About Aratz
I’m a security engineer and consultant based in Bilbao, focused on building secure, automated, and resilient infrastructures. My expertise spans security architecture, threat modeling, and cloud security in AWS and Azure, where I harden environments and align them with compliance.
I believe security should enable innovation, not slow it down. That’s why I take an automation-first approach—developing CI/CD pipelines, infrastructure as code (Terraform), and scripts that streamline testing and remediation.
I’m also exploring OpenStack and digital sovereignty, designing hybrid and on-premise setups that give organizations control over their infrastructure. Lately, I’ve been digging into AI compliance and monitoring, researching how governance and transparency can improve trust in AI systems.
Fluent in Spanish, English, and French, I enjoy turning complex security challenges into clear, practical solutions that help organizations stay both secure and agile.
----------------------------------------------------------
Soy ingeniero y consultor de seguridad en Bilbao, especializado en crear infraestructuras seguras, automatizadas y resilientes. Mi experiencia abarca la arquitectura de seguridad, el modelado de amenazas y la seguridad en la nube en AWS y Azure, donde fortalezco entornos y los adapto a normativas de cumplimiento.
Creo que la seguridad debe impulsar la innovación. Por eso aplico un enfoque automation-first: desarrollo pipelines CI/CD, infraestructura como código (Terraform) y scripts que agilizan pruebas y remediaciones.
También exploro OpenStack y la soberanía digital, diseñando entornos híbridos y on-premise que ofrecen mayor control y cumplimiento. Más recientemente, me he centrado en cumplimiento y monitorización de IA, estudiando cómo la gobernanza puede aportar transparencia y confianza.
Hablo español, inglés y francés, y disfruto traduciendo retos complejos en soluciones claras y prácticas que refuercen la seguridad sin perder agilidad.
Spanish
Native or bilingual
French
Native or bilingual
English
Fluent
Can work on-site
Bilbao (up to 50km)
Experience
- European Central BankCloud Security EngineerBANKING AND INSURANCEApril 2025 - Today (1 year and 2 months)
- CNAPP
- Led deployment of a Cloud-Native Application Protection Platform (CNAPP) to centralize security posture management, workload protection, and compliance across multi-cloud environments.
- Customization
- Extended CNAPP platform with custom plugins and Python scripts to integrate with existing SIEM/SOAR workflows.
- Terraform : Built modular Terraform templates to adapt configurations across environments (dev, staging, prod).
- Cloud Environments:
- Azure
- AWS
- OCI
- Product team support
- Partnered with product and engineering teams to embed security controls into product lifecycles.
- Conducted enablement workshops and created documentation/playbooks for product teams to self-serve CNAPP insights.
- Sopra SteriaCloud Security EngineerApril 2024 - July 2025 (1 year and 3 months)Brussels, Belgium
- Cloud Security Engineer – Delivered security architecture and operations support across European projects and institutions, ensuring compliance with regulatory and organizational frameworks.
- Azure & AWS Expertise – Designed and implemented secure cloud solutions leveraging Microsoft Azure (AD, Key Vault, Defender for Cloud) and AWS (IAM, Security Hub, GuardDuty), aligning with best practices in identity, access, and workload protection.
- Terraform (IaC) – Developed and maintained modular Terraform templates for consistent multi-cloud resource provisioning, embedding policy-as-code guardrails to enforce security baselines.
- Ansible Automation – Automated infrastructure configuration and security hardening with Ansible playbooks, improving repeatability and reducing manual errors in deployment pipelines.
- GitLab CI/CD – Built and optimized CI/CD pipelines in GitLab to integrate security checks (IaC validation, secrets scanning, container scanning), enabling shift-left security in development workflows.
- Keytrade BankDevSecOps EngineerBANKING AND INSURANCEJanuary 2022 - April 2022 (3 months)Bruselas, BelgiumMember of DevOps Chapter and Security Chapter.Part of Direct channels and Contact management feature teams.Agile Methodology.
Gitlab CI/CD :
- .gitlab-ci.yml writing
- Complexe pipelines elaboration.
- Deploying applications in AWS EKS/
- OCP
- Runners config troubleshooting.
Feature Teams AWS account management :
- Deploying configuration on AWS using Terraform.
- Modules writing.
Kubernetes/Openshift :
- Application deployment.
- Application troubleshooting.
- Helm maintenance
DevSecOps :
- DSOMM
- SAMM
Docker image management :- Dockerfiles writing and management.
- Images migration from Debian to Red Hat.
Improving security best practices about images.Automation updates through Renovate.CI/CD:
- Analyzers deployment and maintenance.
- SAST
- Custom rules writing
- DAST
- Security Policies Implementation.
Development and scripting :
- Python :
- Internal API to link different services.
- Automation scripts
- Automation cli using the Gitlab API v4 and Gitlab GraphQL API.
- Bash:
- Scripting
Recommendations
Be the first to recommend Aratz
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Técnico Superior en Administración de Sistemas Informáticos en Red (ASIR)UNED2018
Certifications
- Certified by Altered Security Red Team Professional for AzureAltered Security2025
- Microsoft Certified: Identity and Access Administrator AssociateMicrosoft2025