🛡️ Application Security Engineer

Secure systems.
Scalable AppSec.
Built for engineering teams.

I’m Luis Rodriguez Castro, an AppSec engineer focused on building scalable security systems, automating vulnerability management, and helping teams ship secure software without slowing down.

View Projects Contact Me GitHub LinkedIn
AppSec Secure Code review, Secure SDLC, SAST, DAST and more...
AWS + Cloud Threat modeling, IAM, CI/CD, Lambda, ECS, Terraform
Security Tooling Go, Node.js, Python, automation, scanning workflows, vulnerability management

About me

I work at the intersection of software engineering and security, with a bias toward building useful things instead of just filing tickets.

What I do

I help teams ship safer software through secure architecture reviews, source code review, vulnerability validation, threat modeling, and CI/CD-integrated security automation.

How I think

I care about security that scales. That usually means reducing manual work, designing clear controls, and giving developers guardrails that are easy to adopt.

What I enjoy

AppSec, offensive security, low-level security, threat modeling, secure tooling, cloud architecture, and learning how systems actually work under the hood.

Core skills

A practical mix of security engineering, software development, and cloud knowledge.

Application Security

OWASP Top Secure Code Review Threat Modeling Vulnerability Management CSP WAF SAST, DAS Secure Code Review in JS, Go, C# & Java Web Security Web Assessment & Reporting

Cloud & DevSecOps

AWS IAM Lambda ECS S3 GitHub & Gitlab Terraform

Programming

Python JavaScript Node.js React SQL Go

On the Job Work I've Done

Project 01

CI/CD Package Vulnerability Management Workflow

Built automation to process security findings, reduce manual triage, and route remediation work more efficiently.

  • Integrated security workflows into CI/CD.
  • Automated issue handling and developer handoff.
  • Improved consistency for vulnerability management.
Project 02

Nuclei Scanning Automation in AWS

Designed scalable scanning workflows using AWS services and automated domain discovery to keep targets fresh.

  • Used ECS-based scanning workflows.
  • Prefetched domain data and updated target inventories.
  • Focused on maintainability and operational scale.
Project 03

Vulnerability Management System CLI Tool

Worked on a CLI tool using Go to help security teams manage vulnerabilities, track remediation progress, and generate reports for stakeholders.

  • Built a command-line interface for managing vulnerabilities.
  • Improved visibility into vulnerability reports and tuning.
  • Reduced repeated maintenance across repositories.
Project 04

Threat Modeling & Secure Design Reviews

Performed STRIDE-based analysis for modern application and tokenization architectures, mapping threats to actionable mitigations.

  • Modeled trust boundaries and data flows.
  • Focused on realistic attack paths and mitigations.
  • Made outputs understandable for engineering teams.

Experience highlights

Recent

OnePay — Application Security Engineer

Performed application security efforts with an emphasis on practical controls, architecture review, secure code review, vulnerability management, tool development and secure engineering collaboration.

Earlier

AppSec Engineering & Internal Security Tooling

Built and maintained security tooling in Python, Node.js and Go, performed source code reviews, validated findings, and contributed to scalable security processes across engineering teams.

Ongoing

Continuous learning

Expanding into the Cloud with AWS and IAC-based infrastructure, deeper secure design work with threat modeling, exploring low-level security concepts to better understand how to secure complex systems and AI security topics as they evolve.

Let’s connect

I’m interested in AppSec, security engineering, cloud security, threat modeling, and building tools that make security easier to adopt.

GitHub LinkedIn
© Luis Rodriguez Castro. Built for GitHub Pages.