Carlos Astrada
Washington, DC Metro, US
carlos-astrada
deduced

Security Architect specializing in AWS cloud security and compliance frameworks for high-growth startups and regulated industries. Expert in building SOC2/PCI-compliant infrastructure, remediating critical vulnerabilities, and implementing automated security controls. Currently pursuing MSCS at Georgia Tech with focus on ML/AI security applications. Bilingual (English/Spanish) technical leader with 15+ years securing distributed systems across US and Latin American markets.

Experience

Principal Security Architect
February 2022
 — 
Present
Xagax Solutions
  • Secured 10+ AWS production environments across startup and enterprise clients, implementing GuardDuty, Security Hub, WAF, and CloudTrail monitoring.
  • Conducted CIS v8 security assessments across 300+ controls, identifying and remediating 50+ critical vulnerabilities including exposed RDS instances, unrestricted security groups, and publicly accessible S3 buckets.
  • Led 3 SOC2 Type II audit cycles (2 renewals, 1 in progress), implementing automated compliance monitoring and evidence collection frameworks.
  • Improved client security posture 56% above industry average for Intraway (telecom, 300+ employees): maturity score 25 vs industry baseline 16.
  • Designed AWS security architecture using Infrastructure-as-Code (Terraform/CloudFormation), implementing least-privilege IAM policies, VPC hardening, and encryption at rest/transit.
Head of Engineering & Security
April 2020
 — 
May 2022
Meteor Fantasy
  • Architected security controls for regulated gaming platform, passing multi-state Gaming Commission audits requiring 100% financial transaction integrity and tamper-evident audit logging.
  • Built event-driven architecture (Node.js/AWS Lambda/EventBridge/DynamoDB) handling real-time financial wagers with zero state discrepancies and 99.9%+ uptime.
  • Implemented comprehensive security monitoring and audit logging infrastructure meeting Gaming Commission regulatory requirements for data integrity and non-repudiation.
VP of Engineering
April 2014
 — 
March 2020
Meteor Affinity, Inc
  • Architected AWS-based event-driven billing system handling enterprise-scale transactions for NASCAR partnership, maintaining PCI compliance and strict SLAs.
  • Built predictive analytics platform reducing operational costs 80% ($100k→$20k monthly) through ML-driven forecasting and automated workflows.
  • Designed high-availability e-commerce infrastructure serving 100k+ members with zero downtime during major events, implementing CDN, auto-scaling, and disaster recovery.
Technical Director
September 2007
 — 
February 2011
Ecommerce Techs
  • Built PCI-compliant e-commerce platforms for enterprise clients, implementing secure payment processing and encrypted customer data protection.
  • Architected distributed security infrastructure across 6 countries for 27-person engineering team, establishing security standards and remote access protocols.
Research Associate
March 2003
 — 
October 2008
The George Washington University
  • Built Drupal-based web platform for Center for Equity and Excellence in Education, implementing secure content management and data visualization for educational research.
  • Developed JavaScript framework for analyzing complex ESL accommodations datasets, enabling researchers to explore multidimensional data relationships.
  • Managed all IT infrastructure including Linux DNS servers, Windows file servers, network security (firewalls, VLANs), and physical network architecture.

Education

Georgia Institute of Technology
January 2026
 — 
Present
Master of Science in Computer Science (AI/ML Specialization)
Hack Reactor
January 2018
 — 
January 2018
Advanced Software Engineering Immersive in Software Engineering
University of Maryland
January 1996
 — 
January 2000
Bachelor of Science - Management Information Systems

Languages

English:
Native
Spanish:
Native
Portuguese:
Professional Working Proficiency

Skills

Cloud Security Architecture:
AWS Security Hub / GuardDuty / Config, IAM / Security Groups / VPC, CloudTrail / CloudWatch / EventBridge, WAF / Shield / Secrets Manager, Infrastructure as Code (Terraform / CloudFormation), Container Security (ECS / ECR)
Compliance & Governance:
SOC2 Type II, PCI-DSS, CIS Controls v8, Gaming Commission Regulations, Audit Logging & Evidence Collection, Risk Assessment & Remediation
Security Engineering:
Vulnerability Assessment & Remediation, Security Monitoring & Incident Response, EDR / SIEM (CrowdStrike, Splunk), DevSecOps / CI/CD Security, Threat Modeling, Zero Trust Architecture
Technical Stack:
Node.js / Python, React / TypeScript, AWS Lambda / DynamoDB / RDS, PostgreSQL / Redis, Event-Driven Architecture