About Julio
- Pentesting: web, API, mobile (iOS/Android), cloud (AWS/GCP), Active Directory, and artificial intelligence systems (LLMs, generative models)
- Cybersecurity consulting: secure architecture, threat modeling, DevSecOps, and ISO 27001
- Corporate training with practical labs: OWASP Top 10, AI/ML security, and secure coding
Spanish
Native or bilingual
English
Fluent
Experience
- MagnificSecurity EngineerTECHApril 2022 - Today (4 years and 4 months)Málaga, Spain
- Security assessment of artificial intelligence platforms and generative models, including prompt injection testing, AI API abuse, and access control validation in LLM-based systems
- Security audits of web applications, mobile apps (iOS/Android), and APIs through dynamic testing and manual code review, identifying and remediating OWASP Top 10 and CWE vulnerabilities
- Management of the internal bug bounty program: validation of reports, collaboration with external researchers, and tracking until resolution of valid findings
- Security assessments in GCP and AWS cloud environments, identifying misconfigurations and collaborating with DevOps to implement security best practices
- Penetration testing of Active Directory environments and wireless networks, simulating real attack techniques to validate security controls
- Participation in INCIBE CyberEx incident simulation exercises, evaluating detection and response capabilities under scenarios driven by real threats
- Design and development of internal security tools (Python, JavaScript, React, NextJS, FastAPI, Flask) to automate workflows and improve detection capabilities
- Collaboration with engineering teams to integrate security into the SDLC through secure architecture guidelines and threat modeling
- Continuous research of emerging threats, tools, and attack techniques to improve security posture
- Security incident investigation and post-mortem analysis, driving root cause resolution
- Coordination of ISO 27001 and SOC 2 compliance audits, aligning security practices with NIST and industry standards
- Delivery of internal cybersecurity training and mentoring to junior team members
- MultisafepayTrainer / Freelance Security ConsultantCONSULTING AND AUDITSJuly 2023 - July 2024 (1 year)Estepona, SpainDelivery of offensive security training for the development team. Hands-on OWASP Top 10 workshop with practical labs adapted to the company's technology stack. Two consecutive editions with positive team feedback.
- Orange SpainVulnerability ManagerTELECOMMUNICATIONSOctober 2018 - April 2022 (3 years and 6 months)Madrid, Spain
- Responsible for the end-to-end vulnerability management process, leading remediation across the organization
- Penetration testing of web applications, APIs, and infrastructure using manual techniques and automated tools
- Integration of SAST/DAST tools into CI/CD pipelines as part of a DevSecOps initiative, incorporating security from the early stages of the development cycle
- Leadership in secure design reviews for cloud projects in AWS, ensuring compliance with security best practices and regulatory requirements
- Static and dynamic security analysis of applications to identify and remediate vulnerabilities before deployment to production
- Close collaboration with Engineering and DevOps teams under agile methodologies (Scrum, Kanban)
Recommendations
Be the first to recommend Julio
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Master in CybersecurityUniversidad Carlos III de Madrid2016Master in Cybersecurity
- Computer Science Degreede Ingenierías Informática y de Telecomunicación (ETSIIT) at Universidad de Granada2015Computer Science Degree
Certifications
- CAPenThe SecOps Group2025