Marcos Martín Gutiérrez

Security Engineer

DevSecOps Automation & Security Engineer

I am a creative, enthusiast, flexible and proactive person, willing to learn. I currently work as DevSecOps Automation & Security Engineer in Swisscom within my team where we ensure that every step of the software development life cycle (SDLC) follows security best practices. I finished a Master’s Degree in Cybersecurity at UNIR, where I did my Master's thesis about Hacking WiFi with Telefónica. In addition, I am always improving myself and extend my knowledge in cyber security and ethical hacking.

Work Experience

September 2022 - Present

Swisscom | Rotterdam (The Netherlands)


DevSecOps Automation & Security Engineer

  • Help to find the best solutions as a liaison between the DevOps developers and Security Leadership of Swisscom.
  • Evaluate, test, configure and run innovative security tools/features to be used by more than a thousand developers in a cloud native manner.
  • Support and communicate with development and operations teams about security tooling and automation in diverse projects.
  • Liase on projects covering a wide span of industries and impacting Switzerland as a whole.
  • Enable business managers to know and be able to take on their security responsibilities.
  • Ensure that the business areas know and can fulfill their security responsibilities.
  • Assess the progress of the security work of the business units and ensure that they are constantly improving.
  • Identify and define security measures and ensure their implementation.

July 2021 - September 2022

Aegon | Madrid (Spain)


Application Security Engineer

  • Help the organization to evolve its application security functions and services.
  • Responsible for upholding code reviews across all code platforms.
  • Take charge of bug intake and remediation process for the organization.
  • Provide leadership for application vulnerability scanning and penetration testing remediation.
  • Manage integration with vulnerability check tools such as SAST and DAST tools.
  • Discover security exposures and develop mitigation plans, and also report and fix the technical debt.
  • Work with Aegon's business areas and with other technology areas to identify security requirements and ensure the resilience of business processes.
  • Collaborate on critical IT projects of Aegon Corporación to ensure the implementation of security standards throughout the project life cycle (SDLC).

January 2021 - July 2021

Between Technology | Barcelona (Spain)


Security Analyst

  • Implementation of security (ISO 27001, ENS) on projects under development.
  • Secure data, file integrity, application registry encryption, network access control.
  • Detection of vulnerabilities in the source code (C++, .NET).
  • Security architecture design.
  • Test reports documentation, risk and vulnerability analysis

March 2019 - December 2020

Giesecke+Devrient Mobile Security | Barcelona (Spain)


Test Manager

  • Manage test design, test execution and test analysis.
  • Test cases creation based on technical designs and implementation by using a C++ automation framework.
  • Execution, analysis and bug fixing of test results as well as system behavior reporting.

April 2020 - June 2020

ILUNION Security | Remote (Spain)


Intelligence Service InternShip

  • Implement a search engine in Java using the Twitter4j API.

November 2018 - January 2019

Junta de Castilla y León | Valladolid (Spain)


Information Management Department Internship

  • Monitoring and testing a web application.

Education History

November 2019 - December 2021

UNIR | Barcelona (Spain)


Master’s Degree in Cybersecurity

  • Know the characteristics, functionalities and structure of distributed systems, computer networks and the Internet.
  • Identify the functionalities and structure of the databases.
  • Use the tools necessary for storage, processing and access to information systems.
  • Know the principles, methodologies and life cycles of software engineering.
  • Evaluate person-computer interfaces.
Master's thesis “Telefónica Challenge: Study of the characteristics that affect wireless services in routers”, ElevenPaths

November 2013 - May 2019

Universidad de Valladolid | Valladolid (Spain)



Bachelor’s degree in Telecommunications Engineering (Electronic Systems specialization)

Final thesis: “Remote monitorization (via smartphone) of the oxygen levels in a wine production factory”: Design and production of the electronic system, firmware programming and smartphone application.

Additional Training & Certificates

  • 2021 - Internal Auditor ISO 27001:2013, Information Security Management Systems (UNIR) with TÜV Rheinland Certified Qualification
  • 2021 (40h) - Python Programming Course by UNIR
  • 2021 (40h) - Lead Cybersecurity Professional Certificate - LCSPC™ by CertiProf.
  • 2021 (20h) - Scrum Foundation Professional Certificate by CertiProf.
  • 2021 (20h) - Cyber Security Foundation Professional Certificate - CSFPC™ by CertiProf.
  • 2021 (10h) - Introduction course about Ethical Hacking imparted by Mastermind.
  • 2021 (10h) - Wireless Networks Hacking (WiFi) by Mastermind.
  • 2021 (40h) - Python programming by UNIR.

Mentions & Awards

  • Reto Telefónica (ElevenPaths): “Estudio de las características que afectan a los servicios inalámbricos en routers”
    An analysis of the characteristics of the router that can affect the quality of the WiFi is carried out, that is, different attacks will be performed on the router, looking for vulnerabilities and the behavior of the router is studied in the face of these different attacks, establishing patterns.

  • Patent Request:
    Electronic device and sensor data collection system.

  • Intellectual Property Application:
    Mobile application that analyses and measures in real time the oxygen levels for a wine production factory.

  • Explorer Program ‘Jóvenes con Ideas’ 2019 - Entrepreneurs:
    “IoT Common Sense” project: Explorer ‘Jóvenes con Ideas’ is Banco Santander’s entrepreneurship program that helps to land projects by promoting their market launch.

  • PROMETEO 2019 Award for innovation and development of market-oriented prototypes:
    Electronic system that gathers and sends data remotely from an oxygen sensor for a wine production factory.

  • PROMETEO 2019 Award for innovation and development of market-oriented prototypes:
    Mobile application that analyses and measures in real time the oxygen levels for a wine production factory.

Skills

  • Cyber Security
    SSDLC, SAST, DAST, OPA, Kiuwan, Snyk, Kali Linux, Metasploit, NMAP, ISO 27001, OWASP, BurpSuite, FFUF, Hydra, SQLMap, HTB
  • Coding/Scripting
    C, C++, Groovy, Python, Java, Bash, JavaScript, VB.Net, Perl
  • DevOps
    Jenkins, GIT, Bitbucket, Docker, Kubernetes, Terraform, ELK Stack
  • Agile
    Jira, Scrum, Confluence
  • Other
    Word, Excel, PowerPoint, Adobe Illustrator, Adobe Premiere, VS Code, Notepad++

Language

  • English
Read * * * * -
Written * * * * -
Spoken * * * - -
  • Spanish
Read * * * * *
Written * * * * *
Spoken * * * * *