Security Engineer · Cloud · Risk · DevSecOps

Securing Kubernetes & Cloud Platforms at Scale

I build practical, automated security solutions that integrate seamlessly into engineering workflows — from Kubernetes hardening to IAM compliance automation.

With 4+ years at Walmart Global Tech, I work at the intersection of DevOps and security, helping teams ship fast without compromising resilience. I specialize in securing cloud-native systems across Azure and GCP, reducing risk while improving developer experience.

▶ View My Projects Let's Connect →
4+
Years in DevSecOps
3
Cloud Platforms Secured
7
Security Projects Shipped
↓ IR
Incident Response Time
Technical Stack
01

Platform + Security Depth

Container & Orchestration
Kubernetes Docker Helm Pod Security OPA/Gatekeeper Network Policies
Cloud Platforms
Azure GCP AWS IAM Azure AD Cloud Armor GKE / AKS
🔐
Secrets & Identity
HashiCorp Vault Akeyless RBAC Service Accounts Workload Identity
🔍
Threat Detection & IR
SIEM Splunk IDS/IPS Incident Response Digital Forensics SOC Collaboration Threat Hunting Penetration Testing
🛡
Vulnerability Management
Snyk CVE Analysis CIS Benchmarks SAST/DAST
Automation & IaC
Terraform CI/CD Security GitHub Actions SOAR Python Go Bash Policy-as-Code
Career Highlights
02
Multi-Cloud Kubernetes Security
Secured enterprise Kubernetes platforms across Azure (AKS) and GCP (GKE), implementing pod security policies, network segmentation, and RBAC frameworks at Walmart scale.
Reduced Incident Response Time
Collaborated with SOC to identify and eliminate credential exposure patterns across services, directly reducing mean time to detect and respond to security incidents in production.
IAM Compliance Automation
Built automated systems to continuously audit IAM policies against compliance baselines, replacing manual review cycles and surfacing drift in near real-time.
📘
Security Runbooks & Training
Developed security runbooks and training programs adopted across engineering teams, translating complex security concepts into practical, repeatable workflows for developers.
Explore Projects →
Writing
03
AWS · SIEM · Detection Engineering
Building a Cloud SIEM from Scratch with AWS Lambda and EventBridge
A hands-on walkthrough of building a functional cloud SIEM pipeline using AWS-native tooling — Lambda, EventBridge, and more.
More on dev.to →
Case Studies
03

Security Projects at Enterprise Scale

Click any project to expand the full technical breakdown, implementation, and measured impact.

01 Kubernetes Multi-Cloud
Kubernetes Platform Hardening
Secured enterprise-grade Kubernetes clusters across Azure AKS and GCP GKE — covering secrets management, access control, network policy, and runtime security at Walmart scale.
+
Challenge
Developers were manually managing secret refresh logic in config files and sidecars — inconsistent, error-prone, and a persistent security risk across Tier 0/1 Kubernetes services on Azure AKS and GCP GKE.
What I Did
  • Installed and maintained Vault Auth Controller — standardized secret auth and dynamic retrieval at runtime, eliminating manual refresh logic and pod restarts for credential updates
  • Replaced plaintext credential references in Kubernetes manifests with secret store references, enforcing runtime secret retrieval through a centralized secrets manager
  • Implemented OPA/Gatekeeper admission policies (no privileged containers, host path mounts, or root execution) and namespace-scoped RBAC to replace cluster-admin bindings
  • Enforced NetworkPolicies for east-west traffic segmentation; collaborated with platform and security teams to drive adoption across Tier 0/1 services
Key Outcomes
↓40%
Secrets-related incidents
1000+
Services adopted Auth Controller
0
Plaintext secrets in manifests
T0/T1
Coverage across critical service tiers
Skills Demonstrated
  • Secrets lifecycle management and secure-by-default platform design
  • Policy-as-code with OPA/Gatekeeper for admission control
  • Multi-cloud Kubernetes security (AKS + GKE)
  • Cross-team coordination with platform and security teams
Relevant Tools
Kubernetes HashiCorp Vault OPA / Gatekeeper Azure AKS GCP GKE
02 Automation IAM
IAM Compliance Automation System
Built a continuous IAM compliance engine that replaced manual policy reviews with automated drift detection and alerting across cloud environments.
+
Challenge
Manual IAM audits were slow and periodic — weeks could pass before over-permissioned service accounts were caught, creating a persistent compliance gap across cloud environments.
What I Did
  • Built a continuous policy evaluation pipeline that compares live IAM state against defined baselines using cloud infrastructure APIs
  • Defined compliance rules as code — covering service account scopes, unused permissions, cross-project access, and stale role bindings
  • Integrated drift alerts into existing SIEM so violations surfaced directly in SOC workflows
  • Produced CIS Benchmark-aligned compliance reports to support audit cycles with auditable evidence
Key Outcomes
↓80%
Manual audit overhead
RT
Real-time drift detection
CIS
Benchmark-aligned reporting
Continuous vs manual
Skills Demonstrated
  • Policy-as-code design for IAM compliance
  • Cloud API integration for real-time state evaluation
  • SIEM integration for security team operability
  • Compliance frameworks (CIS Benchmarks)
Relevant Tools
Azure AD GCP IAM Python SIEM Terraform CIS Benchmarks
03 Container Security Pipeline
Docker Image Vulnerability Scanning Pipeline
Integrated automated vulnerability scanning into the CI/CD pipeline so teams catch critical container CVEs before they reach production — not after.
+
Challenge
Container images were deployed without systematic vulnerability checks — no visibility into production CVEs and no early feedback loop for developers.
What I Did
  • Integrated Snyk as a mandatory CI/CD gate — builds fail on critical/high CVEs, with environment-specific thresholds (strict in prod, advisory in dev)
  • Built a CVE triage workflow delivering actionable output (package, version, fix version) instead of raw scanner dumps
  • Implemented base image governance with an approved registry of hardened images, flagging unapproved usage in PRs
  • Integrated findings into the vulnerability management backlog, tracked by service owner with SLA targets
Key Outcomes
Shift↑
Vulns caught in CI, not prod
SLA
CVE remediation tracked
Critical CVEs in prod
DX
Dev-friendly scan output
Skills Demonstrated
  • CI/CD security integration (shift-left security)
  • Container vulnerability analysis and triage
  • Developer experience design for security tooling
  • Vulnerability management program design
Relevant Tools
Snyk GitHub Actions Docker Jenkins
04 Enablement IR
Security Runbooks + Engineering Training Program
Translated complex security requirements into practical runbooks and hands-on training — improving secure coding practices and incident response speed across engineering teams.
+
Challenge
Incidents took longer to resolve because engineers lacked clear playbooks, and repeated misconfigurations showed that security requirements weren't translating into developer practice.
What I Did
  • Authored IR runbooks for cloud-specific threats — credential exposure, IAM privilege escalation, compromised service accounts, and misconfigured storage
  • Built training modules tied to real codebase examples covering Kubernetes security, secrets hygiene, and container hardening
  • Created secure-by-default Helm and Terraform templates to prevent misconfigurations at the source
  • Partnered with SOC to align runbook steps with detection tooling, ensuring engineer actions don't interfere with forensic evidence collection
Key Outcomes
↓ IR
Faster incident containment
Teams
Adopted across eng orgs
Recurring misconfigs
SOC
Aligned response workflows
Skills Demonstrated
  • Incident response program design
  • Security enablement and developer education
  • SOC collaboration and cross-functional alignment
  • Secure infrastructure templates (Helm, Terraform)
Relevant Tools
Confluence Splunk Helm Terraform SIEM SOC Tooling
05 Automation CVE Management
MCP-Compliant Vulnerability Server
Built and deployed an MCP-compliant server to automate CVE lookups and component risk queries — cutting manual security analysis time by 40% and accelerating remediation timelines.
+
Challenge
Manual vulnerability triage in CI/CD wasn't scaling — findings were noisy, enforcement was inconsistent, and there was no standard model tied to actual risk level.
What I Did
  • Built an MCP-compliant service to automate CVE queries and component risk scoring, integrated with SonarQube for early, consistent SDLC findings
  • Collaborated with DevOps and security teams to define risk-based enforcement: warnings for low-risk, code-gating for medium/severe — intentional, not blanket blocking
  • Aligned service output with Walmart's MCP compliance framework, making findings auditable and standards-traceable
Key Outcomes
↓40%
Code gating tickets reduced
Shift↑
Vulns caught earlier in SDLC
↑ DX
Developer velocity maintained
MCP
Compliance framework aligned
Skills Demonstrated
  • Risk-based security enforcement design (intentional, not blanket)
  • Cross-team collaboration (DevOps + security) to define policy
  • CI/CD pipeline security integration
  • MCP compliance framework alignment
Relevant Tools
SonarQube MCP Python CI/CD CVE Automation GitHub Actions
06 Visibility Vuln Management
Vulnerability Status Tracker Dashboard
Designed and built an internal dashboard giving teams full visibility into open CVEs, remediation progress, SLA adherence, and ownership — enabling proactive prioritization across Walmart's production clusters.
+
Challenge
Vulnerability remediation across the WCNP org was fragmented. CVEs existed but ownership, SLA status, and prioritization weren't clearly visible — teams couldn't easily answer "what needs to be fixed, by whom, by when."
What I Did
  • Designed and owned the full dashboard — integrated with Walmart's internal vulnerability store via secure APIs, with credentials managed through Akeyless
  • Built backend filtering by service ownership so developers, platform admins, and leadership each see relevant risk without noise
  • Implemented a cron-based ingestion pipeline to normalize CVE data into a database, keeping data fresh without heavy real-time API load
  • Surfaced severity, affected components, remediation guidance, ownership, and SLA deadlines in a unified view — directly influencing prioritization decisions
Key Outcomes
↓30%
Faster remediation speed
3x
Audiences served (devs, admins, leadership)
SLA
Proactive deadline tracking
Leadership risk visibility
Skills Demonstrated
  • End-to-end ownership of internal security tooling
  • Secure API integration and credential management (Akeyless)
  • Data pipeline design (cron ingestion, normalization, database backing)
  • Multi-stakeholder product thinking across engineering and leadership
Relevant Tools
Akeyless Python Internal Vuln APIs Cron Pipeline Kubernetes Dashboard UI
07 React / Go Incident Response
Incident Management Dashboard (React + Go + Slack)
Led design and development of an internal incident dashboard with Slack integration — providing real-time visibility, escalation paths, and RCA tracking that reduced MTTR for production-impacting events.
+
Challenge
IR was slowed by fragmentation — communication scattered across Slack threads, unclear ownership, and inconsistent RCAs all increased MTTR during production events.
What I Did
  • Led design and development of a React + Go incident dashboard — first time owning a full-stack project end-to-end, coordinating design decisions and delivery with the SRE team
  • Built Slack integration for automated incident creation, live status pushes, escalation pings, and RCA summaries to relevant channels
  • Designed escalation path logic so on-call engineers always had clear ownership and next steps during active incidents
  • Built post-incident RCA workflow capturing timeline, contributing factors, and remediation steps
Key Outcomes
↓10%
MTTR for production incidents
RT
Real-time visibility for all stakeholders
RCA
Structured post-incident docs
SRE
Cross-team delivery with SRE org
Skills Demonstrated
  • Full-stack engineering leadership (React + Go) end-to-end
  • Cross-functional delivery with SRE team
  • Incident response workflow and escalation design
  • Slack API integration for real-time operational communication
Relevant Tools
React Go Slack API Incident Management REST API
About
04

Security Engineer.
DevOps Origin.

I started my career in DevOps, but quickly realized that security isn't just a requirement — it's what enables everything else to work safely at scale.

At Walmart Global Tech, I've spent the past 4+ years working at the intersection of development and security, supporting Kubernetes platforms across Azure and GCP. My focus has been simple: make security practical enough that engineering teams actually adopt it.

I've worked on everything from vulnerability scanning pipelines for Docker images to IAM compliance automation and secrets management for Kubernetes clusters. Along the way, I've improved incident response times in production environments through automation and proactive alerting — and partnered closely with SOC teams to reduce credential and data exposure risks.

"Security only works when it's embedded, automated, and aligned with how engineers actually build systems."

What I enjoy most is simplifying complex security problems. Whether it's designing secure-by-default systems, automating security workflows, or building tooling that teams actually adopt, I aim to make secure practices easy to follow and hard to ignore.

Outside of work, I'm pursuing a Master's in Cybersecurity at NYU and running hands-on SOC and forensics labs, experimenting with SIEM tools, vulnerability research, and security automation.

Experience
May 2025 — Present
Risk Expert · Technical Controls Assessment
Walmart Global Tech
Security control evaluation, penetration testing, and vulnerability assessments across Walmart's enterprise systems. Assessing control effectiveness against security policies and standards, with added depth in cloud and container environments.
Nov 2023 — May 2025
Software Engineer III · Walmart Cloud Native Platform
Walmart Global Tech
Cloud security, Kubernetes platform hardening, IAM automation, vulnerability management, and security enablement across Azure & GCP. Promoted to Senior Software Engineer before transitioning to TCA.
2022 — Nov 2023
Software Engineer II · Walmart Cloud Native Platform
Walmart Global Tech
Incident response support, automated response workflows, playbook authoring, and MTTR improvement initiatives across cloud security operations.
In Progress
M.S. Cybersecurity
New York University (NYU)
SOC operations, digital forensics, SIEM tooling, vulnerability research, security automation. Hands-on lab curriculum.
Current Focus
Role Target Senior Cloud Security Engineer / DevSecOps Engineer / SOC Engineer / Detection Engineer
Domain Enterprise Cloud Security, Platform Security, Security Engineering, Incident Response, Security Controls Assessment, Risk Management
Education M.S. Cybersecurity — NYU (In Progress)
Platform Expertise
Azure AKS, Azure AD, Key Vault, Cloud Defender
GCP GKE, Cloud IAM, Secret Manager, Security Command Center
AWS IAM, CloudTrail, CloudWatch, GuardDuty, KMS, Security Hub, Inspector
Kubernetes Secrets, RBAC, NetworkPolicy, OPA, Admission Controllers
What I Bring
Security depth with DevOps fluency — speaks both languages
Proven at enterprise scale (Walmart: 1.6M+ employees)
Translates security requirements into developer-friendly systems
Multi-cloud (Azure + GCP + AWS) with Kubernetes specialization
Risk assessment and control evaluation across enterprise security programs
Get In Touch →
Contact
05

Let's Connect

I'm always open to conversations with people working on interesting security problems — whether that's cloud security, incident response, or just the craft of building secure systems. Feel free to reach out.

Email Use the form to send me a message →
in
LinkedIn linkedin.com/in/ant-lopezz
GitHub github.com/antonio-1313
● Roles I'm Interested In
Senior Cloud Security Engineer · DevSecOps Engineer
Platform Security Engineer · SOC Engineer
Digital Forensics / Incident Response Engineer
SecEngineering roles at Enterprise or high-growth tech companies