À propos de Julio
Consultor de seguridad ofensiva con más de 10 años de experiencia ayudando a empresas a encontrar sus vulnerabilidades antes de que lo hagan los atacantes.
Mi trayectoria abarca el sector defensa y aeroespacial, consultoras de ciberseguridad, una gran operadora de telecomunicaciones y actualmente una plataforma tecnológica líder. Esta diversidad me permite combinar la visión ofensiva con el contexto real de los equipos de ingeniería.
Cuento con las certificaciones OSCP, CAPen, C-AI/MLPen, AWS Security Specialty y AWS Solutions Architect. Speaker en Cybercamp (INCIBE) y Navaja Negra. Investigador activo en bug bounty en Intigriti.
Ofrezco tres líneas de servicio:
- Pentesting: web, API, móvil (iOS/Android), cloud (AWS/GCP) y Active Directory
- Consultoría: arquitectura segura, threat modeling, DevSecOps e ISO 27001
- Formación corporativa con laboratorios prácticos: OWASP Top 10, seguridad en IA/ML, secure coding, concienciación, etc.
- Trabajo en remoto. Disponible para proyectos cerrados, retainer mensual o tarifa diaria.
Más información en julioxus.com
Espagnol
Bilingue ou natif
Anglais
Capacité professionnelle complète
En télétravail uniquement
Travaille majoritairement à distance
Expériences
- Freepik CompanySecurity EngineerHIGH TECHavril 2022 - Aujourd'hui (4 ans et 2 mois)Málaga, Espagne
- Conduct security assessments on web applications, mobile apps (iOS/Android), and APIs through dynamic testing and manual code review, identifying and remediating OWASP Top 10 and CWE vulnerabilities
- Manage the internal bug bounty programme: validate submissions, collaborate with external researchers, and ensure timely resolution of valid findings
- Lead cloud security posture assessments across GCP and AWS environments, identifying misconfigurations and partnering with DevOps to implement security best practices
- Conduct penetration testing on Active Directory and wireless networks, simulating real-world attacker techniques to validate security controls
- Participate in INCIBE CyberEx incident simulation exercises, testing detection and response capabilities under threat-led scenarios
- Design and develop internal security tooling (Python, JavaScript, React, NextJS, FastAPI, Flask) to automate security workflows and enhance detection capabilities
- Partner with engineering teams to embed security into the SDLC through secure architecture guidance and threat modelling
- Continuously research emerging threats, tools, and attack techniques to improve security posture and stay ahead of the evolving threat landscape
- Lead security incident investigations and post-mortem analysis, driving root cause resolution
- Serve as lead coordinator for ISO 27001 and SOC 2 compliance audits, aligning security practices with NIST and industry benchmarks
- Deliver internal cybersecurity training sessions and mentor junior team members
- Orange SpainVulnerability ManagerTÉLÉCOMMUNICATIONSoctobre 2018 - avril 2022 (3 ans et 6 mois)Madrid, Espagne
- Owned the end-to-end Vulnerability Management Process, driving remediation across the organisation
- Conducted penetration testing on web applications, APIs, and infrastructure using manual techniques and automated tools
- Integrated SAST/DAST security tooling into CI/CD pipelines as part of a DevSecOps initiative, shifting security left in the development lifecycle
- Led secure design reviews for AWS cloud projects, ensuring adherence to security best practices and compliance requirements
- Performed static and dynamic application security analysis to identify and remediate vulnerabilities before production release
- Collaborated closely with Engineering and DevOps teams using Agile methodologies (Scrum, Kanban)
- R3 CyberSecurityCybersecurity ConsultantCONSEIL & AUDITavril 2018 - août 2018 (4 mois)Madrid, Espagne
- Performed penetration testing on web applications and infrastructure
- Mentored junior security professionals, fostering secure engineering practices
- Developed Master Director Plans based on ISO 27001 standards
Recommandations
Soyez le premier à recommander Julio
Contribuez à la réussite de ce freelance en partageant votre expérience de collaboration avec lui.
Ces profils de freelance correspondent également à vos critères
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Formations
- Master in CybersecurityUniversidad Carlos III de Madrid2016Master in Cybersecurity
- Computer Science Degreede Ingenierías Informática y de Telecomunicación (ETSIIT) at Universidad de Granada2015Computer Science Degree
Certifications
- CAPenThe SecOps Group2025