Carlos L.

Python Developer and IT Security Specialist

Carlos is a Python developer with a strong focus on information security. Having worked in security roles throughout his career, he's been the go-to guy for development tasks and architectural discussions inside security teams. From reverse engineering to mobile test automation, he's an all-around professional.


Information Security - MSC

Open University of Catalonia

2015-09-01 - 2017-07-01

Computer Science & Engineering - BSC

University of Malaga

2010-09-01 - 2014-07-01


Grassbox, OS X sandbox for automated malware analysis (prototype)

I was mentored by VirusTotal employees to find a proper way for executing malware in a controlled OS X environment, and then retrieving behavioural information about the execution. I wrote a prototype in Python using DTrace, a language for kernel probing.

Star Wars Battlefront custom resolution fix

I reverse-engineered this game settings so a custom graphic resolution could be specified. This tool modified the savegame, which specified the resolution, and then recalculated the proprietary checksum for it, so the game would accept it. The routine for the proprietary checksum was obtained through reverse engineering.


Detection Technical Leader

Hispasec Sistemas SL

2018 - 2018

  • Along with all the responsibilities from the Full Stack Developer position described below.
  • Coordinated phishing & malware detection team.

Security Engineer

Numbrs Personal Finance AG

2018 - 2020

  • Several security operation tasks: secure code review, security alert handling, network/system/mobile app auditing...
  • Designed the architecture of a vulnerability management system involving all the company networks.
  • Maintenance, improvement and deployment of Python-based in-house projects regarding security operations (SIEM, automated code review & mobile app testing).

Full Stack Developer

Hispasec Sistemas SL

2017 - 2018

  • Frequent writer for an important Spanish daily infosec newsletter, specialized in vulnerability explanations for easier understanding.
  • Designed, developed and deployed an automatic & scalable URL browsing system using PhantomJS and content matching using YARA.
  • Maintenance, improvement and deployment of Python-based projects, including a ticket management system and crawling systems.

Virus Analyst & Back-end Developer

Avira GmbH

2016 - 2016

  • Malware analysis (static & dynamic).
  • Designed & programmed a data mining process for malware behaviour.
  • Development of services using RabbitMQ and Python.
  • Bug fixing and improvements for a known clustering software developed in C.

Anti-fraud Technician

Hispasec Sistemas SL

2014 - 2016

  • Analysis of fraud incidents (mainly phishings and trojans) and alerting involved parties to take down the threat.
  • Occasional collaboration with the malware department, in helping to analyze trojans for instrumentation.
  • Analysis and reporting of vulnerabilities affecting products used by our clients.

Did you like this profile?