Carlos Ledesma, Python Developer in Málaga, Spain
Carlos Ledesma

Python Developer in Málaga, Spain

Member since February 3, 2021
Carlos is a Python developer with a strong focus on information security. Having worked in security roles throughout his career, Carlos has been the go-to guy for development tasks and architectural discussions inside security teams. From reverse engineering to mobile test automation, Carlos is an all-around professional.
Carlos is now available for hire


  • Numbrs
    Python, Django, Django REST Framework, Kubernetes, Docker, Go...
  • Hispasec
    Django, Python, Django REST Framework, Linux, PhantomJS, Bootstrap, jQuery...
  • Avira
    RabbitMQ, Python, C, Linux, Windows, Assembler x86, OllyDbg...



Málaga, Spain



Preferred Environment

Python, Django, Linux

The most amazing...

...thing I've built was a Python framework for mobile test automation that allowed robust UI testing, file system interaction, HTTPS interception, and more.


  • Security Engineer

    2018 - 2020
    • Maintained, improved, and deployed Python-based in-house projects regarding security operations (SIEM, automated code review, and mobile app testing).
    • Designed the architecture of a vulnerability management system involving all the company networks.
    • Handled several security operation tasks including secure code reviews, security alert handling, network/system/mobile app auditing, among others.
    Technologies: Python, Django, Django REST Framework, Kubernetes, Docker, Go, Shell Scripting, Linux, Burp Suite, Elasticsearch, Neo4j, MySQL, Selenium, Git, Jira, Appium, Information Security, DevOps
  • Full-stack Developer

    2017 - 2018
    • Maintained, improved, and deployed Python-based projects, including a ticket management system and crawling systems.
    • Designed, developed, and deployed an automatic and scalable URL-browsing system using PhantomJS and content matching using Yara.
    • Wrote frequently for an important Spanish daily infosec newsletter that specialized in vulnerability explanations for easier understanding.
    Technologies: Django, Python, Django REST Framework, Linux, PhantomJS, Bootstrap, jQuery, YARA, Git, HTML, CSS, MySQL, JavaScript, Celery, RabbitMQ, Apache, NGINX, Gunicorn, Ansible, Shell Scripting, Information Security, Docker
  • Virus Analyst | Back-end Developer

    2016 - 2016
    • Performed a malware analysis for potentially malicious samples (static and dynamic).
    • Designed and programmed a data mining process for malware behavior.
    • Developed services using RabbitMQ and Python.
    • Fixed bugs and made improvements for a type of known clustering software developed in C.
    Technologies: RabbitMQ, Python, C, Linux, Windows, Assembler x86, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, VirtualBox, Malware Analysis, Information Security
  • Anti-fraud Technician

    2014 - 2016
    • Analyzed fraud incidents (mainly phishing and Trojan viruses) and alerting involved parties to take down the threat.
    • Collaborated with the malware department to help analyze Trojan viruses for instrumentation.
    • Analyzed and reported vulnerabilities affecting products used by our clients.
    Technologies: Python, Linux, Windows, Assembler x86, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, VirtualBox, ZMap, Malware Analysis, Information Security


  • Grassbox | OSX Sandbox for Automated Malware Analysis (Prototype)

    I was mentored by VirusTotal employees to find a proper way for executing malware in a controlled OSX environment and then retrieving behavioral information about the execution. I wrote a prototype in Python using DTrace, a language for kernel probing.

  • Star Wars Battlefront Custom Resolution fix

    I reverse-engineered the game settings so a custom graphic resolution could be specified. This tool modified the save-game feature, which specified the resolution, and then recalculated the proprietary checksum for it, so the game would accept it. The routine for the proprietary checksum was obtained through reverse-engineering.

  • Automated Security Testing for Mobile Platforms

    I built a framework for automating security testing in multiple platforms in Python, wrapping Selenium up (for iOS and Android). We wanted to write security tests for a mobile app, trying to make it as much platform-independent as possible.

    One of the functionalities was sniffing mobile to back-end communication, for which I wrote a wrapper over mitmproxy (Python app) to control it programmatically. This way we were able to sniff the traffic between the app and back end and make assertions over the traffic.


  • Languages

    Python, Assembler x86, TypeScript, Java, Go, HTML, CSS, JavaScript, C, MIPS, SQL
  • Frameworks

    Django, Django REST Framework, Selenium, Angular, DTrace, Appium, Bootstrap
  • Platforms

    Linux, Docker, Kubernetes, Burp Suite, Windows, Oracle
  • Other

    Information Security, Networking, Reverse Engineering, Shell Scripting, Gunicorn, ZMap, Discrete Mathematics, Maltego, Malware Analysis, Quantum Computing
  • Libraries/APIs

    PhantomJS, jQuery
  • Tools

    Git, RabbitMQ, VirtualBox, Jira, YARA, Celery, Apache, NGINX, Ansible, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, Weka, Snort
  • Paradigms

  • Storage

    Elasticsearch, Neo4j, MySQL


  • Master's Degree in Information Security
    2015 - 2017
    Open University of Catalonia - Barcelona, Spain
  • Bachelor's Degree in Computer Science
    2010 - 2014
    University of Malaga - Málaga, Spain


  • Quantum Computing Fundamentals
    JUNE 2019 - PRESENT
    MIT xPRO
  • Malicious Software and its Underground Economy: Two Sides to Every Story
    JUNE 2014 - PRESENT

To view more profiles

Join Toptal
Share it with others