Skip to main content

Luis Lozoya

Security-Focused Software Engineer · Cloud · AI

5+ years building and securing production web apps with React, Next.js, and AWS. GIAC certified (GFACT + GSEC). Currently delivering secure, cloud-native applications and AI integrations for clients across the US and Spain.

AppSecAWSReactNext.jsTypeScriptPython

GIAC GFACT + GSEC Certified  ·  Pursuing GCIH  ·  US Work Authorized

Resume
Luis Javier Lozoya, Security-Focused Software Engineer

About

Where software engineering meets security

Originally from Spain with a degree in architectural engineering from IE University. I spent nearly 6 years in the commercial construction industry, working in engineering, CAD drafting, and project management, before pivoting into software engineering and never looking back.

Now a security-focused engineer with deep experience in cloud technologies and application security, recently earning the GIAC GFACT and GSEC certifications through the SANS Institute as part of the SANS Cyber Academy scholarship.

In addition to traditional web development, I work with AI-enabled features, including LLM integrations and automation workflows, always with a security-aware mindset around data handling, access control, and responsible AI usage.

Currently building and securing cloud-native applications at GDNA, with a focus on secure API design, least-privilege IAM, and production-grade AWS architecture. Next up on the certification path: GIAC GCIH. Always open to interesting conversations.

1st Place, HackOps 2024Judge, HarborHack 2024Speaker, HarborHack 2025

Tech Stack

Technologies I reach for every day, and the broader toolkit I bring to projects.

Core Stack

React
Next.js
TypeScript
Node.js
AWS
Python
PostgreSQL
Tailwind CSS

Also Work With

Security

  • OWASP Top 10
  • OWASP LLM Top 10
  • Threat Modeling
  • Burp Suite
  • OWASP ZAP
  • Secure Coding

Forensics & IR

  • Wireshark
  • tcpdump
  • PCAP Analysis
  • VPC Flow Logs
  • John the Ripper
  • Hashcat
  • exiftool
  • nfdump
  • DLP

Cloud & DevOps

  • Lambda
  • S3
  • Amplify
  • Docker
  • CI/CD
  • Git

AI / Automation

  • LangChain
  • OpenAI API
  • Prompt Engineering

Data & APIs

  • REST APIs
  • GraphQL
  • MongoDB
  • Express

Experience

5+ years across startups, agencies, and independent consulting

GDNA company logo

Software Engineer (Contract)

Current
GDNA
AWS & Cloud Solutions
Apr 2024 to Present
Mount Pleasant, SC

Started translating Figma designs into React/Next.js code. Evolved into owning full application architecture, API design, and database design on AWS.

Key Achievements:

  • Architecting serverless AWS solutions: API Gateway, Lambda, S3, RDS, Cognito, IAM, Secrets Manager, Amplify
  • Designing APIs, front-end architecture, and database schemas for client applications
  • Running weekly client meetings to demo progress and incorporate feedback

Technologies Used:

AWS API GatewayLambdaS3RDSCognitoIAMSecrets ManagerAmplifyReactTypeScriptNext.jsPostgreSQL
Querri company logo

Software Engineer (Contract)

Querri
Data Analytics & Business Intelligence
Aug 2023 to Apr 2024
Mount Pleasant, SC

Built a client project using Svelte and maintained Querri's HubSpot website with custom code modifications throughout the contract.

Key Achievements:

  • Built a client-facing project using Svelte and FusionAuth
  • Modified and maintained Querri's HubSpot website with custom code
  • Built custom HubSpot CMS modules and templates

Technologies Used:

SvelteHubSpot CMSHTMLCSSJavaScriptFusionAuthAWS
Upstate Nutrition company logo

Software Engineer (Contract)

Upstate Nutrition
E-commerce & Wellness
Jul 2023 to Aug 2023
Remote

Short-term contract to rebuild the company's Shopify storefront. The engagement ended before completion.

Key Achievements:

  • Started rebuilding the Shopify storefront with Liquid templates
  • Gained experience with Shopify's ecosystem and e-commerce development

Technologies Used:

ShopifyLiquidJavaScriptCSSSEOAnalytics
Interloop company logo

Software Engineer

Interloop
Data Analytics & Business Intelligence
Jul 2021 to Jun 2023
Charleston, SC

First engineering role after JRS Coding School bootcamp. Promoted from Software Engineer I to II. Full-stack development on Angular/NestJs stack with Azure cloud services.

Key Achievements:

  • Built custom Chrome extensions integrated with CRM tools using RESTful APIs and OAuth 2.0
  • Developed and maintained full-stack features using Angular, NestJs, MongoDB, and Azure Cosmos DB
  • Created Azure Functions with various triggers, reducing infrastructure costs for client workloads
  • Mentored junior developers and coordinated between development and leadership teams

Technologies Used:

AngularNestJsMongoDBAzure Cosmos DBAzure FunctionsTypeScriptNode.jsREST APIsOAuth2.0

Security Labs

13 labs

Selected hands-on labs with real packet captures, full analysis, and detailed writeups. Evidence of skill beyond certifications.

Network ForensicsCloud Network ForensicsPassword Management & CryptographyData Security & DLPNetwork SecurityWeb Application SecurityCryptographyIntrusion DetectionWindows SecurityLinux Security
Cloud Network Forensics

Lab 1.3 - AWS VPC Flow Log Analysis

Analyzed 173K VPC flow records across 579 log files: isolated 33,232 attacker flows from 20.106.124.93, determined a 6.5-hour attack window, quantified 265MB exfiltrated on port 8889 and 190MB on port 80, and confirmed the full attack surface (HTTP, SSH, 8889) using PCAP-to-NetFlow conversion with nfpcapd/nfdump.

AWS VPC Flow Logszcatzgrepawk
Read write-up
Network Forensics

Lab 1.2 – Wireshark Packet Analysis

Investigated a 628K-packet PCAP in Wireshark: used protocol hierarchy and conversation statistics to surface a port-80 scanning pattern from 3.142.238.241, followed an HTTP stream revealing a successful WordPress brute-force login (Hydra, admin/#AlphaInc!), and completed a live-capture exercise extracting an HTTP object from loopback traffic.

WiresharkPCAP analysisDisplay filtersHTTP stream following
Read write-up
Web Application Security

Lab 3.3 - Web App Exploitation

Discovered a SQL injection in Catalog.php's search parameter (LIKE '%<input>%'), dumped all products, enumerated databases and tables via stacked queries, then deployed the lab WAF and confirmed identical payloads were blocked with HTTP 418.

FirefoxPHP/MySQL web appManual SQL injectionWAF (lab-provided)
Read write-up
Network Forensics

Lab 1.1 – tcpdump Traffic Analysis

Analyzed PCAP traffic with tcpdump: identified /.env probing, WordPress brute-force with Hydra, and cleartext login parameters visible in the HTTP payload.

tcpdumpdigPCAP analysisCLI
Read write-up
Password Management & Cryptography

Lab 2.1 – Password Auditing

Cracked passwords across 4 hash types using John the Ripper and Hashcat: extracted and cracked an Office 2013 encrypted Excel file, an NTLM hash, and Linux crypt hashes using a CeWL wordlist. Demonstrated brute-force infeasibility against SHA-512 with Hashcat, then used John's word-mangling rules to expand 1,552 base words into 4M+ candidates to crack passwords the original wordlist missed.

John the RipperHashcatoffice2johnunshadow
Read write-up
Intrusion Detection

Lab 4.3 - Intrusion Detection and Network Security Monitoring with Snort3 and Zeek

Validated Snort 3.1.73 config, tightened HOME_NET to 10.130.0.0/16, ran the community ruleset against investigate.pcap, and surfaced an SSH CRC32 overflow shellcode pattern (294 alerts from 20.106.124.93 → 10.130.8.94:22). Re-ran Snort with a BPF filter pinned to the attacker IP, then processed the same PCAP with Zeek's extract-all-files policy and confirmed log output.

Snort 3.1.73.0Zeeksnort3-community.rulesBPF
Read write-up
Also: SEC401 command cheatsheet →

Labs are from SANS Cyber Academy.

Certifications & Education

Industry certifications and academic foundation

GIAC Security Essentials (GSEC) professional certification
Verified

GIAC Security Essentials (GSEC)

SANS Institute
April 2026
Network SecurityCryptographyIncident Response+3
GIAC Foundational Cybersecurity Technologies (GFACT) professional certification
Verified

GIAC Foundational Cybersecurity Technologies (GFACT)

SANS Institute
January 2026
CybersecurityNetworkingOperating Systems+3
Introduction to AI professional certification
Verified

Introduction to AI

Google (via Coursera)
2025
Artificial IntelligenceAI ApplicationsData Science
Cybersecurity: System Administration Certificate Program professional certification
Verified

Cybersecurity: System Administration Certificate Program

Purdue University and Ivy Tech
2023
CybersecuritySystem AdministrationNetwork Security+2
Education

Cybersecurity Path - System Administration

Mar 2022 - May 2023
Purdue University NorthwestOnline

Cybersecurity and system administration program covering security fundamentals, network protection, and infrastructure management.

Full Stack Developer

Nov 2019 - Oct 2020
JRS Coding SchoolThe Harbor Entrepreneur Center, Charleston, SC

Intensive full-stack development program. Career pivot from construction to software engineering. Landed first engineering role at Interloop within months of completion.

Arquitecto Tecnico (Bachelor's in Architectural Engineering)

2006 - 2012
IE UniversitySegovia, Spain

Technical architecture degree covering structural engineering, construction management, and building design. Final thesis: design and construction technical drawings for a hospital. Foundation for project management and analytical thinking that carried into software engineering.

Portfolio

Selected client and independent work with measurable outcomes

Client Work

Delivered via GDNA, Querri, and direct engagements

AfricaNXT: Global Mentorship Platform (via GDNA)
Featured

AfricaNXT: Global Mentorship Platform (via GDNA)

Problem

Mentorship platform needed secure, scalable onboarding UX for ~1,200 users.

Solution

Built React UI components and AWS Cognito auth with secure session management, input validation, and CDK-managed infrastructure with least-privilege IAM policies.

Impact

Onboarding efficiency improved by 60%; secure registration and sign-in flow in production with OWASP-aligned authentication controls.

Tech
React 18AWS CDKCognitoSquid CloudTypeScriptSESAuth Security
View Live

Independent Projects

Side projects and open-source work with live demos and source code

TalentAgent: AI Job Fit Assessment Platform (2026) project screenshot

TalentAgent: AI Job Fit Assessment Platform (2026)

Role: Solo builder: design, full-stack development, AI integration, payments, deployment

Paste any job description and get an honest 0-100 fit score with strengths, gaps, and interview prep. Includes ghost job detection and a job board with AI scores.

Problem: Job seekers waste hours applying to roles that aren't a good fit or are ghost postings.
Approach: Built a full-stack platform with OpenAI for fit scoring, Supabase for data and auth, Stripe for payments, and a job board with pre-scored listings.
Outcome: Live platform that scores fit in 10 seconds, detects ghost jobs, and gives honest 'Don't Apply' signals. Free to use.
Next.js 15SupabaseOpenAIStripeTypeScriptTailwind CSS
View Live
ShopEssentialsHub: Curated Product Recommendation Platform (2025) project screenshot

ShopEssentialsHub: Curated Product Recommendation Platform (2025)

Role: Design, full-stack development, deployment (Vercel)

A modern product curation platform with hand-picked Amazon products, reviews, category filtering, and Editor's Choice. Responsive, SEO-optimized, with affiliate integration.

Problem: Users needed a trusted, curated list of products by category instead of browsing generic storefronts.
Approach: Designed and built the full stack: Next.js app, category and filter UX, Editor's Choice section, and Amazon affiliate integration with SEO and responsive layout.
Outcome: Live site with clear categories, fast load times, and monetization path. Demonstrates full-stack and product-thinking skills.
Next.jsReactTypeScriptTailwind CSS
View LiveView Code
Bilingual Business Site (EN/ES) (2025) project screenshot

Bilingual Business Site (EN/ES) (2025)

Role: Design, front-end development, deployment

Modern bilingual marketing site built with Next.js 14, custom i18n, dark mode theming, and Framer Motion animations. Responsive layout with reusable section components.

Problem: Wanted a full-scale project to practice bilingual routing, dark mode theming, and polished Framer Motion interactions end-to-end in Next.js 14.
Approach: Built from scratch with a custom i18n system, next-themes dark mode, Framer Motion animations, and modular section components for hero, services, pricing, portfolio, and contact.
Outcome: Shipped a production bilingual site with full dark mode, smooth animations, and a complete section library demonstrating end-to-end Next.js 14 patterns.
Next.js 14React 18TypeScriptTailwind CSSFramer Motion
View LiveView Code
Cursor Rules Hub: AI Community Platform (2025) project screenshot

Cursor Rules Hub: AI Community Platform (2025)

Role: Full-stack development, database design, deployment

Community-driven platform for sharing and discovering AI behavior rules for Cursor Editor. Rule browsing, creation tools, and file-pattern matching.

Problem: Cursor users had no central place to find, share, or version rules; everyone was reinventing the wheel.
Approach: Built a Next.js app with Supabase for storage and auth. Implemented rule CRUD, tagging, and pattern-matching logic so rules can be suggested by file type.
Outcome: Live community site for browsing and contributing rules. Demonstrates full-stack work and understanding of developer tools.
Next.js 14SupabaseTypeScriptTailwind CSS
View LiveView Code
YouTube GPT Creator (2024) project screenshot

YouTube GPT Creator (2024)

Role: Backend, AI integration, scripting/automation

AI-assisted automation for YouTube content workflows using Python and LangChain, reducing manual steps in scripting and planning.

Problem: Content creators spend significant time on scripting, research, and planning before recording.
Approach: Built a Python tool using LangChain to automate research and draft scripts from prompts. Integrated with common content workflows.
Outcome: Roughly 40% reduction in manual effort for script and planning steps. Demonstrates AI/LLM integration and automation.
PythonLangChain
View Code
NEVA Estudio, Concept Redesign (2026) project screenshot

NEVA Estudio, Concept Redesign (2026)

Role: Solo build: concept, design, full-stack development

An unsolicited concept redesign for a bilingual (ES/EN) architecture studio. Project gallery with image carousel, service detail modals, contact form, and Framer Motion animations. Built to practice next-intl routing and minimalist editorial layout. Not affiliated with or endorsed by NEVA Estudio.

Problem: Wanted hands-on practice with bilingual routing, i18n content modeling, and editorial layouts for a design-focused business.
Approach: Built a concept site with next-intl locale routing, image carousel gallery, service modals, and Framer Motion interactions.
Outcome: Working concept demonstrating full i18n flow, accessible gallery interactions, and a minimalist editorial aesthetic.
Next.js 15React 19TypeScriptTailwind CSSFramer Motionnext-intl
View LiveView Code
Coastal Millwork & Supply, Concept Redesign (2025) project screenshot

Coastal Millwork & Supply, Concept Redesign (2025)

Role: Solo build: concept, design, full-stack development

An unsolicited concept redesign for a commercial interiors contractor, exploring modern project gallery UX, service presentation, and local SEO patterns. Built with Next.js 16 and Tailwind CSS. Not affiliated with or endorsed by Coastal Millwork & Supply.

Problem: Wanted to practice Next.js 16 features and explore content-heavy layouts for a services-based business.
Approach: Designed and built a concept site with an interactive project gallery, service pages, and SEO-friendly metadata.
Outcome: Working concept showcasing modern Next.js 16 patterns and content-heavy layout techniques.
Next.js 16React 19TypeScriptTailwind CSS
View LiveView Code

Fit Check

Would Luis be a good fit?

Paste a job description and get an honest AI assessment of how Luis's experience maps to the role.

0 characters

Contact

Let's discuss your next project. Reach out via the form below or connect on LinkedIn