I am a DevOps and Cloud Security Engineer with certifications in AWS Cloud Practitioner (CLF-C02) and Google Cloud Cybersecurity. I focus on building secure, automated, and scalable cloud environments on AWS.
My approach combines Infrastructure as Code (IaC), Security by Design, and Automation-first principles. I specialize in secure infrastructure using Terraform, CloudFormation, and Python, alongside event-driven serverless architectures and SOAR (Security Orchestration, Automation, and Response) solutions.
Through my hands-on portfolio, I design and document 3-tier VPC architectures, CI/CD pipelines with integrated security scanning, and automated incident remediation workflows.
I treat security as part of the build, not an afterthought. My pipelines are designed to catch issues before deployment, not in production.
๐น Scanning IaC (Terraform) for misconfigurations and Docker images for CVEs with Trivy, blocking builds on critical findings
๐น Integrating security gates directly into GitHub Actions CI/CD workflows
๐น Hardening container images via multi-stage builds and non-root execution to reduce attack surface
๐น Enforcing Zero Trust and least-privilege IAM across all infrastructure
๐น Automating compliance checks (MFA, CIS Benchmarks) as scheduled, auditable jobs
Automation is security. The goal is infrastructure that is programmable, controlled, and auditable by default.
For me, Python is not just a scripting language โ it is a core engineering tool.
I use Python to build automation and security workflows that eliminate manual processes and reduce operational risk.
๐น Automating AWS resource management and incident response using Boto3
๐น Developing Lambda-based event-driven auto-remediation functions
๐น Creating security validation scripts for IAM, CloudTrail, and EventBridge
๐น Integrating security checks into CI/CD pipelines
๐น Writing modular, reusable automation scripts
SIP Ingress Infrastructure on AWS (Telephony) A production-oriented AWS architecture for SIP signaling ingress, provisioned with Terraform (modular, isolated prod/staging environments). NLB (Layer 4, UDP) with source-IP preservation and provider allowlisting, stateless ECS Fargate scaling on active SIP sessions, RDS Multi-AZ behind RDS Proxy, private subnets reaching AWS services via VPC Endpoints (no NAT), and break-glass access via bastion (RDS) and ECS Exec (Fargate).
Automated DevSecOps Pipeline (Shift-Left Security) A GitHub Actions pipeline that automatically scans Terraform for misconfigurations and Docker images for CVEs using Trivy, blocking the build whenever critical vulnerabilities are detected. Security enforced before deployment, not after.
AWS Security Auto-Remediation Bot (SOAR) An autonomous SOAR solution using Python (Boto3), CloudTrail, and EventBridge to instantly detect and revoke non-compliant Security Groups (e.g. port 22 open to the world), enforcing Zero Trust policies automatically.
AWS 3-Tier Infrastructure & Observability Stack A production-ready VPC with strict network segmentation provisioned via Terraform, integrated with a PostgreSQL database, automated S3 backups, and a full observability stack (Prometheus & Grafana).
Explore the full portfolio โ
NรดmadeFรกcil โ A platform I designed, built, and run in production on my own. Beyond the labs: this is where my CI/CD and security practices meet real users. Continuous deployment gated by a ~325-test suite, rate-limited public endpoints, and a third-party pentest. Built on Next.js, Supabase, and the Anthropic (Claude) API.
I am open to Cloud Security Engineer or DevOps roles, where I can deliver value through automation, cloud security practices, and a strong ownership mentality.
- Availability: Madrid, Spain
- Work Authorization: Full working rights in the EU (Spouse of EU Citizen)
- Languages: Portuguese (Native), English (C2), Spanish (B2)