Description

Consultor de seguridad ofensiva con más de 10 años de experiencia ayudando a empresas a encontrar sus vulnerabilidades antes de que lo hagan los atacantes.

Mi trayectoria abarca el sector defensa y aeroespacial, consultoras de ciberseguridad, una gran operadora de telecomunicaciones y actualmente una plataforma tecnológica líder. Esta diversidad me permite combinar la visión ofensiva con el contexto real de los equipos de ingeniería.

Cuento con las certificaciones OSCP, CAPen, C-AI/MLPen, AWS Security Specialty y AWS Solutions Architect. Speaker en Cybercamp (INCIBE) y Navaja Negra. Investigador activo en bug bounty en Intigriti.

Ofrezco tres líneas de servicio:

Pentesting: web, API, móvil (iOS/Android), cloud (AWS/GCP) y Active Directory
Consultoría: arquitectura segura, threat modeling, DevSecOps e ISO 27001
Formación corporativa con laboratorios prácticos: OWASP Top 10, seguridad en IA/ML, secure coding, concienciación, etc.
Trabajo en remoto. Disponible para proyectos cerrados, retainer mensual o tarifa diaria.

Más información en julioxus.com

Industry field of expertise

Languages

Spanish
Native or bilingual
English
Fluent

Workplace preferences

Remote only

Primarily works remotely

Freepik Company
Security Engineer
TECH
April 2022 - Today (4 years and 2 months)
Málaga, Spain
Conduct security assessments on web applications, mobile apps (iOS/Android), and APIs through dynamic testing and manual code review, identifying and remediating OWASP Top 10 and CWE vulnerabilities
Manage the internal bug bounty programme: validate submissions, collaborate with external researchers, and ensure timely resolution of valid findings
Lead cloud security posture assessments across GCP and AWS environments, identifying misconfigurations and partnering with DevOps to implement security best practices
Conduct penetration testing on Active Directory and wireless networks, simulating real-world attacker techniques to validate security controls
Participate in INCIBE CyberEx incident simulation exercises, testing detection and response capabilities under threat-led scenarios
Design and develop internal security tooling (Python, JavaScript, React, NextJS, FastAPI, Flask) to automate security workflows and enhance detection capabilities
Partner with engineering teams to embed security into the SDLC through secure architecture guidance and threat modelling
Continuously research emerging threats, tools, and attack techniques to improve security posture and stay ahead of the evolving threat landscape
Lead security incident investigations and post-mortem analysis, driving root cause resolution
Serve as lead coordinator for ISO 27001 and SOC 2 compliance audits, aligning security practices with NIST and industry benchmarks
Deliver internal cybersecurity training sessions and mentor junior team members
OWASP Google cloud Terraform PenTest ISO 27001
Orange Spain
Vulnerability Manager
TELECOMMUNICATIONS
October 2018 - April 2022 (3 years and 6 months)
Madrid, Spain
Owned the end-to-end Vulnerability Management Process, driving remediation across the organisation
Conducted penetration testing on web applications, APIs, and infrastructure using manual techniques and automated tools
Integrated SAST/DAST security tooling into CI/CD pipelines as part of a DevSecOps initiative, shifting security left in the development lifecycle
Led secure design reviews for AWS cloud projects, ensuring adherence to security best practices and compliance requirements
Performed static and dynamic application security analysis to identify and remediate vulnerabilities before production release
Collaborated closely with Engineering and DevOps teams using Agile methodologies (Scrum, Kanban)
AWS PenTest Kanban DevOps SDLC
R3 CyberSecurity
Cybersecurity Consultant
CONSULTING AND AUDITS
April 2018 - August 2018 (4 months)
Madrid, Spain
Performed penetration testing on web applications and infrastructure
Mentored junior security professionals, fostering secure engineering practices
Developed Master Director Plans based on ISO 27001 standards
ISO 27001 OWASP PenTest Mentoring Web3

Check out Julio's experience

Be the first to recommend Julio

Help this freelancer shine by sharing your experience working together.

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

Baptiste Duhen

Fullstack developer

4.6

(4)

Amed Hamou

Senior Lead Developer

(2)

Audrey Champion

Web developer

4.3

(3)

Signup to reveal

Master in Cybersecurity
Universidad Carlos III de Madrid
2016
Master in Cybersecurity
Computer Science Degree
de Ingenierías Informática y de Telecomunicación (ETSIIT) at Universidad de Granada
2015
Computer Science Degree

Check out Julio's education

OSCP
Offensive Security
2018
https://www.offsec.com/courses/pen-200/
Metasploit PenTest Kali Linux Exploitation
CAPen
The SecOps Group
2025
https://pentestingexams.com/certifications/professional/certified-appsec-pentester/
Burp Suite Web Pentesting PenTest

Julio's certifications are only visible to Malt Community members

Cybersecurity Expert

Julio M.

Penetration Tester & Security Consultant

About Julio

Experience

Recommendations

These freelancer profiles also match your criteria

Education

Certifications

Skill set

Categories