Marcello Duarte

In my role, I conduct Red Team operations, penetration testing, and vulnerability assessments to identify and analyze technical security weaknesses within our systems and networks. I stay current with the latest tools, techniques, countermeasures, and trends in computer and network vulnerabilities to effectively protect against emerging threats. By employing internal and external cloud and application testing methodologies, I ensure compliance with industry PCI requirements. Additionally, I perform audits on critical or high vulnerabilities to verify adherence to PCI standards, enhancing our organization's overall security posture.

• Provide leadership for a team of highly motivated offensive security consultants
• Lead full scope Adversarial Simulation / Red Team assessments
• Shape and evolve the Red Team practice within the given mission
• Perform penetration testing against internal infrastructure, cloud environments and applications
• Research emerging threats, disclosed vulnerabilities and cyber intelligence information and understand their relevance to Radical Security's clients
• Research and develop customized tradecraft in order to meet mission objectives
• Perform security and compliance assessments
• Manage threat modeling and secure code audits
• Conduct briefings and recommendations to clients.

• Red Team
• Penetration Tests
• Vulnerability Assessments
• Analyzing technical security weaknesses
• Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer and network vulnerabilities
• Develop tools, techniques, training and countermeasures for computer and network vulnerabilities
• Application security architecture
• Provide development teams guidance and formal security requirements
• Industry PCI requirements such as internal/external network scanning and cryptography methodologies
• Perform audits for critical or high vulnerabilities for adherence to PCI 2.

• Create, enhance, evaluate and maintain threat intelligence data sets
• Lead the research and prototyping of technologies to enhance threat intelligence capabilities
• All source intelligence gathering
• Lead the creation, enhancement and maintenance of software tools and services that facilitate threat intelligence capabilities
• Create reports, charts and info-graphics displaying latest threat intelligence trends
• Create, enhance and maintain infrastructure that supports the threat intelligence department
• Analyze latest vulnerabilities / malware documenting the core problems of specific critical vulnerabilities in order to understand overall threat impact
• Research and Develop automated malware analysis pipelines.

• Identify and implement tools and technologies, continuously improving security posture
• Pen-testing to identify and resolve issues in test and production environments
• Evaluate permissions of users, open ports/services and overall network setup
• Work with operational teams to improve procedures and close gaps
• Review technical security posture (network, application, database) for existing and newly acquired businesses or services
• Analyze ACLs and port connections to production environments
• Examine network, server, and application logs to determine trends and identify security incidents
• Participate in the Security Incident Response Process
• Industry (PCI) requirements such as internal/external network scanning and cryptography methodologies
• Perform monthly scans of the internal and external networks for critical or high vulnerabilities for adherence to PCI
• Set up dashboards and review production logs for documentation of personally identifiable information and patterns of possible security incidents.