I’m Alejandro, a passionate Application Security Engineer with over three years of experience in DevSecOps, AppSec, and vulnerability management. I’ve led secure SDLC initiatives for large enterprise clients and automated security testing (SAST/DAST) across multiple projects, delivering measurable improvements in security posture. I thrive on translating complex security concepts into practical steps that developers can follow and love building scalable security pipelines that catch issues early in the lifecycle. I bring advanced offensive security expertise demonstrated through CRTE and eCPPv2 certifications, blending defensive implementations with red-team capabilities. I’m an EU citizen based in Madrid and open to relocation to contribute my technical skills in a dynamic security environment.

Alejandro González García-Loygorri

I’m Alejandro, a passionate Application Security Engineer with over three years of experience in DevSecOps, AppSec, and vulnerability management. I’ve led secure SDLC initiatives for large enterprise clients and automated security testing (SAST/DAST) across multiple projects, delivering measurable improvements in security posture. I thrive on translating complex security concepts into practical steps that developers can follow and love building scalable security pipelines that catch issues early in the lifecycle. I bring advanced offensive security expertise demonstrated through CRTE and eCPPv2 certifications, blending defensive implementations with red-team capabilities. I’m an EU citizen based in Madrid and open to relocation to contribute my technical skills in a dynamic security environment.

Available to hire

I’m Alejandro, a passionate Application Security Engineer with over three years of experience in DevSecOps, AppSec, and vulnerability management. I’ve led secure SDLC initiatives for large enterprise clients and automated security testing (SAST/DAST) across multiple projects, delivering measurable improvements in security posture. I thrive on translating complex security concepts into practical steps that developers can follow and love building scalable security pipelines that catch issues early in the lifecycle.

I bring advanced offensive security expertise demonstrated through CRTE and eCPPv2 certifications, blending defensive implementations with red-team capabilities. I’m an EU citizen based in Madrid and open to relocation to contribute my technical skills in a dynamic security environment.

See more

Skills

Experience Level

Python
Expert
Bash
Expert
Docker
Expert
PowerShell
Expert
Java
Expert
Jira
Expert
C#
Intermediate
Kubernetes
Intermediate
SQL
Intermediate
GitHub CoPilot
Intermediate

Language

Spanish; Castilian
Fluent
English
Fluent

Work Experience

AppSec Engineer / Delivery Analyst at Deloitte
December 1, 2023 - March 1, 2026
Orchestrated the end-to-end implementation of Secure SDLC frameworks for major financial and retail clients, ensuring security controls from design to deployment. Executed 100+ SAST, DAST, and SCA testing campaigns using Fortify and Snyk, identifying and triaging over 500 vulnerabilities across Critical, High, and Medium severity levels. Managed remediation with development teams to reduce critical risks and mitigate business impact. Implemented and maintained automated security pipelines (CI/CD) to detect vulnerabilities early in the development lifecycle, and fostered a Security Champions culture to improve code quality via secure coding training.
Cybersecurity Consultant at DXC Technology
March 1, 2022 - December 1, 2023
Performed comprehensive SAST analysis on source code using static analysis tools, identified security flaws aligned with OWASP Top 10 standards. Conducted manual DAST assessments on web applications, discovering vulnerabilities through dynamic testing and behavioral analysis. Managed the full vulnerability management lifecycle for international clients, delivering detailed technical reports and actionable remediation roadmaps, and verified fixes through re-testing to ensure compliance with security standards.

Education

Higher Technician in Multiplatform Application Development at Colegio Retamar, Madrid
September 7, 2020 - June 10, 2022

Qualifications

Certified Red Team Expert (CRTE)
July 3, 2023 - July 10, 2023
Altered Security. Advanced certification focusing on attacking and defending Active Directory in enterprise environments.
eLearnSecurity Certified Professional Penetration Tester v2 (eCPPT v2)
July 1, 2024 - July 8, 2024
eLearnSecurity. Validates professional skills in network penetration testing, exploitation, and reporting.
eLearnSecurity Web Application Penetration Tester (eWPT)
July 15, 2024 - July 22, 2024
eLearnSecurity. Focuses on the mechanics of web vulnerabilities and manual exploitation techniques.
eLearnSecurity Junior Penetration Tester (eJPT)
April 1, 2024 - April 8, 2024
eLearnSecurity. Entry-level certification covering essential penetration testing skills and networking.

Industry Experience

Software & Internet, Financial Services, Professional Services, Retail, Other
    paper Security_Gate

    After weeks building and testing with Snyk in production, I just released something I’m really proud of: Security Gatekeeper.

    It started as a frustration:

    • Too many alerts, not enough real threats
    • Developers ignoring security because everything is “CRITICAL”

    So I built a Python script that applies Red Team principles to vulnerability triage.

    It’s not revolutionary. It’s pragmatic.

    It filters noise. It blocks real risk. It makes developers’ lives easier while actually improving security.

    That’s the job of AppSec engineering: be useful, not just a blocker.

    Code is on GitHub now. No BS, just a working tool that solves a real problem.

    https://www.twine.net/signin

Hire a Web Developer

We have the best web developer experts on Twine. Hire a web developer in Madrid today.