Pedro Ketzer

I am an Application Security Engineer working on securing high-scale financial and cloud-native systems. In my current role, I contribute to protecting platforms that process more than $2B in transactions per quarter by identifying vulnerabilities and integrating security practices into fast-moving engineering environments. My work sits at the intersection of Application Security and Software Engineering. I focus on threat modeling using STRIDE, secure code reviews, and penetration testing across systems written in Go, Java, and JavaScript. A large part of my work involves embedding security directly into the SDLC and CI/CD pipelines so that engineering teams can move quickly while maintaining strong security standards. I am particularly interested in scaling security practices across engineering organizations, from vulnerability triage and architectural analysis to building practical controls that developers can adopt without friction. Beyond the technical work, I also spend time helping developers understand security concepts. I currently teach web security topics for developers and previously served as a mentor in Brazil’s first government-backed DevSecOps residency program, helping guide new professionals entering the security field. Core stack: Go, Java, Python, TypeScript, AWS, Kubernetes, Terraform, GitHub Actions Specialties: Threat Modeling, Secure Code Review, Pentesting, Vulnerability Management, Bug Bounty Triage, DevSecOps