Daniel López

Security Engineer

About Me

Hello, my name is Daniel López, and I am a Security Engineer with over 6 years of experience working in Security Operations Centers (SOC). Throughout these years, I have been involved in the analysis, containment and remediation of threats for multiple international clients across diverse sectors.

Also, in my spare time, I enjoy coding, building projects, and researching threats (which I often share on my Twitter account @0xDanielLopez). I have a particular fondness for programming in Python & Bash and exploring technologies such as AWS or playing with APIs.

These diverse interests enable me to stay up-to-date with the latest advancements in the field and to be continually learning.




Free feed of Indicators Of Compromise (IOCs) shared at Twitter

TweetFeed collects Indicators of Compromise (IOCs) shared by the infosec community at Twitter. Focused on URLs, domains, IPs and SHA256/MD5 hashes, TweetFeed serves a Free Feed with these data that are constantly shared by researchers at Twitter.

This is a website built mainly with Bootstrap / JavaScript in frontend and Python / Bash in backend.



Free feed of active phishing cases

Website designed to identify and monitor possible active phishing cases. Searches suspicious websites, take a screenshot, grab some details (like IP, hosting provider or certificate) and serves them in a Free Feed.

This is a website built with Django / Bootstrap in frontend and Python / Bash in backend.


Cloud Software Group

Sr. Security Engineer

Oct. 2020 - Present


I am part of the Security Operations Center of Cloud Software Group (formerly Citrix). Our mission is to protect the company from external and internal cyberthreats improving our security posture on a 24/7 service.

Key Responsibilities:

  • Analyzing, containing and remediating all types of cyberthreats (malware infections, mail campaigns, Fraud/Abuse cases, Insider Threat/Data Loss Prevention…)
  • Threat hunting and researching new malware/phishing campaigns providing specific mitigation and recommendation steps based on the investigation
  • Support SIEM and Detection Engineers to fine tune alerts reducing volumetry, improving performance and detection rate

Technologies used in this role:

AWS / Azure (Cloud)Microsoft Defender for Endpoint / Falcon CrowdStrike (EDR)Splunk (SIEM)Cortex XSOAR (SOAR)

Banco Santander

Global SOC Security Analyst

Aug. 2018 - Oct. 2020


Internal employee working at Banco Santander’s Global SOC team providing 24/7 service and on-call rotation to all bank’s entities worldwide.

Key Responsibilities:

  • Perform monitoring, in-depth investigation and mitigation of security incidents
  • Monitor website’s traffic and critical bank SWIFT assets. Follow-up standard operation procedures, playbooks and on-demand analysis of security alerts such as malware, phishing, DDoS or brute force attacks
  • Fraud prevention: manage phishings targeting employees, suspicious emails received by VIP directors, compromised credit cards, mule accounts, stolen corporate devices, data leaks, fake profiles in social media, repositories or apps in unofficial markets

Technologies used in this role:

AWS (Cloud)Falcon CrowdStrike (EDR)Splunk (SIEM)IBM QRadar (SOAR)Cisco Ironport (Proxy)McAfee (IPS)


CyberSOC Security Analyst

Aug. 2017 - Aug. 2018


Security Analyst at Deloitte’s CyberSOC serving as Managed Security Service Provider (MSSP) for several national and international customers.

Key Responsibilities:

  • Conduct initial analysis of alerts from SIEM tools to identify potential security threats
  • Follow playbooks and procedures applying immediate containment and remediation measures to threats as needed
  • Escalate potential incidents to other teams with context and detailed data for further investigation

Technologies used in this role:

Splunk (SIEM)QRadar (SIEM)ArcSight (SIEM)FireEye (IPS)McAfee (ePO)


Universidad de Sevilla

Master's Degree in Telecommunications Engineering

2015 - 2019

During my Master’s Degree in Telecommunications Engineering at University of Seville, I gained a deep understanding of the principles and practices of modern telecommunications networks and systems. Throughout my studies, I was exposed to a wide range of topics including network architectures, signal processing, wireless communications and network security.

Universidad de Sevilla

Bachelor's Degree in Telecommunications Engineering

2011 - 2015

I completed my Bachelor’s Degree in Telecommunications Engineering at University of Seville, where I gained a comprehensive understanding of the fundamental principles and practices of telecommunications engineering as well as developed my computer science and programming skills.

Certifications and Courses

  • GIAC Security Essentials (GSEC) / SANS SEC401 [badge]
  • MITRE ATT&CK Defender™ - Fundamentals Badge Training [badge]
  • MITRE ATT&CK Defender™ - Cyber Threat Intelligence Certification Training [badge]
  • MITRE ATT&CK Defender™ - SOC Assessments Certification Training [badge]
  • Security Engineering on AWS [badge]
  • Architecting on AWS – Accelerator [badge]
  • ITIL Foundation [badge]
  • Scrum Foundation Professional Certificate [badge]

At News / Media

  • Telenotícies migdia - 12/04/2023 [TV3 - midday TV news (~32.15)]
  • Telenotícies migdia - 02/06/2023 [TV3 - midday TV news (~27:48)]
  • Se ofrece ciberataque gratis en Telegram: el nuevo anzuelo de los robos ‘online’ [elconfidencial.com]
  • Siguen las campañas de phishing suplantando a la Agencia Tributaria, ahora también por SMS [ESET blog]
  • Están suplantando la web de Correos con kits vendidos en Telegram que usan sus bots para recopilar contraseñas. Y hay muchos kits así [genbeta.com]
  • Así pueden estafarte con la declaración de la Renta [elcorreo.com]
  • Telegram abre paso a la venta de kits para suplantar webs como la de Correos a través de bots [mundodeportivo.com]
  • phishunt.io, cazando phishings [derechodelared.com]
  • Suplantan la identidad de tenistas como Rafa Nadal para incentivar la descarga de vídeos con malware [20minutos.es]
  • El ciberataque vía Youtube que ha suplantado a Nadal o a Djokovic durante Wimbledon [escudodigital.com]
  • Continuan los SMS con falsos envíos de FedEx: cómo identificarlos y eliminar esta amenaza [ESET blog]
  • FedexBanker: El nuevo troyano bancario para Android que utiliza tus paquetes para robarte las credenciales [hispasec.com]
  • Los timos con criptomonedas que usan imágenes de famosos continúan muy activos [ESET Blog]
  • How does a modded crypto wallet steal credentials of an user? [@themalwarebug - medium.com]
  • Aplicación maliciosa para Android se hace pasar por una versión de la cartera de criptomonedas MetaMask [ESET Blog]
  • Best Cyber Threat Intelligence Feeds [silentpush.com]

A Little More About Me