Luis AppSec logo Luis[AppSec] Contact
About me

Secure systems. Scalable AppSec. Practical security engineering.

I’m Luis Rodriguez Castro, an Application Security Engineer focused on secure design, threat modeling, code review, cloud security, and building security workflows that support engineering velocity.

View Work
AppSec Secure SDLC, vuln triage, auth reviews, code review
AWS IAM, ECS, Lambda, Terraform, practical cloud controls
Tooling Python, Node.js, CI/CD automation, scanning workflows
appsec-console 
$ whoami
Luis Rodriguez Castro

$ focus --today
- application security engineering
- threat modeling (STRIDE)
- cloud security in AWS
- security tooling & automation
- secure code review

$ philosophy
security should scale
OnePay AppSec AWS CI/CD STRIDE

About

/overview

I work at the intersection of security engineering and software delivery, with a bias toward building practical controls instead of adding friction.

What I doHelp teams ship safer software through secure design reviews, code review, threat modeling, and CI/CD-integrated security automation.
How I thinkSecurity should scale. That means reducing manual work, designing clear controls, and giving developers guidance that is actually actionable.

Core Skills

/capabilities

A practical mix of application security, cloud security, and software engineering.

Application Security
OWASP Top 10Secure Code Review/Web SecurityThreat ModelingSDLC SecurityAuthN/AuthZBurpsuiteSAST/DAST/SCASecurity Tools development & Automation
Cloud & DevSecOps
AWSIAMIACVPC/ECS/EC2/ECRSecurity Groups & NACLsLambdasGithub & GitlabTerraformCloudflare
Programming & Tooling
GoJavaScriptNode.jsReactPythonLinuxNucleiSQL

Selected Work

/projects

Systems designed to make security easier to adopt and harder to ignore.

01 / Workflow

CI/CD Package Vulnerability Management Workflow

Built automation to process security findings, reduce manual triage, and route remediation work more efficiently.

  • Integrated security workflows into CI/CD.
  • Automated issue handling and developer handoff.
  • Improved consistency for vulnerability management.
02 / DAST Scanner

Nuclei Scanning Automation in AWS

Designed scalable scanning workflows using AWS services and automated domain discovery to keep targets fresh.

  • Used ECS-based scanning workflows.
  • Prefetched domain data and updated target inventories.
  • Focused on maintainability and operational scale.
03 / Platform

Vulnerability Management System CLI Tool

Worked on a CLI tool using Go to help security teams manage vulnerabilities, track remediation progress, and generate reports for stakeholders.

  • Built a command-line interface for managing vulnerabilities.
  • Improved visibility into vulnerability reports and tuning.
  • Reduced repeated maintenance across repositories.
04 / Design

Threat Modeling & Secure Design Reviews

Performed STRIDE-based analysis for modern application and tokenization architectures, mapping threats to actionable mitigations.

  • Modeled trust boundaries and data flows.
  • Focused on realistic attack paths and mitigations.
  • Made outputs understandable for engineering teams.

Experience

/timeline

A quick view of the environments where I’ve applied application security, cloud security, and engineering-focused practices.

Current

OnePay — Application Security Engineer

Performed application security efforts with an emphasis on practical controls, architecture review, secure code review, vulnerability management, tool development and secure engineering collaboration.

Earlier

Optimum / Epsilon / FloQast — AppSec & Security Engineering

Built and maintained security tooling, integrated security into CI/CD, performed secure code reviews, validated findings, and supported scalable security processes across engineering teams.

Ongoing

Continuous learning

Expanding into the Cloud with AWS and IAC-based infrastructure, deeper secure design work with threat modeling, exploring low-level security concepts to better understand how to secure complex systems and AI security topics as they evolve.

Contact

/links

I’m interested in Application Security, Cloud Security, Secure Design, Threat Modeling, and building security tools/automation that help engineering teams move with confidence.

GitHub LinkedIn
© Luis Rodriguez Castro. Built for GitHub Pages.