
Carlos Ledesma
Verified Expert in Engineering
Python Developer
Carlos is a Python developer with a strong focus on information security. Having worked in security roles throughout his career, Carlos has been the go-to guy for development tasks and architectural discussions inside security teams. From reverse engineering to mobile test automation, Carlos is an all-around professional.
Portfolio
Experience
Availability
Preferred Environment
Python, Django, Linux
The most amazing...
...thing I've built was a Python framework for mobile test automation that allowed robust UI testing, file system interaction, HTTPS interception, and more.
Work Experience
Security Engineer
Numbrs
- Maintained, improved, and deployed Python-based in-house projects regarding security operations (SIEM, automated code review, and mobile app testing).
- Designed the architecture of a vulnerability management system involving all the company networks.
- Handled several security operation tasks including secure code reviews, security alert handling, network/system/mobile app auditing, among others.
Full-stack Developer
Hispasec
- Maintained, improved, and deployed Python-based projects, including a ticket management system and crawling systems.
- Designed, developed, and deployed an automatic and scalable URL-browsing system using PhantomJS and content matching using Yara.
- Wrote frequently for an important Spanish daily infosec newsletter that specialized in vulnerability explanations for easier understanding.
Virus Analyst | Back-end Developer
Avira
- Performed a malware analysis for potentially malicious samples (static and dynamic).
- Designed and programmed a data mining process for malware behavior.
- Developed services using RabbitMQ and Python.
- Fixed bugs and made improvements for a type of known clustering software developed in C.
Anti-fraud Technician
Hispasec
- Analyzed fraud incidents (mainly phishing and Trojan viruses) and alerting involved parties to take down the threat.
- Collaborated with the malware department to help analyze Trojan viruses for instrumentation.
- Analyzed and reported vulnerabilities affecting products used by our clients.
Experience
Grassbox | OSX Sandbox for Automated Malware Analysis (Prototype)
https://github.com/Ravenons/grassboxStar Wars Battlefront Custom Resolution fix
https://github.com/Ravenons/swbfresfixAutomated Security Testing for Mobile Platforms
One of the functionalities was sniffing mobile to back-end communication, for which I wrote a wrapper over mitmproxy (Python app) to control it programmatically. This way we were able to sniff the traffic between the app and back end and make assertions over the traffic.
Skills
Languages
Python, Assembler x86, TypeScript, Java, Go, HTML, CSS, JavaScript, C, MIPS, SQL
Frameworks
Django, Django REST Framework, Selenium, Angular, DTrace, Appium, Bootstrap
Platforms
Linux, Docker, Kubernetes, Burp Suite, Windows, Oracle
Other
Information Security, Networking, Reverse Engineering, Shell Scripting, Gunicorn, ZMap, Discrete Mathematics, Maltego, Malware Analysis, Quantum Computing
Libraries/APIs
PhantomJS, jQuery
Tools
Git, RabbitMQ, VirtualBox, Jira, YARA, Celery, Apache, NGINX, Ansible, OllyDbg, Interactive Disassembler (IDA) Pro, Wireshark, VMware, Weka, Snort
Paradigms
DevOps
Storage
Elasticsearch, Neo4j, MySQL
Education
Master's Degree in Information Security
Open University of Catalonia - Barcelona, Spain
Bachelor's Degree in Computer Science
University of Malaga - Málaga, Spain
Certifications
Quantum Computing Fundamentals
MIT xPRO
Malicious Software and its Underground Economy: Two Sides to Every Story
Coursera