I am a DevOps and Cloud Security Engineer with certifications in AWS Cloud Practitioner (CLF-C02) and Google Cloud Cybersecurity. I focus on building secure, automated, and scalable cloud environments on AWS.
My approach combines Infrastructure as Code (IaC), Security by Design, and Automation-first principles. I specialize in secure infrastructure using Terraform, CloudFormation, and Python, alongside event-driven serverless architectures and SOAR (Security Orchestration, Automation, and Response) solutions.
Through my hands-on portfolio, I design and document 3-tier VPC architectures, CI/CD pipelines with integrated security scanning, and automated incident remediation workflows.
I treat security as part of the build, not an afterthought. My pipelines are designed to catch issues before deployment, not in production.
🔹 Scanning IaC (Terraform) for misconfigurations and Docker images for CVEs with Trivy, blocking builds on critical findings
🔹 Integrating security gates directly into GitHub Actions CI/CD workflows
🔹 Hardening container images via multi-stage builds and non-root execution to reduce attack surface
🔹 Enforcing Zero Trust and least-privilege IAM across all infrastructure
🔹 Automating compliance checks (MFA, CIS Benchmarks) as scheduled, auditable jobs
Automation is security. The goal is infrastructure that is programmable, controlled, and auditable by default.
For me, Python is not just a scripting language — it is a core engineering tool.
I use Python to build automation and security workflows that eliminate manual processes and reduce operational risk.
🔹 Automating AWS resource management and incident response using Boto3
🔹 Developing Lambda-based event-driven auto-remediation functions
🔹 Creating security validation scripts for IAM, CloudTrail, and EventBridge
🔹 Integrating security checks into CI/CD pipelines
🔹 Writing modular, reusable automation scripts
Automated DevSecOps Pipeline (Shift-Left Security) A GitHub Actions pipeline that automatically scans Terraform for misconfigurations and Docker images for CVEs using Trivy, blocking the build whenever critical vulnerabilities are detected. Security enforced before deployment, not after.
AWS Security Auto-Remediation Bot (SOAR) An autonomous SOAR solution using Python (Boto3), CloudTrail, and EventBridge to instantly detect and revoke non-compliant Security Groups (e.g. port 22 open to the world), enforcing Zero Trust policies automatically.
AWS 3-Tier Infrastructure & Observability Stack A production-ready VPC with strict network segmentation provisioned via Terraform, integrated with a PostgreSQL database, automated S3 backups, and a full observability stack (Prometheus & Grafana).
NômadeFácil — A platform I designed, built, and run in production on my own. Beyond the labs: this is where my CI/CD and security practices meet real users. Continuous deployment gated by a ~280-test suite, rate-limited public endpoints, and a third-party pentest. Built on Next.js, Supabase, and the Anthropic (Claude) API.
My professional focus is DevSecOps and Cloud Security Engineering.
I am particularly interested in roles where I can contribute to:
• Secure Infrastructure as Code (Terraform & CloudFormation)
• CI/CD pipeline hardening and security automation
• Cloud IAM design and Zero Trust strategies
• Container security and observability (Prometheus/Grafana)
• Automated security remediation workflows (SOAR)
I am open to Cloud Security Engineer or DevSecOps roles, where I can deliver value through automation, cloud security practices, and a strong ownership mentality.
- Availability: Madrid, Spain
- Work Authorization: Full working rights in the EU (Spouse of EU Citizen)
- Languages: Portuguese (Native), English (C2), Spanish (B2)