Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Vladimir Budu

Lisbon

Summary

Passionate offensive security professional with hands-on experience in penetration testing and vulnerability assessment. Skilled with red teaming tools and ethical hacking techniques. Constantly learning through labs and certifications. Eager to contribute my skills to a cybersecurity role.

My cybersecurity career began with a foundation in software development, due to the lack of formal (and inexpensive) university programs in the field at the time.

This hands-on coding experience and understanding of how system and networks work allowed me to advance my career in cyber security/red teaming area.

Overview

13
13
years of professional experience
4
4
Certifications

Work History

Cloud Security Consultant

GALP
10.2024 - Current
  • Cloud Security Posture Management: Analyzed Azure Defender for Cloud recommendations to harden cloud infrastructure, implementing prioritized remediations to reduce critical risks. Used KQL (Kusto Query Language) to perform threat hunting across Azure Monitor, Log Analytics, and Microsoft Sentinel, creating custom security reports.
  • Validated Client Data Protection (CDP) implementations against regulatory requirements (GDPR, ISO27001), to ensure proper safeguards for sensitive data.
  • Used ArcSight ESM rule correlation techniques to reduce false positives.
  • Identified high-risk vulnerabilities via Microsoft Defender Advanced Hunting, correlating findings with MITRE ATT&CK tactics for contextual prioritization and MITRE'S CAPEC (Common Attack Pattern Enumeration) to find attack patterns linked to CVEs.
  • Stakeholder Reporting: Produced executive and technical reports on security trends, translating complex findings into actionable remediation plans for engineering teams

DevSecOps Engineer

Vestas
12.2023 - 10.2024
  • Implemented custom integrations with SAST/DAST (SonarQube), SCA (Black Duck),
  • Automated security gates in CI/CD (Jenkins/GitHub Actions) with quality thresholds.
  • Built vulnerability dashboards (Grafana / Prometheus+ Python) for real-time risk monitoring.
  • Supported teams regarding security pipeline implementation.
  • Enforced container security (Trivy) and secrets detection (GitLeaks) in pipelines.


Application Security Architect

Santander PT
01.2021 - 10.2023
  • Started as developer and then was part of team leading the digital transformation of core services by architecting zero-trust security solutions, leveraging NIST SP 800-207 principles including:
  • MTLS for service-to-service encryption
  • OAuth2/OpenID Connect for identity federation
  • API rate-limiting and DDoS protection.
  • Real-time fraud detection using behavioral analysis.
  • Designed scalable security controls for high-traffic environments, ensuring resilience against high traffics volumes.
  • Collaborated with engineering and product teams to align security measures with business requirements, integrating safeguards into the development lifecycle.

Vulnerability Assessment and Penetration Tester

Landing.jobs
08.2017 - 11.2017
  • Automated scanning with Burp Suite (Scanner + Intruder), OWASP ZAP (AJAX Spider), and Nuclei (for CVE-based checks)
  • Advanced exploitation using SQLMap (tamper scripts), XSS Hunter, and Metasploit (for chained attacks)
  • AuthN/AuthZ testing with custom scripts (Python + Bash) to bypass flawed JWT/OAuth2 implementations
  • Business logic testing via manual probing with Postman/Repeater for API-specific flaws
  • Delivered to client prioritized risk reports with CVSS scoring and remediation playbooks

Software Development Consultant

Novobanco
01.2019 - 11.2020

Technology lead and developer on public customer interface for personal and house financing

Software Development Consultant

Celfocus
07.2017 - 01.2019

part of the development team for the Vodafone Ireland customer portal.

Software Development Consultant

Esri Portugal
04.2017 - 07.2017

Business & Intelligence

BGI - Building Global Innovators
04.2016 - 04.2017

Waiter

Grupo Multifood
01.2013 - 01.2015

Education

Bachelor - Computer Science Information And Computer Systems

ISCTE-IUL
01.2020

Cyber Security Academy

Rumos Academy
07.2019

Skills

Vulnerability assessment

Threat detection

Endpoint security

Data protection

Python/Bash/C

Certification

CompTIA Pentest+

Timeline

OSCP (Offensive Security Certified Professional) - In Progress

07-2025
CompTIA Pentest+
04-2025

CIAM (Certified Identity and Access Manager )

04-2025

ISO/IEC 27001 Lead Auditor - In Progress

02-2025

Cloud Security Consultant

GALP
10.2024 - Current

DevSecOps Engineer

Vestas
12.2023 - 10.2024

Application Security Architect

Santander PT
01.2021 - 10.2023

Software Development Consultant

Novobanco
01.2019 - 11.2020

Vulnerability Assessment and Penetration Tester

Landing.jobs
08.2017 - 11.2017

Software Development Consultant

Celfocus
07.2017 - 01.2019

Software Development Consultant

Esri Portugal
04.2017 - 07.2017

Business & Intelligence

BGI - Building Global Innovators
04.2016 - 04.2017

Waiter

Grupo Multifood
01.2013 - 01.2015

Cyber Security Academy

Rumos Academy

Bachelor - Computer Science Information And Computer Systems

ISCTE-IUL
Vladimir Budu