205

XSite Information Security

My professional experience as Information Technology Security Engineer II

InstagramLinkedIn

Professional Experience

XSite Information Security

Position: Information Technology Security Engineer II
Duration: Oct 2023 – Dec 2024 (1 year and 3 months, Full-time, Hybrid)
Location: Brazil

Key Responsibilities:

  • Identity & Access Governance:
    Led enterprise-wide User Access Review (UAR) initiatives, enhancing security compliance across corporate and governmental sectors. Strengthened Identity Governance (IGA) strategies using Okta, improving access certifications and visibility over user permissions. Implemented IAM solutions, including lifecycle management, federation, and Single Sign-On (SSO), leveraging tools like Okta, Active Directory, Entra ID, and AWS IAM.

  • Security Architecture & IAM Strategy:
    Designed and optimized IAM frameworks, aligning Multi-Factor Authentication (MFA), Single Sign-On (SSO), and Role-Based Access Control (RBAC) with industry standards. Spearheaded identity lifecycle automation, improving efficiency in onboarding, offboarding, and access modifications. Ensured compliance with global standards such as SOC2, NIST, GDPR/LGPD, and PCI.

  • Advanced Authentication & Secure Integration:
    Integrated authentication protocols such as SAML 2.0, SCIMv2, OAuth2, OIDC, LDAP, WS-Fed, FIDO2, and RADIUS into security infrastructure. Implemented Zero Trust principles, strengthening security posture through continuous access monitoring and dynamic policy enforcement. Automated processes using Python and JavaScript to streamline operations and integrate web services and APIs.

  • Containerization & Orchestration:
    Leveraged Docker for containerizing applications, ensuring consistent environments across development and production. Managed container orchestration using Kubernetes (K8s), facilitating seamless scaling, load balancing, and deployment of services.

  • Scripting & Automation:
    Developed automation scripts using Bash, PowerShell, and Python to streamline system administration tasks and enhance operational efficiency.

    • Automated security operations and endpoint monitoring for CrowdStrike, Forescout, Netskope, Tenable, Trellix, and Varonis.
    • Created PowerShell and Python scripts for automated API interactions, log analysis, and threat detection within enterprise security tools.
    • Developed Infrastructure as Code (IaC) solutions using Terraform to automate provisioning of secure cloud environments.

  • Security Practices:
    Applied password hashing techniques to securely store and manage credentials, mitigating risks associated with plain-text passwords. Utilized RSA encryption for securing sensitive data, ensuring robust protection against unauthorized access. Addressed vulnerabilities like cross-site scripting (XSS) to secure critical applications.

  • Programming & Scripting:
    Proficient in JavaScript and TypeScript, with extensive experience in building dynamic user interfaces using React. Developed automation scripts in Python to streamline workflows and enhance operational efficiency.

  • Version Control & Collaboration:
    Expertise in using Git and GitHub for version control, enabling efficient collaboration and code management. Implemented CI/CD pipelines to automate testing and deployment processes, reducing time-to-market.

  • Technical Leadership & Strategic Projects:
    Led IAM security integration for cross-platform cloud environments, ensuring seamless access management across AWS, Azure, and GCP. Delivered IAM solutions supporting CI/CD pipelines, improving authentication security in cloud-based applications.

  • Internet Developer Portal (IDP) Creation:
    Spearheaded the development of an Internet Developer Portal for Azure Cloud 2.0, aiming to increase user engagement and resource consumption. Collaborated with cross-functional teams to integrate the portal with existing systems, providing developers with seamless access to tools and resources. Employed technologies and methodologies including:

    • ArgoCD: Implemented for continuous deployment and GitOps workflows.
    • Public Cloud (Azure): Leveraged Azure services to build and deploy cloud-native applications.
    • GitHub Actions: Integrated for continuous integration and deployment pipelines.

Additional Expertise:

  • Strong foundation in network security, API integrations (e.g., Graph API, REST APIs), and security monitoring tools.
  • Good understanding of DevOps methodologies and cloud-native security practices.
  • Passion for technology automation, leveraging scripting to improve security operations and efficiency.

This document highlights the professional expertise of Tarson Marcelo Florencio, founder of Oxe Collective, showcasing a strong background in IAM security architecture, cloud security, identity governance, automation, containerization, and secure application development. His experience includes leading enterprise-wide IAM initiatives, integrating advanced authentication protocols, automating security operations, and implementing compliance-driven security frameworks. With expertise in Okta, AWS IAM, Kubernetes, Terraform, CI/CD pipelines, SIEM integrations, and secure API development, he plays a critical role in securing cloud-native infrastructures and enhancing identity-driven security models.