Lu𝑖s Puig

Senior Security Consultant at NCC Group

Barcelona, Catalonia, Spain
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Luís Puig is a Senior Security Consultant based in Barcelona with six years of hands-on experience across pentesting, SOC operations, cloud and hybrid environments. He has progressed through technical roles at NCC Group after earlier work in pentesting and SOC teams, bringing practical expertise in API, web, Android and infrastructure assessments following OWASP methodologies and PCI-DSS requirements. Comfortable with both offensive testing and developer-facing security training, he pairs deep technical auditing skills with the ability to communicate remediation to engineering teams. An active open-source contributor, he implemented verb tampering, header manipulation and 403-bypass techniques in a Go-based HTTP bypasser, reflecting a focus on pragmatic vulnerability research for bug bounty and enterprise testing. Trained academically with a master’s in information security and a telecom engineering background, he blends formal security theory with real-world incident response and cloud-native (Kubernetes) experience. Colleagues describe him as a meticulous tester who often surfaces non-obvious bypasses and edge-case attack paths that improve overall resilience.
code6 years of coding experience
job3 years of employment as a software developer
bookUOC (Universitat Oberta de Catalunya)
languagesCatalan, Spanish, English
github-logo-circle

Github Skills (10)

http10
security-testing10
bash10
go10
curl10
web-application-security10
bug-reporting9
vulnerability-research9
bugtracking9
bug-tracker9

Programming languages (7)

ShellC++CGoHTMLYARAPython

Github contributions (5)

github-logo-circle
lobuhi/byp4xx

Nov 2020 - Jan 2023

40X/HTTP bypasser in Go. Features: Verb tampering, headers, #bugbountytips, User-Agents, extensions, default credentials...
Role in this project:
userSecurity Engineer
Contributions:8 reviews, 103 commits, 13 PRs in 2 years 2 months
Contributions summary:Luđť‘–s primarily contributed to a Go-based HTTP bypasser. Their work involved implementing various HTTP verb tampering techniques, header manipulation, and 403 bypass methods within a Go script. They also updated and refined the script, adding features like redirection handling and the ability to output curl commands. The user's contributions suggest a focus on security testing and vulnerability research.
verburl-parserbugbountyextensionscredentials
lobuhi/lobuhi.github.io

Nov 2022 - Jan 2023

Contributions:55 commits, 48 pushes in 3 months
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Luđť‘–s Puig - Senior Security Consultant at NCC Group