Skip to content
View AlexandrLopes's full-sized avatar

Block or report AlexandrLopes

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
AlexandrLopes/README.md

Hi, I'm Alexandre Lopes ๐Ÿ‘‹

DevOps & Cloud Engineer | AWS

If I have to do it twice, I automate it. If it touches production, I secure it.

๐Ÿ‡ช๐Ÿ‡ธ Based: Madrid, Spain
Visa Status

LinkedIn


About Me & The Mission

I am a DevOps and Cloud Security Engineer with certifications in AWS Cloud Practitioner (CLF-C02) and Google Cloud Cybersecurity. I focus on building secure, automated, and scalable cloud environments on AWS.

My approach combines Infrastructure as Code (IaC), Security by Design, and Automation-first principles. I specialize in secure infrastructure using Terraform, CloudFormation, and Python, alongside event-driven serverless architectures and SOAR (Security Orchestration, Automation, and Response) solutions.

Through my hands-on portfolio, I design and document 3-tier VPC architectures, CI/CD pipelines with integrated security scanning, and automated incident remediation workflows.

Tech Stack & Tools

Cloud & Infrastructure

Observability & Data

Code & Automation

Security Focus


DevSecOps & Shift-Left Security

I treat security as part of the build, not an afterthought. My pipelines are designed to catch issues before deployment, not in production.

๐Ÿ”น Scanning IaC (Terraform) for misconfigurations and Docker images for CVEs with Trivy, blocking builds on critical findings
๐Ÿ”น Integrating security gates directly into GitHub Actions CI/CD workflows
๐Ÿ”น Hardening container images via multi-stage builds and non-root execution to reduce attack surface
๐Ÿ”น Enforcing Zero Trust and least-privilege IAM across all infrastructure
๐Ÿ”น Automating compliance checks (MFA, CIS Benchmarks) as scheduled, auditable jobs

Automation is security. The goal is infrastructure that is programmable, controlled, and auditable by default.


Python & Automation Engineering

For me, Python is not just a scripting language โ€” it is a core engineering tool.

I use Python to build automation and security workflows that eliminate manual processes and reduce operational risk.

๐Ÿ”น Automating AWS resource management and incident response using Boto3
๐Ÿ”น Developing Lambda-based event-driven auto-remediation functions
๐Ÿ”น Creating security validation scripts for IAM, CloudTrail, and EventBridge
๐Ÿ”น Integrating security checks into CI/CD pipelines
๐Ÿ”น Writing modular, reusable automation scripts


Featured Projects

SIP Ingress Infrastructure on AWS (Telephony) A production-oriented AWS architecture for SIP signaling ingress, provisioned with Terraform (modular, isolated prod/staging environments). NLB (Layer 4, UDP) with source-IP preservation and provider allowlisting, stateless ECS Fargate scaling on active SIP sessions, RDS Multi-AZ behind RDS Proxy, private subnets reaching AWS services via VPC Endpoints (no NAT), and break-glass access via bastion (RDS) and ECS Exec (Fargate).

Automated DevSecOps Pipeline (Shift-Left Security) A GitHub Actions pipeline that automatically scans Terraform for misconfigurations and Docker images for CVEs using Trivy, blocking the build whenever critical vulnerabilities are detected. Security enforced before deployment, not after.

AWS Security Auto-Remediation Bot (SOAR) An autonomous SOAR solution using Python (Boto3), CloudTrail, and EventBridge to instantly detect and revoke non-compliant Security Groups (e.g. port 22 open to the world), enforcing Zero Trust policies automatically.

AWS 3-Tier Infrastructure & Observability Stack A production-ready VPC with strict network segmentation provisioned via Terraform, integrated with a PostgreSQL database, automated S3 backups, and a full observability stack (Prometheus & Grafana).

Explore the full portfolio โ†’


In Production

NรดmadeFรกcil โ€” A platform I designed, built, and run in production on my own. Beyond the labs: this is where my CI/CD and security practices meet real users. Continuous deployment gated by a ~325-test suite, rate-limited public endpoints, and a third-party pentest. Built on Next.js, Supabase, and the Anthropic (Claude) API.


Career Goals & Opportunities

I am open to Cloud Security Engineer or DevOps roles, where I can deliver value through automation, cloud security practices, and a strong ownership mentality.

  • Availability: Madrid, Spain
  • Work Authorization: Full working rights in the EU (Spouse of EU Citizen)
  • Languages: Portuguese (Native), English (C2), Spanish (B2)

๐Ÿ“ซ Connect with me

Let's talk about Cloud, Security, and Automation.

LinkedIn Credly

Pinned Loading

  1. cloud-engineering-labs cloud-engineering-labs Public

    Cloud Engineering & Security Portfolio: AWS, Terraform, Python, DevSecOps. Production-style projects with CI/CD security scanning.

    HCL 3

  2. kubernetes-study-labs kubernetes-study-labs Public

    Lab focus on the study of the theory and pratical exercises using Kubernetes

  3. terraform-foundations terraform-foundations Public

    Some terraform projects to learn more about terraform and the foundations of it

    HCL