It looks like you are in United States. Would you like to go to https://onsiter.com/us/ instead?
Peut être disponible
(Mis à jour 2020-11-18)Lead Security Engineer - DevSecOps
Barcelona, España
Natif Spanish, Courant English
- Desarrollador de varias herramientas open-source disponibles en Github
- Conocimientos en DevSecOps, Cloud Security y Python3
- +9 años experienca en IT Security
Compétences (30)
GCP SECURITY
THREAT MODELING
AWS Security
PENTESTING
Python
DevSecOps
SECURITY AUDITS
SECURITY ARCHITECTURE
ARCHITECTURE
PULL REQUEST
FORENSIC
LOSS PREVENTION
WHITE BOX
AUDIT
SPLUNK
Risk Management
SOC
PULL REQUESTS
SELF MOTIVATED
AUDITS
SECURITY
Flask
INTEGRATION
OPERATIONS
B2B
SOPS
MOZILLA
DNS
B2C
TRADING
Expérience professionnelle
Professional Security Freelancer
DefenSEC
2017-01 - Actuel
Worldwide
Collaborating as Professional Security Freelancer with many companies, customers and law
enforcement:
- Contract as Security Engineer with INTEC (https://intec2.com/), per project basis
- Collaborator with Spanish Law enforcement and police labour union for Security training and awareness
- Other collaborations per-project basis around the World (remote)
Collaborating as Professional Security Freelancer with many companies, customers and law
enforcement:
- Contract as Security Engineer with INTEC (https://intec2.com/), per project basis
- Collaborator with Spanish Law enforcement and police labour union for Security training and awareness
- Other collaborations per-project basis around the World (remote)
Lead Security Engineer
Ebury UK
2020-05 - Actuel
Remote-based
Working for Ebury UK (+1200 employees), a leading financial and payment service provider, as a Lead Security Engineer in a multi-cloud and multi-tech stack environment. Engaged
on DevSecOps, Cloud Security (AWS/GCP), Secure Architectures, Engineering and internal
IRT/SOC, among other security areas.
SECURE ARCHITECTURES - ENGINEERING
∗ Definition of Secure Architectures for services, apps and infrastructure using MD, Flow
charts,
∗ Support to DevOps/SRE/Dev teams for definition of new RFC and Services including
Security specs from requirements and design phase
∗ Reviewer of Pull Requests for adding or modifying currently existing services before
change approval
CLOUD SECURITY (AWS/GCP)
∗ AWS Security (Security Hub integration with GuardDuty, CloudTrail, Inspector, Detective, Macie, )
∗ GCP Security (Security Command Centre + Logs)
∗ Security Automation / SOAR / Playbooks with AWS Lambda / GCP Cloud Function
∗ 3rd party cloud security tools (Prowler, Scout2, )
∗ Security checks automation with Python 3 + Boto3
∗ Integration of Cloud environments within SIEM solutions
DevSecOps
∗ Jenkins / CircleCI secure pipelines definition
∗ IaC (Terraform/CloudFormation) modules deployment and security review
∗ K8s / Docker (Aquasec, Clair, Kubesec, docker-bench, )
∗ Ansible playbooks (patching, user locking, )
∗ Secrets management (Mozilla SOPS, HC Vault, )
Application/Software Security
∗ SSDLC (evil user stories, backlog definition, code review, )
∗ SAST code analysis integrated into CI/CD pipelines (Jenkins/CircleCI)
Infra-Network Security
∗ Deployment and configuration of EDR, RASP, NGFW, IDS,
∗ Secure network architectures (trunk ports, VLANs, ACLs, )
IRT - SOC
∗ Incidence analysis and response
∗ Dynamic Malware analysis (Cuckoo) / Static malware analysis (YARA)
∗ Deployment of SOAR tools and SIEM architectures (SPLUNK, ELK, QRadar, )
Ethical Hacking / Pentester
∗ Manual Pentesting (Burp Suite). MITRE ATTACK
- Curriculum vitæ of c European Union, 2020-2021 http://europass.cedefop.europa.eu
Jorge Blanco Reales (di0nj@ck)
- Curriculum vitæ of c European Union, 2020-2021 http://europass.cedefop.europa.eu
Working for Ebury UK (+1200 employees), a leading financial and payment service provider, as a Lead Security Engineer in a multi-cloud and multi-tech stack environment. Engaged
on DevSecOps, Cloud Security (AWS/GCP), Secure Architectures, Engineering and internal
IRT/SOC, among other security areas.
SECURE ARCHITECTURES - ENGINEERING
∗ Definition of Secure Architectures for services, apps and infrastructure using MD, Flow
charts,
∗ Support to DevOps/SRE/Dev teams for definition of new RFC and Services including
Security specs from requirements and design phase
∗ Reviewer of Pull Requests for adding or modifying currently existing services before
change approval
CLOUD SECURITY (AWS/GCP)
∗ AWS Security (Security Hub integration with GuardDuty, CloudTrail, Inspector, Detective, Macie, )
∗ GCP Security (Security Command Centre + Logs)
∗ Security Automation / SOAR / Playbooks with AWS Lambda / GCP Cloud Function
∗ 3rd party cloud security tools (Prowler, Scout2, )
∗ Security checks automation with Python 3 + Boto3
∗ Integration of Cloud environments within SIEM solutions
DevSecOps
∗ Jenkins / CircleCI secure pipelines definition
∗ IaC (Terraform/CloudFormation) modules deployment and security review
∗ K8s / Docker (Aquasec, Clair, Kubesec, docker-bench, )
∗ Ansible playbooks (patching, user locking, )
∗ Secrets management (Mozilla SOPS, HC Vault, )
Application/Software Security
∗ SSDLC (evil user stories, backlog definition, code review, )
∗ SAST code analysis integrated into CI/CD pipelines (Jenkins/CircleCI)
Infra-Network Security
∗ Deployment and configuration of EDR, RASP, NGFW, IDS,
∗ Secure network architectures (trunk ports, VLANs, ACLs, )
IRT - SOC
∗ Incidence analysis and response
∗ Dynamic Malware analysis (Cuckoo) / Static malware analysis (YARA)
∗ Deployment of SOAR tools and SIEM architectures (SPLUNK, ELK, QRadar, )
Ethical Hacking / Pentester
∗ Manual Pentesting (Burp Suite). MITRE ATTACK
- Curriculum vitæ of c European Union, 2020-2021 http://europass.cedefop.europa.eu
Jorge Blanco Reales (di0nj@ck)
- Curriculum vitæ of c European Union, 2020-2021 http://europass.cedefop.europa.eu
Senior IT Security Engineer - SecDevOps
SecAutomation
2018-11 - 2020-05
Spain
Working on 'Digital Security' team and reporting to the Head of Digital Security of TeamCMP;
a leading B2C company for VR-content products, mobile apps and web applications.
- AWS Cloud Security (support cloud migration and deployment of new and existing B2C services)
- Intenal Security Services (build a new subset of Python3 Flask API internal API services for exploitation by other departments of the company or by Security team).
- DevSecOps (CI/CD hardening CircleCI/Jenkins, K8s, Docker security, Terraform modules, )
- Red/Blue Ethical hacking (web/network manual pentesting)
- On-premises Security (network and infra security architecture security review).
Working on 'Digital Security' team and reporting to the Head of Digital Security of TeamCMP;
a leading B2C company for VR-content products, mobile apps and web applications.
- AWS Cloud Security (support cloud migration and deployment of new and existing B2C services)
- Intenal Security Services (build a new subset of Python3 Flask API internal API services for exploitation by other departments of the company or by Security team).
- DevSecOps (CI/CD hardening CircleCI/Jenkins, K8s, Docker security, Terraform modules, )
- Red/Blue Ethical hacking (web/network manual pentesting)
- On-premises Security (network and infra security architecture security review).
Technical Security Specialist
Hotelbeds Group, S.L.U
2016-03 - 2018-10
Working on a TOP 3 B2B Travel company, HotelBeds Group headquarters, as a 'Tiger Team'
leader, deploying and coordinating defensive and offensive attack techniques across the com-
pany.
- Purple Tiger Team: Coordinating and executing both 'Red TT' and 'Blue TT' activities within a centralized effort across the company. Proactive deployment of PoC attacks to our own infras-
tructure and services and properly defense and response to external threats. SOC (Security Operations Center) management and daily secops deployment.
- Office Security.: Deployment of layered defense mechanisms for protecting employees (EDR, RASP, IDS, DNS-Firewalling, ), Internal PoC, IT Security Awareness, )
- Fraud analysis and detection: Deployment of IOC (Indicators Of Compromise) and IOF (In- dicators Of Fraud) within our B2B / B2C online travel services.
leader, deploying and coordinating defensive and offensive attack techniques across the com-
pany.
- Purple Tiger Team: Coordinating and executing both 'Red TT' and 'Blue TT' activities within a centralized effort across the company. Proactive deployment of PoC attacks to our own infras-
tructure and services and properly defense and response to external threats. SOC (Security Operations Center) management and daily secops deployment.
- Office Security.: Deployment of layered defense mechanisms for protecting employees (EDR, RASP, IDS, DNS-Firewalling, ), Internal PoC, IT Security Awareness, )
- Fraud analysis and detection: Deployment of IOC (Indicators Of Compromise) and IOF (In- dicators Of Fraud) within our B2B / B2C online travel services.
Senior IT Security Engineer
SIA Group
2013-06 - 2016-03
Spain
Execution of technical security audits (forensic, web and network pentesting, social engineer- ing, ), compliance (PCI-DSSv3, ENS, ISO27k, ) and IT Service Management (ITSM; ITILv3 / ISO20000). Strong background and expertise on PCI-DSSv3 QSA audits ('SIA' certified company). DLP Audits (Data Loss Prevention)
Execution of technical security audits (forensic, web and network pentesting, social engineer- ing, ), compliance (PCI-DSSv3, ENS, ISO27k, ) and IT Service Management (ITSM; ITILv3 / ISO20000). Strong background and expertise on PCI-DSSv3 QSA audits ('SIA' certified company). DLP Audits (Data Loss Prevention)
Ethical Hacker
PenTester
2012-09 - 2013-06
Spain
Engaged on performing security audits, IT risks audits (MAGERIT/OCTAVE), and compliance
(PCI-DSS, ENS, ). Performing web pentests, execution of external and internal network pen-
tests, Industrial and Economical Espionage audits, physical security review and advanced
intelligence/information gathering.
Engaged on performing security audits, IT risks audits (MAGERIT/OCTAVE), and compliance
(PCI-DSS, ENS, ). Performing web pentests, execution of external and internal network pen-
tests, Industrial and Economical Espionage audits, physical security review and advanced
intelligence/information gathering.
IT & Security Auditor/Consultant
Jorge Blanco Reales
2011-10 - 2012-09
Spain
Assigned in the area of computer audit, security, technology and risk management in the Risk
Advisory Services department, deploying Web and network pentests, IT security master plans,
compliance (ISO 27001, LSSI, LOPD, PCI-DSS, ) and White box PenTesting.)
Assigned in the area of computer audit, security, technology and risk management in the Risk
Advisory Services department, deploying Web and network pentests, IT security master plans,
compliance (ISO 27001, LSSI, LOPD, PCI-DSS, ) and White box PenTesting.)
Parcours scolaire
Bachelor of Computer Science
Universitat Pompeu Fabra
2006-01 - 2010-01