Skip to main content

Luis Lozoya

Security-Focused Software Engineer · Cloud · AI

5+ years building and securing production web apps with React, Next.js, and AWS. GIAC certified (GFACT, GSEC in progress). Currently delivering secure, cloud-native applications and AI integrations for clients across the US and Spain.

AppSecAWSReactNext.jsTypeScriptPython

GIAC GFACT Certified  ·  Pursuing GSEC  ·  US Work Authorized

Resume
Luis Javier Lozoya, Security-Focused Software Engineer

About

Where software engineering meets security

Originally from Spain with a degree in architectural engineering from IE University. After 6+ years in construction project management, I pivoted into software engineering and never looked back. Now a security-focused engineer with deep experience in cloud technologies and application security, recently earning the GIAC GFACT certification through the SANS Institute.

I bring together real-world software engineering experience and formal security training to design and build applications that are secure by design, scalable, and production-ready.

In addition to traditional web development, I work with AI-enabled features, including LLM integrations and automation workflows, always with a security-aware mindset around data handling, access control, and responsible AI usage.

Currently building and securing cloud-native applications at GDNA, with a focus on secure API design, least-privilege IAM, and production-grade AWS architecture. Currently pursuing GIAC GSEC. Always open to interesting conversations.

1st Place, HackOps 2024Judge, HarborHack 2024Speaker, HarborHack 2025

Tech Stack

Technologies I reach for every day, and the broader toolkit I bring to projects.

Core Stack

React
Next.js
TypeScript
Node.js
AWS
Python
PostgreSQL
Tailwind CSS

Also Work With

Security

  • OWASP Top 10
  • OWASP LLM Top 10
  • Threat Modeling
  • Burp Suite
  • OWASP ZAP
  • Secure Coding

Forensics & IR

  • Wireshark
  • tcpdump
  • PCAP Analysis
  • VPC Flow Logs
  • John the Ripper
  • Hashcat
  • exiftool
  • nfdump
  • DLP

Cloud & DevOps

  • Lambda
  • S3
  • Amplify
  • Docker
  • CI/CD
  • Git

AI / Automation

  • LangChain
  • OpenAI API
  • Prompt Engineering

Data & APIs

  • REST APIs
  • GraphQL
  • MongoDB
  • Express

Experience

5+ years across startups, agencies, and independent consulting

GDNA company logo

Software Engineer (Contract)

Current
GDNA
AWS & Cloud Solutions
Apr 2024 to Present
Mount Pleasant, SC

Started translating Figma designs into React/Next.js code. Evolved into owning full application architecture, API design, and database design on AWS.

Key Achievements:

  • Architecting serverless AWS solutions: API Gateway, Lambda, S3, RDS, Cognito, IAM, Secrets Manager, Amplify
  • Designing APIs, front-end architecture, and database schemas for client applications
  • Running weekly client meetings to demo progress and incorporate feedback

Technologies Used:

AWS API GatewayLambdaS3RDSCognitoIAMSecrets ManagerAmplifyReactTypeScriptNext.jsPostgreSQL
IberiaTech Solutions company logo

Founder

IberiaTech Solutions
Web Development & AI Solutions
2024
Charleston, SC

Web development consultancy building production websites for small businesses. Shipped bilingual platforms, e-commerce sites, and business websites using Next.js, React, and Tailwind CSS.

Key Achievements:

  • Built and launched iberiatechsolutions.com (bilingual EN/ES) and shopessentialshub.com
  • Designed and developed production sites for small businesses (commercial interiors, architecture)
  • Full project lifecycle: design, architecture, implementation, deployment

Technologies Used:

Next.jsReactTypeScriptTailwind CSSAWSNode.js
Querri company logo

Software Engineer (Contract)

Querri
Data Analytics & Business Intelligence
Aug 2023 to Apr 2024
Mount Pleasant, SC

Built a client project using Svelte and maintained Querri's HubSpot website with custom code modifications throughout the contract.

Key Achievements:

  • Built a client-facing project using Svelte and FusionAuth
  • Modified and maintained Querri's HubSpot website with custom code
  • Built custom HubSpot CMS modules and templates

Technologies Used:

SvelteHubSpot CMSHTMLCSSJavaScriptFusionAuthAWS
Upstate Nutrition company logo

Software Engineer (Contract)

Upstate Nutrition
E-commerce & Wellness
Jul 2023 to Aug 2023
Remote

Short-term contract to rebuild the company's Shopify storefront. The engagement ended before completion.

Key Achievements:

  • Started rebuilding the Shopify storefront with Liquid templates
  • Gained experience with Shopify's ecosystem and e-commerce development

Technologies Used:

ShopifyLiquidJavaScriptCSSSEOAnalytics
Interloop company logo

Software Engineer

Interloop
Data Analytics & Business Intelligence
Jul 2021 to Jun 2023
Charleston, SC

First engineering role after JRS Coding School bootcamp. Promoted from Software Engineer I to II. Full-stack development on Angular/NestJs stack with Azure cloud services.

Key Achievements:

  • Built custom Chrome extensions integrated with CRM tools using RESTful APIs and OAuth 2.0
  • Developed and maintained full-stack features using Angular, NestJs, MongoDB, and Azure Cosmos DB
  • Created Azure Functions with various triggers, reducing infrastructure costs for client workloads
  • Mentored junior developers and coordinated between development and leadership teams

Technologies Used:

AngularNestJsMongoDBAzure Cosmos DBAzure FunctionsTypeScriptNode.jsREST APIsOAuth2.0

Security Labs

5of 20

Hands-on labs with real packet captures, full analysis, and detailed writeups. Evidence of skill beyond certifications.

Network ForensicsCloud Network ForensicsPassword Management & CryptographyData Security & DLPtcpdumpdigPCAP analysisCLIWiresharkDisplay filters
Network Forensics

Lab 1.1 – tcpdump Traffic Analysis

Analyzed PCAP traffic with tcpdump: identified /.env probing, WordPress brute-force with Hydra, and cleartext login parameters visible in the HTTP payload.

tcpdumpdigPCAP analysisCLI
Read write-up
Network Forensics

Lab 1.2 – Wireshark Packet Analysis

Investigated a 628K-packet PCAP in Wireshark: used protocol hierarchy and conversation statistics to surface a port-80 scanning pattern from 3.142.238.241, followed an HTTP stream revealing a successful WordPress brute-force login (Hydra, admin/#AlphaInc!), and completed a live-capture exercise extracting an HTTP object from loopback traffic.

WiresharkPCAP analysisDisplay filtersHTTP stream following
Read write-up
Cloud Network Forensics

Lab 1.3 - AWS VPC Flow Log Analysis

Analyzed 173K VPC flow records across 579 log files: isolated 33,232 attacker flows from 20.106.124.93, determined a 6.5-hour attack window, quantified 265MB exfiltrated on port 8889 and 190MB on port 80, and confirmed the full attack surface (HTTP, SSH, 8889) using PCAP-to-NetFlow conversion with nfpcapd/nfdump.

AWS VPC Flow Logszcatzgrepawk
Read write-up
Password Management & Cryptography

Lab 2.1 – Password Auditing

Cracked passwords across 4 hash types using John the Ripper and Hashcat: extracted and cracked an Office 2013 encrypted Excel file, an NTLM hash, and Linux crypt hashes using a CeWL wordlist. Demonstrated brute-force infeasibility against SHA-512 with Hashcat, then used John's word-mangling rules to expand 1,552 base words into 4M+ candidates to crack passwords the original wordlist missed.

John the RipperHashcatoffice2johnunshadow
Read write-up
Data Security & DLP

Lab 2.2 - Data Loss Prevention

Scanned removable media for sensitive content using grep keyword matching, extracted document metadata with exiftool revealing author identity and SECRET classification, and geolocated a photo's origin from embedded GPS coordinates.

grepexiftoolEXIF/GPS analysisCLI
Read write-up
Lab Pipeline

SEC401 - Network Security and Cloud Essentials

3/3
Lab 1.1 – tcpdump Traffic Analysis
Lab 1.2 – Wireshark Packet Analysis
Lab 1.3 - AWS VPC Flow Log Analysis

SEC401 - Defense in Depth

2/3
Lab 2.1 – Password Auditing
Lab 2.2 - Data Loss Prevention
Lab 2.3 - Mobile Device Backup Recovery

SEC401 - Vulnerability Management and Response

0/4
Lab 3.1 - Network Discovery
Lab 3.2 - Binary File Analysis and Characterization
Lab 3.3 - Web App Exploitation
Lab 3.4 - SIEM Log Analysis

SEC401 - Data Security Technologies

0/3
Lab 4.1 - Hashing and Cryptographic Validation
Lab 4.2 - Encryption and Decryption
Lab 4.3 - Intrusion Detection and Network Security Monitoring with Snort3 and Zeek

SEC401 - Windows and Azure Security

0/4
Lab 5.1 - Windows Process Exploration
Lab 5.2 - Windows Filesystem Permissions
Lab 5.3 - Applying Windows System Security Policies
Lab 5.4 - Using PowerShell for Speed and Scale

SEC401 - Containers, Linux and Mac Security

0/3
Lab 6.1 - Linux Permissions
Lab 6.2 - Linux Containers
Lab 6.3 - Linux Logging and Auditing

Labs are from SANS Cyber Academy.

Certifications & Education

Industry certifications and academic foundation

GIAC Foundational Cybersecurity Technologies (GFACT) professional certification
Verified

GIAC Foundational Cybersecurity Technologies (GFACT)

SANS Institute
January 2026
CybersecurityNetworkingOperating Systems+3
Introduction to AI professional certification
Verified

Introduction to AI

Google (via Coursera)
2025
Artificial IntelligenceAI ApplicationsData Science
Cybersecurity: System Administration Certificate Program professional certification
Verified

Cybersecurity: System Administration Certificate Program

Purdue University and Ivy Tech
2023
CybersecuritySystem AdministrationNetwork Security+2
Education

Cybersecurity Path - System Administration

Mar 2022 - May 2023
Purdue University NorthwestOnline

Cybersecurity and system administration program covering security fundamentals, network protection, and infrastructure management.

Full Stack Developer

Nov 2019 - Oct 2020
JRS Coding SchoolThe Harbor Entrepreneur Center, Charleston, SC

Intensive full-stack development program. Career pivot from construction to software engineering. Landed first engineering role at Interloop within months of completion.

Arquitecto Tecnico (Bachelor's in Architectural Engineering)

2006 - 2012
IE UniversitySegovia, Spain

Technical architecture degree covering structural engineering, construction management, and building design. Final thesis: design and construction technical drawings for a hospital. Foundation for project management and analytical thinking that carried into software engineering.

Portfolio

Selected client and independent work with measurable outcomes

Client Work

Delivered via GDNA, Querri, and direct engagements

NEVA Estudio: Architecture Firm Website (via IberiaTech Solutions)
Featured

NEVA Estudio: Architecture Firm Website (via IberiaTech Solutions)

Problem

Architecture firm needed a professional web presence showcasing their portfolio to attract residential and commercial clients in Asturias.

Solution

Built a bilingual (ES/EN) site with interactive project gallery, service detail modals, and a minimalist design reflecting the studio's architectural aesthetic.

Impact

Professional site live with full internationalization, smooth animations, and a project showcase that highlights 10+ years of architectural work.

Tech
Next.js 15React 19TypeScriptTailwind CSSFramer Motionnext-intl
View LiveView Code

Independent Projects

Side projects and open-source work with live demos and source code

TalentAgent: AI Job Fit Assessment Platform (2026) project screenshot

TalentAgent: AI Job Fit Assessment Platform (2026)

Role: Solo builder: design, full-stack development, AI integration, payments, deployment

Paste any job description and get an honest 0-100 fit score with strengths, gaps, and interview prep. Includes ghost job detection and a job board with AI scores.

Problem: Job seekers waste hours applying to roles that aren't a good fit or are ghost postings.
Approach: Built a full-stack platform with OpenAI for fit scoring, Supabase for data and auth, Stripe for payments, and a job board with pre-scored listings.
Outcome: Live platform that scores fit in 10 seconds, detects ghost jobs, and gives honest 'Don't Apply' signals. Free to use.
Next.js 15SupabaseOpenAIStripeTypeScriptTailwind CSS
View Live
ShopEssentialsHub: Curated Product Recommendation Platform (2025) project screenshot

ShopEssentialsHub: Curated Product Recommendation Platform (2025)

Role: Design, full-stack development, deployment (Vercel)

A modern product curation platform with hand-picked Amazon products, reviews, category filtering, and Editor's Choice. Responsive, SEO-optimized, with affiliate integration.

Problem: Users needed a trusted, curated list of products by category instead of browsing generic storefronts.
Approach: Designed and built the full stack: Next.js app, category and filter UX, Editor's Choice section, and Amazon affiliate integration with SEO and responsive layout.
Outcome: Live site with clear categories, fast load times, and monetization path. Demonstrates full-stack and product-thinking skills.
Next.jsReactTypeScriptTailwind CSS
View LiveView Code
IberiaTech Solutions: Bilingual Business Website (2025) project screenshot

IberiaTech Solutions: Bilingual Business Website (2025)

Role: Design, front-end development, deployment

Modern bilingual (EN/ES) business site with AI features and responsive design. Increased engagement and expanded reach to Spanish-speaking audiences.

Problem: Business needed a professional, bilingual web presence and clearer way to showcase services and reach both English and Spanish markets.
Approach: Designed and implemented the site with i18n, responsive layout, and AI-powered sections. Used Framer Motion for polished interactions.
Outcome: ~40% increase in engagement and expanded reach to Spanish-speaking audiences. Live site used for client acquisition.
Next.js 14React 18TypeScriptTailwind CSSFramer Motion
View LiveView Code
Cursor Rules Hub: AI Community Platform (2025) project screenshot

Cursor Rules Hub: AI Community Platform (2025)

Role: Full-stack development, database design, deployment

Community-driven platform for sharing and discovering AI behavior rules for Cursor Editor. Rule browsing, creation tools, and file-pattern matching.

Problem: Cursor users had no central place to find, share, or version rules; everyone was reinventing the wheel.
Approach: Built a Next.js app with Supabase for storage and auth. Implemented rule CRUD, tagging, and pattern-matching logic so rules can be suggested by file type.
Outcome: Live community site for browsing and contributing rules. Demonstrates full-stack work and understanding of developer tools.
Next.js 14SupabaseTypeScriptTailwind CSS
View LiveView Code
YouTube GPT Creator (2024) project screenshot

YouTube GPT Creator (2024)

Role: Backend, AI integration, scripting/automation

AI-assisted automation for YouTube content workflows using Python and LangChain, reducing manual steps in scripting and planning.

Problem: Content creators spend significant time on scripting, research, and planning before recording.
Approach: Built a Python tool using LangChain to automate research and draft scripts from prompts. Integrated with common content workflows.
Outcome: Roughly 40% reduction in manual effort for script and planning steps. Demonstrates AI/LLM integration and automation.
PythonLangChain
View Code

Fit Check

Would Luis be a good fit?

Paste a job description and get an honest AI assessment of how Luis's experience maps to the role.

0 characters

Testimonials

Client feedback

Dave Ingram, CEO, Querri
Luis at IberiaTech does amazing work. He is a skilled developer and really great to work with.

Dave Ingram

CEO, Querri

Contact

Let's discuss your next project. Reach out via the form below or connect on LinkedIn