About
DevSecOps and Application Security Specialist with over 5 years of experience, adept at integrating robust security practices into CI/CD pipelines and software development lifecycles. Expertly leverages SAST, SCA, OSINT, and automation tools to identify vulnerabilities, reduce risk, and enhance security posture across enterprise environments. Proven ability to bridge technical and business objectives, driving secure releases and fostering a security-by-design culture.
Work
GMV
|CyberSecurity Engineer / DevSecOps
Madrid, Madrid, Spain
→
Summary
Led application security initiatives for GMV, a top-tier technology company, by integrating DevSecOps practices into CI/CD pipelines to enhance security posture across aerospace, defense, and transportation sectors.
Highlights
Led the integration of DevSecOps practices into CI/CD pipelines, embedding static and dynamic analysis (Fortify SCA/SSC, dependency scanning) and automated secrets detection (Gitleaks, TruffleHog, custom OSINT tooling) across repositories.
Partnered with development teams to implement OWASP-based secure coding standards, significantly reducing vulnerabilities and improving overall security posture.
Specialized in AppSec, vulnerability management, and cloud/container security, leveraging hands-on expertise in Jenkins, GitHub Security, Docker, and Trivy.
Contributed to fostering a security-by-design culture and enhancing infrastructure hardening, translating technical findings into actionable risk-based recommendations.
Indra
|Consultant Advanced Technologies
Madrid, Madrid, Spain
→
Summary
Designed and delivered complex web and telephony solutions for Indra's Advanced Technologies division, overseeing production deployments and collaborating with clients to ensure business objectives were met.
Highlights
Architected and implemented web and telephony solutions, including a single-page application with Angular and IVR systems powered by Java and VXML.
Managed end-to-end production deployments, ensuring secure and stable releases while adhering to strict client requirements and business objectives.
Collaborated closely with clients and cross-functional teams to refine requirements and ensure delivered solutions consistently met strategic business goals.
Maintained robust backend systems and version control, contributing to the delivery of high-quality, reliable technical solutions.
Indra
|Advanced Technologies Intern
Madrid, Madrid, Spain
→
Summary
Contributed to the design, development, and deployment of IVR applications and backend systems for Indra, enhancing customer experience and supporting critical tech operations.
Highlights
Contributed to the design and development of IVR applications and backend systems, ensuring reliable performance and streamlined testing.
Collaborated with cross-functional teams to manage version control and support database operations, delivering solutions that enhanced customer experience.
Applied foundational knowledge in Java, SQL, Apache, and VXML to develop robust and scalable application components.
Assisted in deployment processes and system maintenance, ensuring alignment with client requirements and operational efficiency.
Education
Universidad Nebrija
→
Master's Degree
Cybersecurity
Courses
Cloud Security
Risk Management
Offensive & Defensive Security
Security Architecture
DevSecOps
Cyberintelligence
Incident Response
Regulatory Compliance
Universidad de Castilla-La Mancha
→
Bachelor's Degree
Computer Science
Courses
Computer Networks
Operating Systems
Processor Architecture
Software Development
Algorithms
Languages
English
Spanish
Certificates
Ethical Hacker
Issued By
Cisco
Google Cloud Cybersecurity Certificate
Issued By
Google Cloud
AWS Cloud Practitioner Essentials
Issued By
AWS
AWS Security Fundamentals Second Edition
Issued By
AWS
NSE 1 Network Security Associate
Issued By
Fortinet
Ethical Hacking Training
Issued By
Various (Inferred)
Skills
DevSecOps & AppSec
Fortify SCA & SSC, GitHub Advanced Security, Trivy, Gitleaks, Dependency Scanning, Container Scanning, Vulnerability Management, OWASP, Application Security.
CI/CD & Automation
Jenkins (DSL/Groovy), GitHub Actions, GitLab Actions, Docker, Bash, Python (3.10/3.11), Automation, CI/CD Pipelines.
OSINT & Threat Hunting
Secrets Discovery (Git history & orphaned blobs), Workflow Analysis, GitFive, Threat Intelligence, Cyberintelligence.
Cloud & Infrastructure
AWS Fundamentals, Linux Administration, Basic Network Security Hardening, Google Cloud Platform (GCP), Cloud Security, Container Security.
Programming & Scripting
Python, Groovy, Bash, SQL, Java, JavaScript, Angular, HTML, CSS, Tailwind, VXML.
Collaboration & Reporting
Risk-based Prioritization, Stakeholder Communication, Security Advisory Documentation, Client-facing Experience, Cross-functional Collaboration, Team Leadership.
Security Practices
Ethical Hacking, Vulnerability Management, Security Auditing, Compliance Management, Penetration Testing, Network Security, PTES, Incident Response, Security Architecture, Infrastructure Hardening.
Security Tools
Kali, BurpSuite, Nmap, WireShark, Metasploit, Netcat, Tomcat.