You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Julio M.JM

Julio M.

Security Engineer

€450/day
Málaga, ES
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Julio

Offensive security consultant and pentester with over 10 years of experience in cybersecurity, helping companies identify their vulnerabilities before attackers do.

My background spans the defense and aerospace sector, cybersecurity consulting firms, a major telecommunications operator, and currently a leading technology platform in the AI sector. This diversity allows me to combine an offensive perspective with the real-world context of engineering teams.

I hold OSCP, CAPen, and C-AI/MLPen certifications, one of the few specializations in AI systems penetration testing. Also certified AWS Security Specialty and AWS Solutions Architect.

I offer three lines of service:
  • Pentesting: web, API, mobile (iOS/Android), cloud (AWS/GCP), Active Directory, and artificial intelligence systems (LLMs, generative models)
  • Cybersecurity consulting: secure architecture, threat modeling, DevSecOps, and ISO 27001
  • Corporate training with practical labs: OWASP Top 10, AI/ML security, and secure coding
Speaker at Cybercamp (INCIBE) and Navaja Negra. Active bug bounty researcher at Intigriti.

I work remotely. Available for closed projects, monthly retainers, or daily rates.

More information at julioxus.com and on my project: almenarasecurity.com
  • Spanish

    Native or bilingual

  • English

    Fluent

Remote only
Primarily works remotely

Experience

  • Magnific
    Security Engineer
    TECH
    April 2022 - Today (4 years and 4 months)
    Málaga, Spain
    • Security assessment of artificial intelligence platforms and generative models, including prompt injection testing, AI API abuse, and access control validation in LLM-based systems
    • Security audits of web applications, mobile apps (iOS/Android), and APIs through dynamic testing and manual code review, identifying and remediating OWASP Top 10 and CWE vulnerabilities
    • Management of the internal bug bounty program: validation of reports, collaboration with external researchers, and tracking until resolution of valid findings
    • Security assessments in GCP and AWS cloud environments, identifying misconfigurations and collaborating with DevOps to implement security best practices
    • Penetration testing of Active Directory environments and wireless networks, simulating real attack techniques to validate security controls
    • Participation in INCIBE CyberEx incident simulation exercises, evaluating detection and response capabilities under scenarios driven by real threats
    • Design and development of internal security tools (Python, JavaScript, React, NextJS, FastAPI, Flask) to automate workflows and improve detection capabilities
    • Collaboration with engineering teams to integrate security into the SDLC through secure architecture guidelines and threat modeling
    • Continuous research of emerging threats, tools, and attack techniques to improve security posture
    • Security incident investigation and post-mortem analysis, driving root cause resolution
    • Coordination of ISO 27001 and SOC 2 compliance audits, aligning security practices with NIST and industry standards
    • Delivery of internal cybersecurity training and mentoring to junior team members
    OWASP Google cloud Terraform PenTest AI
  • Multisafepay
    Trainer / Freelance Security Consultant
    CONSULTING AND AUDITS
    July 2023 - July 2024 (1 year)
    Estepona, Spain
    Delivery of offensive security training for the development team. Hands-on OWASP Top 10 workshop with practical labs adapted to the company's technology stack. Two consecutive editions with positive team feedback.
    OWASP Secure Coding PenTest Training AI
  • Orange Spain
    Vulnerability Manager
    TELECOMMUNICATIONS
    October 2018 - April 2022 (3 years and 6 months)
    Madrid, Spain
    • Responsible for the end-to-end vulnerability management process, leading remediation across the organization
    • Penetration testing of web applications, APIs, and infrastructure using manual techniques and automated tools
    • Integration of SAST/DAST tools into CI/CD pipelines as part of a DevSecOps initiative, incorporating security from the early stages of the development cycle
    • Leadership in secure design reviews for cloud projects in AWS, ensuring compliance with security best practices and regulatory requirements
    • Static and dynamic security analysis of applications to identify and remediate vulnerabilities before deployment to production
    • Close collaboration with Engineering and DevOps teams under agile methodologies (Scrum, Kanban)
    AWS PenTest Kanban DevOps SDLC

Recommendations

Be the first to recommend Julio

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Master in Cybersecurity
    Universidad Carlos III de Madrid
    2016
    Master in Cybersecurity
  • Computer Science Degree
    de Ingenierías Informática y de Telecomunicación (ETSIIT) at Universidad de Granada
    2015
    Computer Science Degree

Certifications

Skill set

Categories