Freelancer profile translated to English.

Description

I’m a security engineer and consultant based in Bilbao, focused on building secure, automated, and resilient infrastructures. My expertise spans security architecture, threat modeling, and cloud security in AWS and Azure, where I harden environments and align them with compliance.

I believe security should enable innovation, not slow it down. That’s why I take an automation-first approach—developing CI/CD pipelines, infrastructure as code (Terraform), and scripts that streamline testing and remediation.

I’m also exploring OpenStack and digital sovereignty, designing hybrid and on-premise setups that give organizations control over their infrastructure. Lately, I’ve been digging into AI compliance and monitoring, researching how governance and transparency can improve trust in AI systems.

Fluent in Spanish, English, and French, I enjoy turning complex security challenges into clear, practical solutions that help organizations stay both secure and agile.

Industry field of expertise

Languages

Spanish
Native or bilingual
French
Native or bilingual
English
Fluent

Workplace preferences

Can work on-site

Bilbao (up to 50km)

European Central Bank
Cloud Security Engineer
BANKING AND INSURANCE
April 2025 - Today (1 year and 2 months)
*CNAPP
Led deployment of a Cloud-Native Application Protection Platform (CNAPP) to centralize security posture management, workload protection, and compliance across multi-cloud environments.
*Customization
Extended CNAPP platform with custom plugins and Python scripts to integrate with existing SIEM/SOAR workflows.
*Terraform: Built modular Terraform templates to adapt configurations across environments (dev, staging, prod).

*Cloud Environments:
Azure
AWS
OCI
*Product team support
Partnered with product and engineering teams to embed security controls into product lifecycles.
Conducted enablement workshops and created documentation/playbooks for product teams to self-serve CNAPP insights.
Terraform Gitlab CI/CD Microsoft Azure Amazon Web Services (AWS) Security Awareness
Sopra Steria
Cloud Security Engineer
April 2024 - July 2025 (1 year and 3 months)
Brussels, Belgium
*Cloud Security Engineer– Delivered security architecture and operations support across European projects and institutions, ensuring compliance with regulatory and organizational frameworks.

*Azure & AWS Expertise– Designed and implemented secure cloud solutions leveraging Microsoft Azure (AD, Key Vault, Defender for Cloud) and AWS (IAM, Security Hub, GuardDuty), aligning with best practices in identity, access, and workload protection.

*Terraform (IaC)– Developed and maintained modular Terraform templates for consistent multi-cloud resource provisioning, embedding policy-as-code guardrails to enforce security baselines.

*Ansible Automation– Automated infrastructure configuration and security hardening with Ansible playbooks, improving repeatability and reducing manual errors in deployment pipelines.

*GitLab CI/CD– Built and optimized CI/CD pipelines in GitLab to integrate security checks (IaC validation, secrets scanning, container scanning), enabling shift-left security in development workflows.
Terraform DevSecOps CI/CD Cybersecurity Microsoft Azure
Keytrade Bank
DevSecOps Engineer
BANKING AND INSURANCE
January 2022 - April 2022 (3 months)
Bruselas, Belgium
Member of DevOps Chapter and Security Chapter.
Part of Direct channels and Contact management feature teams.
Agile Methodology.
Gitlab CI/CD :
.gitlab-ci.yml writing
Complexe pipelines elaboration.
Deploying applications in AWS EKS/
OCP
Runners config troubleshooting.
Feature Teams AWS account management :
Deploying configuration on AWS using Terraform.
Modules writing.
Kubernetes/Openshift :
Application deployment.
Application troubleshooting.
Helm maintenance
DevSecOps :
DSOMM
SAMM

Docker image management :
Dockerfiles writing and management.
Images migration from Debian to Red Hat.
Improving security best practices about images.
Automation updates through Renovate.

CI/CD:
Analyzers deployment and maintenance.
SAST
Custom rules writing
DAST
Security Policies Implementation.
Development and scripting :
Python :
Internal API to link different services.
Automation scripts
Automation cli using the Gitlab API v4 and Gitlab GraphQL API.
Bash:
Scripting
Terraform Gitlab CI/CD Amazon Web Services (AWS) DevSecOps Cybersecurity

Check out Aratz's experience

Be the first to recommend Aratz

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Higher Technician in Networked Computer Systems Administration (ASIR)
UNED
2018

Certified by Altered Security Red Team Professional for Azure
Altered Security
2025
https://www.credential.net/4fbf1020-722e-4189-b24a-e14bc5520276
Service Principal & App Registration attacks Token extraction & abuse Red teaming methodology in cloud environments Abusing Azure services Defensive awareness Red Teaming Azure & Entra ID attack surface enumeration Privilege escalation techniques Exploitation of ARM templates & deployments Bypassing Conditional Access policies
Microsoft Certified: Identity and Access Administrator Associate
Microsoft
2025
https://learn.microsoft.com/api/credentials/share/en-us/armoga-8067/4CBBB2EB5B81D931?sharingId
Hybrid identity Access lifecycle governance Microsoft Entra ID Zero Trust Security Authentication

Aratz's certifications are only visible to Malt Community members

Aratz Moreno Garcia

Cloud Security Engineer | DevSecOps

About Aratz

Experience

Gitlab CI/CD :

Feature Teams AWS account management :

Kubernetes/Openshift :

DevSecOps :

CI/CD:

Development and scripting :

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories