sysadmin and certified instructor

Embraer

IT Intern | September 2016 – June 2017

  • Helped develop an IT Change Management plan
  • Performed corporate Web traffic analysis

Sigmedia (Trinity College Dublin research lab)

Engineering Intern | May 2014 - Jul 2014

  • Developed a Machine Learning model aimed at detecting laughter in human speech
  • Processed digital voice signals to feed said model

Education

University of São Paulo (USP)

MSc, Computer Science and Computational Mathematics | 2022 – Present

  • Master’s degree, Software Engineering
  • My research focuses on leveraging mutation testing techniques to inject vulnerabilities into Android apps as a means to evaluate mobile security testing procedures
  • Served as Software Engineering teaching assistant

University of Campinas (Unicamp)

Specialization, Software Engineering | 2019 – 2019

  • One-year Specialization Program in Software Engineering
  • My aim with taking this course was to gain familiarity with SDLC practices so as to become more skilled at AppSec analysis and catch a glimpse at the big picture of software development
  • Graduated with GPA 9.4/10.0

University of São Paulo (USP)

BEng, Computer Engineering | 2012 – 2017

  • São Paulo Research Foundation (FAPESP) undergraduate research scholarship
  • Served as undergraduate research intern at ICMC-USP’s Distributed Systems and Concurrent Programming Laboratory (LaSDPC), where I worked at a research project focused on forecasting floods in cities
  • Graduated 13th/59 with GPA 7.5/10.0
  • I was granted ICMC-USP’s Best Computer Engineering Undergraduate Thesis Award 2016 for my project on emotion recognition in human speech using Machine Learning
  • Served as Python Programming and Object-oriented Programming teaching assistant
  • Served as junior enterprise PHP developer

Trinity College Dublin (TCD)

Exchange student @ BEng, Electronic Engineering | 2013 – 2014

  • Brazilian Federal Government “Science without Borders” (SwB) scholarship
  • Full-term visiting student (60 ECTS with Honors)
  • I was granted a Special Prize for the Best Product Branding Video at the Trinity Engineering Student Entrepreneurs of The Year Competition 2014, promoted by the TCD School of Engineering

Microlins

Professional Training, Computer Hardware and Network Maintenance | 2007 – 2007

  • This was my first serious contact with computers as a young man
  • Learned the basics of computer hardware, operating systems and computer networks

Relevant Courses & Learning Activities

  • Hacking Mobile Application - Android @ Sec4US (ongoing)
  • Android Architecture Masterclass @ iFood iLearn, 2022
  • GitLab CI: Pipelines, Continuous Delivery & Deployment @ iFood iLearn, 2022
  • Advent of Cyber 3 @ TryHackMe, 2021
  • Introduction to Antenna Basics @ HackadayU, 2021
  • Windows Privilege Escalation for Beginners by The Cyber Mentor @ Udemy, 2021
  • Throwback Network Labs @ TryHackMe, 2021
  • Threat Modeling Security Fundamentals @ Microsoft Docs Learn, 2021
  • Penetration Testing Professional (PTP) v5 @ eLearnSecurity, 2020
  • Practical Ethical Hacking: The Complete Course by The Cyber Mentor @ Udemy, 2020
  • Certified Ethical Hacker (CEH) v10 @ EC-Council, 2020
  • CompTIA PenTest+ (Ethical Hacking) Course & Practice Exam by Jason Dion @ Udemy, 2019
  • Brazilian General Data Protection Act (“LGPD”) @ Escola Virtual.Gov, 2019
  • AWS Cloud Practitioner Essentials @ AWS, 2019
  • Tenable BootCamp Training @ Tenable Network Security, 2018
  • Secure Programming @ Clavis Security, 2018
  • Introduction to Cryptography @ Unicamp, 2018
  • The Complete Wireshark Course @ Udemy, 2017
  • Nmap: Network Scanning Basics and Advanced Techniques @ Udemy, 2017
  • Metasploit @ Cybrary, 2017
  • Cybersecurity Best Practices @ Perallis Security, 2017
  • Computer Security @ Unicamp, 2017
  • Information Protection @ Embraer, 2016

Languages

  • Portuguese ◼◼◼◼◼ (native)
  • English ◼◼◼◼◻ (High school exchange student in Ontario, 2008 – 2009; Engineering school exchange student in Ireland, 2013 – 2014)
  • French ◼◼◼◻◻
  • Italian ◼◼◻◻◻

Prizes

  • Best Computer Engineering Undergraduate Thesis Award – ICMC-USP, 2016
  • Special Prize (Best Product Branding Video) @ Trinity Engineering Student Entrepreneurs of The Year Competition – TCD School of Engineering, 2014
  • Gold Medal @ X Brazilian Astronomy Olympiad – Brazilian Astronomical Society & Brazilian Space Agency, 2007
  • Bronze Medal @ III São Paulo State Countryside Kendo Championship – São Paulo State Kendo Federation, 2015

Extras

  • Brazilian Kendo Confederation Kendo Ikkyu (kendo “brown belt”)
  • Electronics hobbyist
  • Woodworking hobbyist
  • DIY car detailer
  • Handyman
  • Sportsman
  • Full-time husband, happily married to the most beautiful and loving woman on this planet
  • Swiss Army Knife enthusiast
  • Catholic, member of the Society of Saint Vincent de Paul and extraordinaty minister of Holy Communion in my parish
  • Guitar player

“Be thou strong therefore, and shew thyself a man.” – 1 Kings 2, 2b