Skip to content
am
FR
Open to DevSecOps & Platform Security roles · Graduating Aug 2026

DevSecOps · Cloud Security · Platform Engineering

I build cloud platforms — then break them before attackers can.

DevSecOps engineer wiring security and automation into CI/CD — container and supply-chain scanning, Kubernetes, Terraform and GCP — backed by a master-level security background and hands-on offensive practice (pentesting, CTF).

View work Get in touch View CV
GitHub LinkedIn arthaudmorin@gmail.com
arthaud@portfolio: ~

$ whoami

arthaud morin · devsecops engineer

$ cat focus.txt

build ci/cd · kubernetes · terraform · gcp

break pentest · ctf · threat modeling

$ status --availability

open · devsecops & platform-security roles

about

About

DevSecOps engineer focused on building and securing cloud-native platforms end to end — embedding automated security into CI/CD across Kubernetes, Terraform and GCP. I combine hands-on platform engineering with a master-level information-security background and active offensive-security practice (pentesting, CTF), so I can both ship reliable infrastructure and break it before someone else does.

Based in
Montreal, QC, Canada
Work status
Eligible to work in Canada (PGWP)
Focus
Cloud-native security & CI/CD automation
Currently
DevSecOps Engineer (Intern) @ NOMADIS
Path so far
France → Colombia → Canada
experience

Experience

  1. DevSecOps Engineer (Intern) · NOMADIS

    Until May 2026 · Canada
    • Rolled out Trivy SCA and container scanning into GitLab CI across 200 repositories, establishing automated supply-chain vulnerability gating org-wide and surfacing 1,000+ high/critical findings for remediation triage.
    • Migrated the Selenium Hub test environment from GitLab runners to a Kubernetes cluster, offloading ≈2,700 CI minutes/month (≈45 h of daily test runs) from billed shared runners.
    • Cut QA storage costs by routing test artifacts to Google Cloud Storage and automating precise video indexing with a PowerShell script.
    • Migrated monitoring for ≈80 endpoints to Uptime Robot using Terraform (IaC), with automated Slack alerting.
    • Monitored GCP infrastructure continuously and triaged daily security alerts.

  2. Web Server Security Consultant (Freelance) · Venezance

    2025 · France
    • Secured client web infrastructure (Apache2 + Cloudflare) through WAF implementation, TLS hardening and malicious-request filtering.
    • Conducted targeted penetration tests on applications and servers to identify and remediate vulnerabilities.
    • Reduced the attack surface by closing unnecessary ports, hardening firewalls and structuring an IAM-style access-management system (roles, privileges, admin accounts).

  3. API Integration Developer (Intern) · GoTo

    May 2024 – Aug 2024 · Canada
    • Automated integrations across internal and external REST APIs secured with OAuth2 and JWT.
    • Used Swagger for API documentation and Splunk to analyze high-volume request flows.
    • Contributed to code reviews and fixed a critical integration bug, adhering to company security and quality standards.

  4. Web Developer / DevOps (Intern) · A-qui-s

    Sep 2023 – Dec 2023 · France
    • Migrated internal applications to Docker containers, ensuring portability and environment consistency.
    • Built CI/CD pipelines and managed secrets in GitLab to enable reliable, secure deployments.
    • Enhanced an internal QA tool (SQL, PHP, Vue.js) with new dashboards used weekly by the production team.

  5. Scout Leader (Volunteer) · Scouts — France & Canada

    2017 – 2024
    • Led and supervised groups of 25 young people aged 7–17, and organized a self-funded trip to Denmark (logistics, fundraising, transport, budget).
    • Made decisions under pressure and adapted quickly to unforeseen events in high-stress contexts.
projects

Projects

SABSA Security Architecture for Fintech

2025

Enterprise security architecture

  • SABSA
  • NIST SP 800-30
  • COBIT
  • Risk Management
  • BPMN
  • Applied the SABSA methodology to design a complete security architecture for a fintech serving 2M users.
  • Conducted IT risk analysis based on NIST SP 800-30r1 and identified priority threats.
  • Defined security policies, organizational models and BPMN processes aligned with business objectives.
  • Developed logical and physical layers: COBIT controls, access management, privilege schemas and network infrastructure.

SecureCloudApp

2025

Cloud-native web application

  • GCP
  • Docker
  • IAM
  • Cloud Armor
  • Cloud SQL
  • Designed, deployed and configured a web application on GCP with a secure, scalable architecture.
  • Implemented IAM, firewall rules and access-control policies based on least privilege.
  • Deployed Docker-containerized backend microservices integrated with Cloud SQL and Cloud Storage.
  • Applied layered protections: Cloud Armor, encryption in transit and at rest, and Web Security Scanner.

Capture The Flag (CTF) Competitions

2025

Offensive security

  • Web Security
  • Steganography
  • Binary Exploitation
  • Burp Suite
  • Kali
  • Competed in AtHack, UnitedCTF and HackFest CTF (Quebec); finished 32nd of 120 teams (top 27%) at AtHack, focused mainly on web security.
  • Solved web challenges (injection, XSS, auth bypass, misconfiguration) plus steganography and binary-exploitation tasks.
  • Used Kali Linux, Burp Suite, CyberChef and custom scripts.
skills

Skills

DevSecOps, IaC & Observability

  • Terraform
  • Kubernetes
  • Helm
  • Docker
  • Argo CD
  • Octopus Deploy
  • GitLab CI
  • Sumo Logic
  • Splunk
  • Bash

Cloud & Network

  • Google Cloud Platform
  • IAM
  • Cloud Armor
  • GKE
  • Cloudflare
  • Azure
  • AWS

Security

  • Threat Modeling
  • SABSA
  • NIST 800-30
  • OWASP Top 10 / ASVS
  • OAuth2 / JWT
  • SonarQube
  • OWASP ZAP
  • Burp Suite
  • CrowdStrike
  • Linux Hardening

Languages & Frameworks

  • JavaScript / Node.js
  • Java
  • PHP
  • SQL
  • React
  • Vue.js
  • Puppeteer

Methods & Quality

  • Secure CI/CD
  • Code Reviews
  • Automation
  • Technical Documentation
education

Education

Bachelor of Information Technology Engineering

Sep 2022 – Present

École de technologie supérieure · Montreal, Canada Expected Aug 2026

Software Security, Software Design, DevOps

Academic Exchange — Master in Information Security

Jan 2025 – Jun 2025

Universidad de los Andes · Bogota, Colombia

Cloud Security, Network Security, Security Architecture

University Diploma in Computer Technology

Sep 2020 – Jun 2022

IUT Lyon 1 · France

Networks, Databases, Software & Web Development, Operating Systems

Academic Exchange — College Diploma in Computer Science

Jan 2022 – Jun 2022

Cégep de Matane · Canada

Securing Apache2 Web Servers, Cloud, Web Application Development

contact

Contact

Let's talk.

I'm open to DevSecOps, platform-security and cloud-security roles. The fastest way to reach me is email — I read everything and reply quickly.

arthaudmorin@gmail.com View CV