Rui Gonçalves

• Undertaking low-complexity routine vulnerability assessments using automated and semiautomated tools and escalates issues where appropriate.
• Contribute to documenting the scope and evaluating results of vulnerability assessments.
• Performing vulnerability assessments and business impact analysis for medium complexity information systems.
• Contribute to selection and deployment of vulnerability assessment tools and techniques.
• Plan and manages vulnerability assessment activities within organisation.
• Evaluate and select, reviews vulnerability assessment tools and techniques.
• Obtain and act on vulnerability information and conducts security risk assessments, business impact analysis and accreditation on complex information systems.
• Maintain a Risk Register - logging risks & vulnerabilities etc

• Overseeing security of development and operations of a prototype while integrating with Partners which includes but not only:
• Oversee security of development and operations of the platform while integrating with Partners
• Provide current best practice security measures for protection, intervention, and remediation of security events
• Operational environment is in a cloud (Google Cloud Platform)
• Meeting regulatory oversight and objectives yet to be set by Partners.

• Security analysis of customer’s system environments and products
• Execution of system-related attack surface mapping and technical testing against customer’s target systems.
• Facilitating technical threat modelling workshops and risk assessment workshops
• Planning blackbox or white box testing countermeasures and finding security vulnerabilities in customer systems.
• Writing security assessment reports that include description of the tests and vulnerabilities and recommendations.
• Identification and troubleshooting bugs in existing software/design;
• Designing security features within the software based on requirements, standards and processes;
• Technical security consultancy work with new and actual customers in the fields of Technical Testing, Security Management and/or Cloud Security

• Vulnerability/attack scenario reproduction to ensure the attack is well understood and well protected against
• Carry out testing with exploit PoCs, viruses, Metasploit and other • exploit tools.
• Review for flaws in the rule and relevant codes which have a tendency of being logical/state/detail oriented
• Implement and design small-scale to medium-scale automation in order to simplify testing tasks, improve and assure the best quality using Perl, python, ruby etc.
• Vulnerability scanner execution & results analysis

• Creating cloud-based programs (implementing identity and access management and securely configuring cloud environments)
• Detect possible risk through threat simulation and penetration tests
• Managing encryption of data in the cloud
• Logging, monitoring, and responding to detected incidents in the cloud environment
• Provide security recommendation

• Cisco Voice troubleshooting, Remote Desktop connection Manager, Cisco Unified CM Administration.
• Internetworking Devices – Routing, Switching, Sub Netting
• Direct technical support for all products delivered in this 24/7 telephony and voice environment
• Actively troubleshooting complex incidents and implementing break/fix changes on CUCM, Voicemail and Analog VG issues

• Responsibility for direct supervision of NOC team members
• Conduct Performance Appraisals, coaching, training and objective • settings.
• Provide direction and leadership to build process-focused, cross-functional team.
• Manage scheduling of shift coverage and operational work streams to optimize service delivery.
• Address technical and non-technical escalations
• Report on key metrics of availability, incident resolution and service delivery performance.
• Manage and document Standards, Policies, and Processes for the NOC.
• Perform regular process improvement reviews to ensure ongoing optimization

• Assemble project plans and budgets as well as teamwork assignments, directing and monitoring
• Work efforts on a daily basis, identifying resource needs and performing quality review.
• Direct management of technical projects, including new service deployment and existing network augmentations/upgrades.
• Escalate functional, quality and timeline issues appropriately.
• Technical customer service and consulting support

• Carry out application, network, systems and infrastructure penetration tests

• Review physical security and perform social engineering tests where appropriate

• Evaluate and select from a range of penetration testing tools

• Keep up to date with latest testing and ethical hacking methods

• Deploy the testing methodology and collect data

• Report on findings to a range of stakeholders

• Make suggestions for security improvements

• Enhance existing methodology material

*Collaboration with Companies mainly startups such as: Insighti (www.insighti.com); Spreenauten

(www.spreenauten.com); Ftmo (ftmo.com)