Carlos Ledesma, Developer in Málaga, Spain
Carlos is available for hire
Hire Carlos

Carlos Ledesma

Verified Expert  in Engineering

Python Developer

Location
Málaga, Spain
Toptal Member Since
February 3, 2021

Carlos is a Python developer with a strong focus on information security. Having worked in security roles throughout his career, Carlos has been the go-to guy for development tasks and architectural discussions inside security teams. From reverse engineering to mobile test automation, Carlos is an all-around professional.

Portfolio

Numbrs
Python, Django, Django REST Framework, Kubernetes, Docker, Go, Shell Scripting...
Hispasec
Django, Python, Django REST Framework, Linux, PhantomJS, Bootstrap, jQuery...
Avira
RabbitMQ, Python, C, Linux, Windows, Assembler x86, OllyDbg...

Experience

Availability

Part-time

Preferred Environment

Python, Django, Linux

The most amazing...

...thing I've built was a Python framework for mobile test automation that allowed robust UI testing, file system interaction, HTTPS interception, and more.

Work Experience

Security Engineer

2018 - 2020
Numbrs
  • Maintained, improved, and deployed Python-based in-house projects regarding security operations (SIEM, automated code review, and mobile app testing).
  • Designed the architecture of a vulnerability management system involving all the company networks.
  • Handled several security operation tasks including secure code reviews, security alert handling, network/system/mobile app auditing, among others.
Technologies: Python, Django, Django REST Framework, Kubernetes, Docker, Go, Shell Scripting, Linux, Burp Suite, Elasticsearch, Neo4j, MySQL, Selenium, Git, Jira, Appium, Information Security, DevOps

Full-stack Developer

2017 - 2018
Hispasec
  • Maintained, improved, and deployed Python-based projects, including a ticket management system and crawling systems.
  • Designed, developed, and deployed an automatic and scalable URL-browsing system using PhantomJS and content matching using Yara.
  • Wrote frequently for an important Spanish daily infosec newsletter that specialized in vulnerability explanations for easier understanding.
Technologies: Django, Python, Django REST Framework, Linux, PhantomJS, Bootstrap, jQuery, YARA, Git, HTML, CSS, MySQL, JavaScript, Celery, RabbitMQ, Apache, NGINX, Gunicorn, Ansible, Shell Scripting, Information Security, Docker

Virus Analyst | Back-end Developer

2016 - 2016
Avira
  • Performed a malware analysis for potentially malicious samples (static and dynamic).
  • Designed and programmed a data mining process for malware behavior.
  • Developed services using RabbitMQ and Python.
  • Fixed bugs and made improvements for a type of known clustering software developed in C.
Technologies: RabbitMQ, Python, C, Linux, Windows, Assembler x86, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, VirtualBox, Malware Analysis, Information Security

Anti-fraud Technician

2014 - 2016
Hispasec
  • Analyzed fraud incidents (mainly phishing and Trojan viruses) and alerting involved parties to take down the threat.
  • Collaborated with the malware department to help analyze Trojan viruses for instrumentation.
  • Analyzed and reported vulnerabilities affecting products used by our clients.
Technologies: Python, Linux, Windows, Assembler x86, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, VirtualBox, ZMap, Malware Analysis, Information Security

Grassbox | OSX Sandbox for Automated Malware Analysis (Prototype)

https://github.com/Ravenons/grassbox
I was mentored by VirusTotal employees to find a proper way for executing malware in a controlled OSX environment and then retrieving behavioral information about the execution. I wrote a prototype in Python using DTrace, a language for kernel probing.

Star Wars Battlefront Custom Resolution fix

https://github.com/Ravenons/swbfresfix
I reverse-engineered the game settings so a custom graphic resolution could be specified. This tool modified the save-game feature, which specified the resolution, and then recalculated the proprietary checksum for it, so the game would accept it. The routine for the proprietary checksum was obtained through reverse-engineering.

Automated Security Testing for Mobile Platforms

I built a framework for automating security testing in multiple platforms in Python, wrapping Selenium up (for iOS and Android). We wanted to write security tests for a mobile app, trying to make it as much platform-independent as possible.

One of the functionalities was sniffing mobile to back-end communication, for which I wrote a wrapper over mitmproxy (Python app) to control it programmatically. This way we were able to sniff the traffic between the app and back end and make assertions over the traffic.
2015 - 2017

Master's Degree in Information Security

Open University of Catalonia - Barcelona, Spain

2010 - 2014

Bachelor's Degree in Computer Science

University of Malaga - Málaga, Spain

JUNE 2019 - PRESENT

Quantum Computing Fundamentals

MIT xPRO

JUNE 2014 - PRESENT

Malicious Software and its Underground Economy: Two Sides to Every Story

Coursera

Libraries/APIs

PhantomJS, jQuery

Tools

Git, RabbitMQ, VirtualBox, Jira, YARA, Celery, Apache, NGINX, Ansible, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, ZMap, Weka, Snort, Maltego

Frameworks

Django, Django REST Framework, Selenium, Angular, DTrace, Appium, Bootstrap

Languages

Python, Assembler x86, TypeScript, Java, Go, HTML, CSS, JavaScript, C, MIPS, SQL

Platforms

Linux, Docker, Kubernetes, Burp Suite, Windows, Oracle

Storage

Elasticsearch, Neo4j, MySQL

Paradigms

DevOps

Other

Information Security, Networking, Reverse Engineering, Shell Scripting, Gunicorn, Discrete Mathematics, Malware Analysis, Quantum Computing

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring