Barcelona, Catalonia, Spain
Discussing all possible workarounds and best practices to solve a problem is what I enjoy the most. I'm a passionate geek who likes to self-host its own services. I enjoy coding a lot; I'm a big Go advocate, but I'm also comfortable developing in other languages like Python, Bash, or C. I'm proud to say that I have a strong affinity for Linux environments and containers in general. I enjoy working with different clouds like AWS or GCP when it gets innovative. While I've never been much of a front-end person, I've been experimenting with HTMX lately. Latest experiment with Go + HTMX -> demo.contre.io -> github.com/contre95/controtto More -> contre.io
• Collaborate with the designed and implementation of our in-house vulnerability management tool using software architecture principles. • Continue to support SOC team by building solutions around their SIEM to enrich logs, and enhanced performace of our log collection time.
• Lead the migration of N26’s SIEM system based on the ELK stack to AWS managed services like ECS and Opensearch, resulting in a significant reduction in maintenance. Simultaneously, established application metrics such as SLA, SLI, and SLO, and implemented supplementary monitoring systems alongside self‑remediation strategies and automations. Which reduced friction with our stakeholders and drastically improved our MTTR. • Developed Philips, a system which keeps track of IP ownership across teams, services, and AWS resources along with corresponding timeframes, a tool used to help subsequent forensic analyses. For this tool I used Python, DynamoDB and MSK (Kafka). Aspect as unit testing, and a mindful approach towards the system
• Within a group of two people we built POLP Fiction, a tool that aims to apply the principle of least privilege on AWS IAM Customer man‑ aged Policies, Users and Roles. The project managed to reduced the attack surface on more than 200 AWS identifying and mitigating se‑ curity concerns such as privilege escalation, confused deputy problem and least privilege. We made the Policy inventory open source https://github.com/mercadolibre/polp‑fiction‑metrics
• In partnership with another engineer, I participated in Mercadolibre’s Patch Management solution, A project that using Lambda, AWS Config, and Systems Manager handles the patching of +50k EC2 and compute instances on AWS and GCP respectively across around +5 different Linux distributions. • As one of my biggest duties in the patch management initiative, I created a tool that leverages on Google’s IAP (GCP Identity Aware Proxy) and Ansible to install the AWS SSM agent on any GCP instance, making the patching solution multi‑cloud and centrally managed.
Worked as a contractor mainly for e‑commerces Zappos and OLX in which I: • Developed a full Serverless incident response tool with 3 fully composable and reusable Micro-services/APIs using Python and NodeJS in AWS. Tooling which was later on used by Zappos Incident response team. • Solved several IaC issues with Terraform and CloudFormation in AWS and automate a handful of procedures using Docker, Lambda and more native AWS services • Deploy containerized monitoring stacks such as as Nagios, TIG (Telegraf, InfluxDB, and Grafana
• As part of my internship at Toyota, I administrated Active Directory, MySQL and Windows Servers as well as massive software installation pro‑ cedures with InvGate software. • For the most part I learned a lot about The Toyota way, TPS, Toyotas Kaizen circle for continuous improvement and several fascinating data driven methodologies that Toyota’s applies to achieve outstanding results.