Gabriel Lagos

Cybersecurity Engineer / Application Security / DevSecOps

GMVThub

Jul 2023 - Dec 2025 • 2 yrs 5 mos

• Engineered automated app sec framework for 300+ repos: integrated SAST, DAST, SCA, secret scanning & policies into CI/CD (Jenkins, GitLab, GitHub Actions), cutting manual triage 28%. • Manual review of SAST/DAST/SCA/IaC findings; collaborated with dev teams/managers on impact & remediation; created secure dev docs & best practices. • Led SBOM workflows w/ OWASP Dependency-Track for supply chain visibility (NIST SSDF, EO 14028). • Git forensics on orphaned blobs/commits: remediated 140+ high-risk secrets in enterprise repos. • Built custom detection rules (client reqs + OWASP Top 10), boosting pipeline accuracy/coverage. • On-demand pentesting for critical apps w/ internal teams & clients to mitigate risks. • Managed sec metrics DB: generated KPIs & exec reports on vuln trends & security posture.

Full Stack Developer - Advanced Technologies | Indra

Telefonica Moviles España SA

Feb 2021 - Jun 2023 • 2 yrs 4 mos

Minsait (Indra subsidiary) is a leading digital transformation and IT services company serving banking, government, and telecom sectors across Europe and Latin America. * Developed and maintained enterprise-grade backend systems in highly regulated banking and government environments, adhering to secure SDLC principles, NIST guidelines, and strict change management procedures. * Automated application deployment workflows and operational tasks using Python and Bash scripting, improving team efficiency by 18% and reducing manual intervention in release pipelines. * Gained foundational AppSec awareness as a developer - understanding vulnerability classes, dependency risk, and the developer experience that now informs security-first collaboration in current AppSec role.