Skip to main content

Luis Lozoya

Security-Focused Software Engineer · Cloud · AI

5+ years building and securing production web apps with React, Next.js, and AWS. GIAC certified (GFACT, GSEC in progress). Currently delivering secure, cloud-native applications and AI integrations for clients across the US and Spain.

AppSecAWSReactNext.jsTypeScriptPython
Resume
Luis Javier Lozoya, Security-Focused Software Engineer

About

Where software engineering meets security

I'm a security-focused software engineer with deep experience in cloud technologies and application security. I recently earned the GIAC Foundational Cybersecurity Technologies (GFACT) certification through the SANS Institute, validating my knowledge across networking, operating systems, cloud platforms, web technologies, and core security principles.

I bring together real-world software engineering experience and formal security training to design and build applications that are secure by design, scalable, and production-ready.

In addition to traditional web development, I work with AI-enabled features, including LLM integrations and automation workflows, always with a security-aware mindset around data handling, access control, and responsible AI usage.

Currently building and securing cloud-native applications at GDNA, with a focus on secure API design, least-privilege IAM, and production-grade AWS architecture. Currently pursuing GIAC GSEC. Always open to interesting conversations.

Tech Stack

Technologies I reach for every day, and the broader toolkit I bring to projects.

Core Stack

React
Next.js
TypeScript
Node.js
AWS
Python
PostgreSQL
Tailwind CSS

Also Work With

Security

  • OWASP Top 10
  • OWASP LLM Top 10
  • Threat Modeling
  • Burp Suite
  • Wireshark
  • OWASP ZAP
  • tcpdump
  • Secure Coding

Cloud & DevOps

  • Lambda
  • S3
  • Amplify
  • Docker
  • CI/CD
  • Git

AI / Automation

  • LangChain
  • OpenAI API
  • Prompt Engineering

Data & APIs

  • REST APIs
  • GraphQL
  • MongoDB
  • Express

Experience

5+ years across startups, agencies, and independent consulting

GDNA company logo

Software Engineer (Contract)

Current
GDNA
AWS & Cloud Solutions
Apr 2024 to Present
Mount Pleasant, SC

Started translating Figma designs into React/Next.js code. Evolved into owning full application architecture, API design, and database design on AWS.

Key Achievements:

  • Architecting serverless AWS solutions: API Gateway, Lambda, S3, RDS, Cognito, IAM, Secrets Manager, Amplify
  • Designing APIs, front-end architecture, and database schemas for client applications
  • Running weekly client meetings to demo progress and incorporate feedback

Technologies Used:

AWS API GatewayLambdaS3RDSCognitoIAMSecrets ManagerAmplifyReactTypeScriptNext.jsPostgreSQL
IberiaTech Solutions company logo

Founder

IberiaTech Solutions
Web Development & AI Solutions
2024
Charleston, SC

Independent projects and web development under a personal brand. Built and shipped production sites to explore AI integration, bilingual platforms, and e-commerce.

Key Achievements:

  • Built and launched iberiatechsolutions.com (bilingual EN/ES) and shopessentialshub.com
  • Integrated AI features (LLM-powered content, recommendation logic) into projects
  • Full project lifecycle: design, architecture, implementation, deployment

Technologies Used:

Next.jsReactTypeScriptTailwind CSSAWSNode.js
Querri company logo

Software Engineer (Contract)

Querri
Data Analytics & Business Intelligence
Aug 2023 to Apr 2024
Mount Pleasant, SC

Built a client project using Svelte and maintained Querri's HubSpot website with custom code modifications throughout the contract.

Key Achievements:

  • Built a client-facing project using Svelte and FusionAuth
  • Modified and maintained Querri's HubSpot website with custom code
  • Built custom HubSpot CMS modules and templates

Technologies Used:

SvelteHubSpot CMSHTMLCSSJavaScriptFusionAuthAWS
Upstate Nutrition company logo

Software Engineer (Contract)

Upstate Nutrition
E-commerce & Wellness
Jul 2023 to Aug 2023
Remote

Short-term contract to rebuild the company's Shopify storefront. The engagement ended before completion.

Key Achievements:

  • Started rebuilding the Shopify storefront with Liquid templates
  • Gained experience with Shopify's ecosystem and e-commerce development

Technologies Used:

ShopifyLiquidJavaScriptCSSSEOAnalytics
Interloop company logo

Software Engineer

Interloop
Data Analytics & Business Intelligence
Jul 2021 to Jun 2023
Charleston, SC

First engineering role after JRS Coding School bootcamp. Promoted from Software Engineer I to II. Full-stack development on Angular/NestJs stack with Azure cloud services.

Key Achievements:

  • Built custom Chrome extensions integrated with CRM tools using RESTful APIs and OAuth 2.0
  • Developed and maintained full-stack features using Angular, NestJs, MongoDB, and Azure Cosmos DB
  • Created Azure Functions with various triggers, reducing infrastructure costs for client workloads
  • Mentored junior developers and coordinated between development and leadership teams

Technologies Used:

AngularNestJsMongoDBAzure Cosmos DBAzure FunctionsTypeScriptNode.jsREST APIsOAuth2.0

Honest Assessment

Skills Breakdown

Not a wall of logos. Three columns: what I'm strong at, what I can ramp on, and what I'm still learning.

Strong

Daily use, production experience, can mentor others

  • TypeScript / JavaScript

    Primary language for 4+ years

  • React & Next.js

    App Router, SSR, streaming, server actions

  • Tailwind CSS

    Design systems, responsive, dark mode, animations

  • Node.js & Express

    REST APIs, middleware, auth flows

  • AWS

    API Gateway, Lambda, S3, RDS, Cognito, IAM, Secrets Manager, Amplify, CDK. Daily at GDNA

  • Git & GitHub

    Branching, PRs, CI/CD, code review

  • Linux CLI

    Daily driver, scripting, server admin

  • Security Fundamentals

    OWASP Top 10, OWASP LLM Top 10, threat modeling, secure coding, SAST/DAST

Moderate

Project experience, can deliver with some ramp-up

  • Python

    Scripting, automation, security tools

  • Angular

    2 years production at Interloop

  • Svelte

    Built production features at Querri

  • Docker

    Containerization, compose, not orchestration

  • MongoDB / Cosmos DB

    Used daily at Interloop for 2 years

  • Supabase

    Auth, database, used at GDNA and TalentAgent

  • Figma

    Translating designs to code at GDNA

  • OpenAI / LangChain

    AI integrations, TalentAgent, portfolio chat

  • Claude

    Daily development accelerator at GDNA

  • Stripe

    Payments integration in TalentAgent

  • Penetration Testing

    Labs, write-ups, tools (Burp, Nmap, Wireshark)

Gaps

Honest about what I'm still learning

  • Kubernetes

    Conceptual understanding, no production use

  • Terraform / IaC

    Exposure through tutorials, not hands-on

  • GraphQL

    Read the spec, minimal implementation

  • System Design at Scale

    Learning patterns, not battle-tested

  • Mobile Development

    React Native awareness, no shipped apps

  • ML / Data Science

    Basic understanding, not a practitioner

Certifications

Industry certifications validating security and engineering fundamentals

GIAC Foundational Cybersecurity Technologies (GFACT) professional certification
Verified

GIAC Foundational Cybersecurity Technologies (GFACT)

SANS Institute
January 2026
CybersecurityNetworkingOperating Systems+3
Introduction to AI professional certification
Verified

Introduction to AI

Google (via Coursera)
2025
Artificial IntelligenceAI ApplicationsData Science
Cybersecurity: System Administration Certificate Program professional certification
Verified

Cybersecurity: System Administration Certificate Program

Purdue University and Ivy Tech
2023
CybersecuritySystem AdministrationNetwork Security+2
Complete Beginner, TryHackMe professional certification
Verified

Complete Beginner, TryHackMe

TryHackMe
2023
CybersecurityNetworkingWeb Security+2
Pre Security, TryHackMe professional certification
Verified

Pre Security, TryHackMe

TryHackMe
2023
Security FundamentalsSecurity ToolsVulnerability Assessment+2

Security Labs

3 completed

Hands-on labs with real packet captures, full analysis, and detailed writeups. Evidence of skill beyond certifications.

Packet AnalysisNetwork ForensicstcpdumpWiresharkIncident ResponseThreat Detection

SEC401 – Network Forensics

Lab 1.1 – tcpdump Traffic Analysis

Solo, Lab

Analyzed PCAP traffic with tcpdump: identified /.env probing, WordPress brute-force with Hydra, and cleartext login parameters visible in the HTTP payload.

tcpdumpdigPCAP analysisCLI
Read full write-up

Lab 1.2 – Wireshark Packet Analysis

Solo, Lab

Investigated a 628K-packet PCAP in Wireshark: used protocol hierarchy and conversation statistics to surface a port-80 scanning pattern from 3.142.238.241, followed an HTTP stream revealing a successful WordPress brute-force login (Hydra, admin/#AlphaInc!), and completed a live-capture exercise extracting an HTTP object from loopback traffic.

WiresharkPCAP analysisDisplay filtersHTTP stream following
Read full write-up

Lab 1.3 - AWS VPC Flow Log Analysis

Solo, Lab

Analyzed 173K VPC flow records across 579 log files: isolated 33,232 attacker flows from 20.106.124.93, determined a 6.5-hour attack window, quantified 265MB exfiltrated on port 8889 and 190MB on port 80, and confirmed the full attack surface (HTTP, SSH, 8889) using PCAP-to-NetFlow conversion with nfpcapd/nfdump.

AWS VPC Flow Logszcatzgrepawk
Read full write-up

Labs are from SANS Cyber Academy.

Portfolio

Selected client and independent work with measurable outcomes

Client Work

Delivered via GDNA, Querri, and direct engagements

NEVA Estudio: Architecture Firm Website (via IberiaTech Solutions)
Featured

NEVA Estudio: Architecture Firm Website (via IberiaTech Solutions)

Problem

Architecture firm needed a professional web presence showcasing their portfolio to attract residential and commercial clients in Asturias.

Solution

Built a bilingual (ES/EN) site with interactive project gallery, service detail modals, and a minimalist design reflecting the studio's architectural aesthetic.

Impact

Professional site live with full internationalization, smooth animations, and a project showcase that highlights 10+ years of architectural work.

Tech
Next.js 15React 19TypeScriptTailwind CSSFramer Motionnext-intl
View LiveView Code

Independent Projects

Side projects and open-source work with live demos and source code

TalentAgent: AI Job Fit Assessment Platform (2026) project screenshot

TalentAgent: AI Job Fit Assessment Platform (2026)

Role: Solo builder: design, full-stack development, AI integration, payments, deployment

Paste any job description and get an honest 0-100 fit score with strengths, gaps, and interview prep. Includes ghost job detection and a job board with AI scores.

Problem: Job seekers waste hours applying to roles that aren't a good fit or are ghost postings.
Approach: Built a full-stack platform with OpenAI for fit scoring, Supabase for data and auth, Stripe for payments, and a job board with pre-scored listings.
Outcome: Live platform that scores fit in 10 seconds, detects ghost jobs, and gives honest 'Don't Apply' signals. Free to use.
Next.js 15SupabaseOpenAIStripeTypeScriptTailwind CSS
View Live
ShopEssentialsHub: Curated Product Recommendation Platform (2025) project screenshot

ShopEssentialsHub: Curated Product Recommendation Platform (2025)

Role: Design, full-stack development, deployment (Vercel)

A modern product curation platform with hand-picked Amazon products, reviews, category filtering, and Editor's Choice. Responsive, SEO-optimized, with affiliate integration.

Problem: Users needed a trusted, curated list of products by category instead of browsing generic storefronts.
Approach: Designed and built the full stack: Next.js app, category and filter UX, Editor's Choice section, and Amazon affiliate integration with SEO and responsive layout.
Outcome: Live site with clear categories, fast load times, and monetization path. Demonstrates full-stack and product-thinking skills.
Next.jsReactTypeScriptTailwind CSS
View LiveView Code
IberiaTech Solutions: Bilingual Business Website (2025) project screenshot

IberiaTech Solutions: Bilingual Business Website (2025)

Role: Design, front-end development, deployment

Modern bilingual (EN/ES) business site with AI features and responsive design. Increased engagement and expanded reach to Spanish-speaking audiences.

Problem: Business needed a professional, bilingual web presence and clearer way to showcase services and reach both English and Spanish markets.
Approach: Designed and implemented the site with i18n, responsive layout, and AI-powered sections. Used Framer Motion for polished interactions.
Outcome: ~40% increase in engagement and expanded reach to Spanish-speaking audiences. Live site used for client acquisition.
Next.js 14React 18TypeScriptTailwind CSSFramer Motion
View LiveView Code
Cursor Rules Hub: AI Community Platform (2025) project screenshot

Cursor Rules Hub: AI Community Platform (2025)

Role: Full-stack development, database design, deployment

Community-driven platform for sharing and discovering AI behavior rules for Cursor Editor. Rule browsing, creation tools, and file-pattern matching.

Problem: Cursor users had no central place to find, share, or version rules; everyone was reinventing the wheel.
Approach: Built a Next.js app with Supabase for storage and auth. Implemented rule CRUD, tagging, and pattern-matching logic so rules can be suggested by file type.
Outcome: Live community site for browsing and contributing rules. Demonstrates full-stack work and understanding of developer tools.
Next.js 14SupabaseTypeScriptTailwind CSS
View LiveView Code
YouTube GPT Creator (2024) project screenshot

YouTube GPT Creator (2024)

Role: Backend, AI integration, scripting/automation

AI-assisted automation for YouTube content workflows using Python and LangChain, reducing manual steps in scripting and planning.

Problem: Content creators spend significant time on scripting, research, and planning before recording.
Approach: Built a Python tool using LangChain to automate research and draft scripts from prompts. Integrated with common content workflows.
Outcome: Roughly 40% reduction in manual effort for script and planning steps. Demonstrates AI/LLM integration and automation.
PythonLangChain
View Code

Fit Check

Would Luis be a good fit?

Paste a job description and get an honest AI assessment of how Luis's experience maps to the role.

0 characters

Testimonials

Client feedback

Dave Ingram, CEO, Querri
Luis at IberiaTech does amazing work. He is a skilled developer and really great to work with.

Dave Ingram

CEO, Querri

Contact

Let's discuss your next project. Reach out via the form below or connect on LinkedIn