Skip to content
View AlexandrLopes's full-sized avatar

Block or report AlexandrLopes

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
AlexandrLopes/README.md

Hi, I'm Alexandre Lopes 👋

DevOps & Cloud Security Engineer | AWS

Turning coffee into infrastructure, security & automation. ☕ ➡️ ☁️

🇪🇸 Based: Madrid, Spain
Visa Status

LinkedIn


About Me & The Mission

I am a DevOps and Cloud Security Engineer with certifications in AWS Cloud Practitioner (CLF-C02) and Google Cloud Cybersecurity. I focus on building secure, automated, and scalable cloud environments on AWS.

My approach combines Infrastructure as Code (IaC), Security by Design, and Automation-first principles. I specialize in secure infrastructure using Terraform, CloudFormation, and Python, alongside event-driven serverless architectures and SOAR (Security Orchestration, Automation, and Response) solutions.

Through my hands-on portfolio, I design and document 3-tier VPC architectures, CI/CD pipelines with integrated security scanning, and automated incident remediation workflows.

Tech Stack & Tools

Cloud & Infrastructure

Observability & Data

Code & Automation

Security Focus


DevSecOps & Shift-Left Security

I treat security as part of the build, not an afterthought. My pipelines are designed to catch issues before deployment, not in production.

🔹 Scanning IaC (Terraform) for misconfigurations and Docker images for CVEs with Trivy, blocking builds on critical findings
🔹 Integrating security gates directly into GitHub Actions CI/CD workflows
🔹 Hardening container images via multi-stage builds and non-root execution to reduce attack surface
🔹 Enforcing Zero Trust and least-privilege IAM across all infrastructure
🔹 Automating compliance checks (MFA, CIS Benchmarks) as scheduled, auditable jobs

Automation is security. The goal is infrastructure that is programmable, controlled, and auditable by default.


Python & Automation Engineering

For me, Python is not just a scripting language — it is a core engineering tool.

I use Python to build automation and security workflows that eliminate manual processes and reduce operational risk.

🔹 Automating AWS resource management and incident response using Boto3
🔹 Developing Lambda-based event-driven auto-remediation functions
🔹 Creating security validation scripts for IAM, CloudTrail, and EventBridge
🔹 Integrating security checks into CI/CD pipelines
🔹 Writing modular, reusable automation scripts


Featured Projects

Automated DevSecOps Pipeline (Shift-Left Security) A GitHub Actions pipeline that automatically scans Terraform for misconfigurations and Docker images for CVEs using Trivy, blocking the build whenever critical vulnerabilities are detected. Security enforced before deployment, not after.

AWS Security Auto-Remediation Bot (SOAR) An autonomous SOAR solution using Python (Boto3), CloudTrail, and EventBridge to instantly detect and revoke non-compliant Security Groups (e.g. port 22 open to the world), enforcing Zero Trust policies automatically.

AWS 3-Tier Infrastructure & Observability Stack A production-ready VPC with strict network segmentation provisioned via Terraform, integrated with a PostgreSQL database, automated S3 backups, and a full observability stack (Prometheus & Grafana).

Explore the full portfolio →


In Production

NômadeFácil — A platform I designed, built, and run in production on my own. Beyond the labs: this is where my CI/CD and security practices meet real users. Continuous deployment gated by a ~280-test suite, rate-limited public endpoints, and a third-party pentest. Built on Next.js, Supabase, and the Anthropic (Claude) API.


Career Goals & Opportunities

My professional focus is DevSecOps and Cloud Security Engineering.

I am particularly interested in roles where I can contribute to:

• Secure Infrastructure as Code (Terraform & CloudFormation)
• CI/CD pipeline hardening and security automation
• Cloud IAM design and Zero Trust strategies
• Container security and observability (Prometheus/Grafana)
• Automated security remediation workflows (SOAR)

I am open to Cloud Security Engineer or DevSecOps roles, where I can deliver value through automation, cloud security practices, and a strong ownership mentality.

  • Availability: Madrid, Spain
  • Work Authorization: Full working rights in the EU (Spouse of EU Citizen)
  • Languages: Portuguese (Native), English (C2), Spanish (B2)

📫 Connect with me

Let's talk about Cloud, Security, and Automation.

LinkedIn

Pinned Loading

  1. cloud-engineering-labs cloud-engineering-labs Public

    Cloud Engineering & Security Portfolio: AWS, Terraform, Python, DevSecOps. Production-style projects with CI/CD security scanning.

    HCL 3

  2. kubernetes-study-labs kubernetes-study-labs Public

    Lab focus on the study of the theory and pratical exercises using Kubernetes

  3. terraform-foundations terraform-foundations Public

    Some terraform projects to learn more about terraform and the foundations of it

    HCL