Dark Mode

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings
oguarni
Follow

Gabriel Guarnieri oguarni

QA & Security Automation | IaC Security (Creator of TerraSafe) | Security & Test Analyst | DevSecOps

Highlights

  • Pro

Block or report oguarni

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user's behavior. Learn more about reporting abuse.

Report abuse
oguarni/README.md

DevSecOps & Cloud Security | IaC Security Engineering | QA Automation

AWS * Python * Terraform * Docker * Linux * CI/CD

Building security into infrastructure before it reaches production.

About Me

Software Engineering B.S. candidate at UTFPR (graduating July 2026), with a background that bridges regulatory compliance, security engineering, and full-stack development.

I spent nearly 3 years operating IT infrastructure under judicial oversight -- Maintaining ERP systems, and enforcing CNJ Reg. 74 compliance where downtime meant legal non-compliance. That hands-on audit discipline now shapes how I approach cloud security and DevSecOps.

My capstone project, TerraSafe (grade 9.7/10), tackles a real industry problem: the $4.5M average cost of data breaches, 66% of which stem from IaC misconfigurations. I designed a hybrid engine that combines deterministic rules with Machine Learning to catch what standard SAST tools miss.

Seeking: Jr. DevSecOps * Cloud Security * QA Automation * Security Analyst -- Remote / Hybrid

Languages: Portuguese (Native) * English (Full professional proficiency)

Capstone: TerraSafe

The Problem: Traditional SAST tools rely on predefined rules -- they catch known bad patterns but miss novel anomalies. With 66% of breaches traced to IaC misconfigurations, this detection gap costs organizations millions.

TerraSafe solves this with a hybrid dual-engine approach:

Engine Method Detects
Deterministic AST + Regex + SAST (Bandit, GitLeaks, Safety) Known misconfiguration patterns
Probabilistic Isolation Forest (ML) Novel configuration anomalies

Key Results:

  • Grade 9.7/10 -- Technical Report (Methodology & Research Phase)
  • API response <150ms * Mean scan time ~27ms
  • 272 tests passing (Pytest) * 0 SAST issues (Bandit)
  • Clean Architecture * SOLID * Dependency Injection * Static type checking (Mypy)

Stack: Python * FastAPI * PostgreSQL * Redis * Docker * GitHub Actions * Prometheus * Grafana * Scikit-learn

Technical Arsenal

Domain Technologies
Cloud & Infrastructure AWS (EC2, Lambda, S3, IAM, RDS), Terraform, Docker, Linux, Windows Server, Boto3, PySpark
Security & Compliance Bandit, Safety, GitLeaks, Trivy, Isolation Forest (Scikit-learn), SBOM, LGPD, PCI-DSS, Bacen 4658
DevOps & Quality GitHub Actions, CI/CD, Pytest, Cypress, Prometheus, Grafana, Clean Architecture, SOLID
Languages Python, Ruby on Rails, JavaScript, Bash, SQL, PostgreSQL
Regulatory Domain ICP-Brasil, Provimento 74/CNJ, e-Notariado, Audit Trail Systems, Digital Certification (A1/A3)

Experience

Technical Focal Point -- Servico de Registro de Imoveis

Apr 2021 - Nov 2023 * Full-time * Dois Vizinhos, PR

Designated for Provimento 74/CNJ compliance, maintaining critical infrastructure under TJPR oversight.

  • Acted as Key User for SAEC/ONR and ERP IMOB (Brainsoft), providing internal operational support to the team and mediating technical support tickets
  • Implemented strict physical and logical access controls and configured NTFS file permissions to enforce privacy and ensure LGPD compliance
  • Administered Windows Server environment and supported hardware/network resilience, contributing to 99%+ availability and zero findings in judicial inspections

Full Stack Developer Intern -- Procfy

Nov 2023 - Nov 2024 * Dois Vizinhos, PR

Contributed production features to a Ruby on Rails / PostgreSQL application.

  • Implemented granular search filters, multi-criteria search, date range selectors, and dynamic transaction updates
  • Conducted manual testing and quality assurance (QA) to validate features before production releases

AWS Cloud Data Engineer Intern -- Compass UOL

May - Oct 2025 * Remote

Developed cloud-native data pipelines and automation on AWS infrastructure.

  • Provisioned infrastructure (EC2, S3, RDS, IAM, Lambda) and built Python automation via Boto3
  • Migrated data pipelines from Pandas to PySpark for distributed-scale processing
  • Applied IAM least-privilege and RBAC practices aligned with Bacen 4658 compliance requirements
  • Gained practical understanding of cloud governance: role segregation, permission auditing, and compliance traceability

Education

B.S. Software Engineering -- UTFPR-DV (Dois Vizinhos, PR) * Apr 2022 - Jul 2026 (Expected)

  • Capstone: TerraSafe -- Hybrid IaC Security Scanner (Grade 9.7/10)
  • Developed end-to-end automated testing suites using Cypress through hands-on academic projects
  • Gained practical experience with CI/CD pipelines, Terraform, and DevSecOps practices through independent study and academic research

What Sets Me Apart

Compliance Operations (2+ years) - Security Engineering (TerraSafe) - Cloud & Automation (AWS)
| | |
Real audit discipline Hybrid ML + Rules engine Full-cycle delivery
under judicial oversight addressing $4.5M problem across the stack

Most junior engineers learn compliance from documentation. I operated systems where failures had legal consequences -- and that experience drives how I build secure, auditable infrastructure today.

DevSecOps & Cloud Security | Seguranca de IaC | QA Automation

AWS * Python * Terraform * Docker * Linux * CI/CD

Integrando seguranca a infraestrutura antes que chegue a producao.

Sobre Mim

Bacharelando em Engenharia de Software na UTFPR (formatura prevista: julho 2026), com uma trajetoria que conecta compliance regulatorio, engenharia de seguranca e desenvolvimento full-stack.

Atuei por quase 3 anos em infraestrutura de TI sob supervisao judicial -- administrando certificados digitais ICP-Brasil, mantendo sistemas ERP e cumprindo requisitos do Provimento 74/CNJ em ambiente onde indisponibilidade significava descumprimento legal. Essa disciplina de auditoria hoje direciona minha abordagem em seguranca cloud e DevSecOps.

Meu TCC, TerraSafe (nota 9,7/10), ataca um problema real do mercado: o custo medio de US$ 4,5 milhoes por violacao de dados, sendo que 66% delas tem origem em configuracoes incorretas de IaC. Desenvolvi um motor hibrido que combina regras deterministicas com Machine Learning para detectar o que ferramentas SAST convencionais nao identificam.

Buscando: DevSecOps Jr. * Cloud Security * QA Automation * Analista de Seguranca -- Remoto / Hibrido

Idiomas: Portugues (Nativo) * Ingles (Proficiencia profissional completa)

TCC: TerraSafe

O Problema: Ferramentas SAST tradicionais dependem de regras pre-definidas -- detectam padroes conhecidos, mas falham em identificar anomalias ineditas. Com 66% das violacoes rastreadas a configuracoes incorretas de IaC, essa lacuna de deteccao custa milhoes as organizacoes.

TerraSafe resolve isso com uma abordagem de motor duplo hibrido:

Motor Metodo Detecta
Deterministico AST + Regex + SAST (Bandit, GitLeaks, Safety) Padroes de configuracao conhecidos
Probabilistico Isolation Forest (ML) Anomalias de configuracao ineditas

Resultados:

  • Nota 9,7/10 -- Relatorio Tecnico (Metodologia e Pesquisa)
  • Resposta da API <150ms * Tempo medio de scan ~27ms
  • 272 testes aprovados (Pytest) * 0 problemas SAST (Bandit)
  • Clean Architecture * SOLID * Injecao de Dependencia * Verificacao estatica de tipos (Mypy)

Stack: Python * FastAPI * PostgreSQL * Redis * Docker * GitHub Actions * Prometheus * Grafana * Scikit-learn

Arsenal Tecnico

Dominio Tecnologias
Cloud & Infraestrutura AWS (EC2, Lambda, S3, IAM, RDS), Terraform, Docker, Linux, Windows Server, Boto3, PySpark
Seguranca & Compliance Bandit, Safety, GitLeaks, Trivy, Isolation Forest (Scikit-learn), SBOM, LGPD, PCI-DSS, Bacen 4658
DevOps & Qualidade GitHub Actions, CI/CD, Pytest, Cypress, Prometheus, Grafana, Clean Architecture, SOLID
Linguagens Python, Ruby on Rails, JavaScript, Bash, SQL, PostgreSQL
Dominio Regulatorio ICP-Brasil, Provimento 74/CNJ, e-Notariado, Trilha de Auditoria, Certificacao Digital (A1/A3)

Experiencia

Ponto Focal Tecnico -- Servico de Registro de Imoveis

Abr 2021 - Nov 2023 * Tempo integral * Dois Vizinhos, PR

Designado para conformidade com o Provimento 74/CNJ, mantendo infraestrutura critica sob supervisao do TJPR.

  • Atuei como usuario-chave (Key User) do SAEC/ONR e ERP IMOB (Brainsoft), fornecendo suporte operacional interno a equipe e intermediando chamados de suporte tecnico
  • Implementei controles rigidos de acesso fisico e logico e configurei permissoes NTFS para garantir privacidade e conformidade com a LGPD
  • Administrei ambiente Windows Server e apoiei a resiliencia de hardware/rede, contribuindo para 99%+ de disponibilidade e zero achados em inspecoes judiciais

Desenvolvedor Full Stack (Estagio) -- Procfy

Nov 2023 - Nov 2024 * Dois Vizinhos, PR

Contribui com funcionalidades em producao em aplicacao Ruby on Rails / PostgreSQL.

  • Implementei filtros de busca granulares, multibusca, seletores de periodo e atualizacoes dinamicas de transacoes
  • Conduzi testes manuais e garantia de qualidade (QA) para validar funcionalidades antes das entregas em producao

AWS Cloud Data Engineer (Estagio) -- Compass UOL

Mai - Out 2025 * Remoto

Desenvolvi pipelines de dados cloud-native e automacoes em infraestrutura AWS.

  • Provisionei infraestrutura (EC2, S3, RDS, IAM, Lambda) e desenvolvi automacoes Python com Boto3
  • Migrei pipelines de dados de Pandas para PySpark para processamento em escala distribuida
  • Apliquei praticas de least-privilege de IAM e RBAC alinhadas aos requisitos de compliance do Bacen 4658
  • Desenvolvi compreensao pratica de governanca cloud: segregacao de papeis, auditoria de permissoes e rastreabilidade de compliance

Formacao

Bacharelado em Engenharia de Software -- UTFPR-DV (Dois Vizinhos, PR) * Abr 2022 - Jul 2026 (Previsto)

  • TCC: TerraSafe -- Scanner Hibrido de Seguranca para IaC (Nota 9,7/10)
  • Desenvolvi suites de testes automatizados end-to-end com Cypress em projetos academicos praticos
  • Adquiri experiencia pratica com pipelines CI/CD, Terraform e praticas DevSecOps atraves de estudo independente e pesquisa academica

O Que Me Diferencia

Operacoes de Compliance (2+ anos) - Engenharia de Seguranca (TerraSafe) - Cloud & Automacao (AWS)
| | |
Disciplina real de auditoria Motor hibrido ML + Regras Entrega full-cycle
sob supervisao judicial atacando problema de US$ 4,5M em todo o stack

A maioria dos engenheiros juniores aprende compliance pela documentacao. Eu operei sistemas onde falhas tinham consequencias legais -- e essa experiencia direciona como construo infraestrutura segura e auditavel hoje.

Pinned Loading

  1. terrasafe terrasafe Public

    AI-powered Terraform security scanner combining rule-based detection with ML anomaly detection using Isolation Forest. Detects hardcoded secrets, open ports, unencrypted storage, and misconfigur...

    Python 2

  2. ai-vulnerability-triage ai-vulnerability-triage Public

    An AI-powered tool for prioritizing security vulnerabilities using Naive Bayes and BERT models

    Python 1 1

  3. kurzgesagt-cypress-tests kurzgesagt-cypress-tests Public

    E2E Test Automation Suite for Kurzgesagt.org using Cypress. Covers homepage validation, social media links verification, navigation flows, and shop functionality testing. Built with best practice...

    JavaScript 1

  4. crescebr-b2b-marketplace crescebr-b2b-marketplace Public

    Plataforma B2B Marketplace com sistema de cotacoes, gestao de pedidos, validacao de CNPJ via Brasil API, autenticacao JWT e painel administrativo. Stack: React + TypeScript + MUI | Node.js + Expr...

    TypeScript 1

  5. brazil-capitals-pathfinding brazil-capitals-pathfinding Public

    Sistema de busca de rotas entre capitais brasileiras usando algoritmos de busca (BFS, DFS, UCS, Guloso, A*). Possui visualizacao interativa de mapa, comparacao de transporte aereo/terrestre e an...

    Python

  6. agiliza agiliza Public

    O Agiliza e uma plataforma de gestao de projetos que demonstra a pratica de padroes avancados de Engenharia. Construido com Clean Architecture e DDD, supera listas comuns, garantindo um sistema r...

    TypeScript 1