• Ejecutar pruebas de penetración (pentesting) y ethical hacking sobre aplicaciones, APIs e infraestructura. • Identificar, analizar y priorizar vulnerabilidades siguiendo OWASP Top 10 y el estándar ASVS. • Realizar security assessments y revisiones de seguridad sobre el ciclo de desarrollo. • Trabajar junto a los equipos de ingeniería para remediar hallazgos y elevar el nivel de seguridad. • Documentar hallazgos y comunicar riesgos de forma clara a perfiles técnicos y de negocio.

Role Description Apple's Security Engineering & Architecture organization is responsible for the security of all Apple products. Passionate about safeguarding our users, we take an offensive approach to defense — finding and fixing vulnerabilities before they can be exploited. When it comes to securing more than a billion devices running the world's most sophisticated operating systems, that means finding vulnerabilities first. In this role, your primary focus will be on the kernel and embedded layers of Apple platforms but extends to all parts of the platforms. You will: - Partner with vulnerability researchers to understand attacks found by others. - Propose architecture changes/mitigation in partnership with other experts in the field. - Drive these changes into the products by partnering with engineering teams. - Work in cross-functional teams alongside other researchers and engineering teams to evaluate and strengthen the most privileged layers of our products. - Develop proof of concept to validate some approaches. This job is for individuals with outstanding technical skills and a genuine passion for building things. If this is you, we'd love to hear from you. In-office roles in Paris, and other locations. Remote considered for experienced candidates. Qualifications - Proven experience in code development and product development. - Deep understanding of operating system kernels, firmware, or embedded components. - Ability to apply AI techniques and tools, such as LLMs or Machine Learning, for security research. - Understanding and experience in shipping products. Requirements - Deep knowledge of kernel internals, including virtual memory management, system call interfaces, and driver frameworks. - Experience with firmware and boot ROM security analysis, including secure boot chains and hardware trust anchors. - Familiarity with embedded processors and coprocessors security (e.g., Secure Enclave, DMA-capable peripherals, baseband). - Fluency with tool development, using programming languages such as C, C++, Python, Swift, or Objective-C. - Ability to propose and drive architecture changes. - Knowledge of Apple operating systems like iOS or macOS is nice-to-have, but not required. - Outstanding collaboration skills.

• Improve the security of the platform through code. Work directly in the CARTO codebase to identify, prioritize, and fix security weaknesses. This may involve refactoring existing components, redesigning risky flows, improving authorization boundaries, strengthening input validation, removing unsafe patterns, or building new platform capabilities that make secure development easier for everyone. • Strengthen our cloud and infrastructure foundations. Work with our infrastructure and platform teams to harden CARTO’s cloud-native environments across GCP and AWS. You will contribute to areas such as IAM, Kubernetes, containerized workloads, networking, workload isolation, Infrastructure as Code, and secure-by-default deployment patterns. • Make security part of the development workflow. Build and improve tools, checks, libraries, CI/CD integrations, and engineering practices that help developers catch security issues early. The goal is not to create gates that slow teams down, but to make the secure path the easiest path. • Improve supply-chain security. Help protect CARTO from modern supply-chain attacks by improving dependency management, build integrity, container security, artifact provenance, CI/CD security, and automated scanning. Stay up to date with emerging attack techniques and translate that knowledge into practical protections. • Use AI to improve security. Experiment with the latest AI models and tools to assess and improve CARTO’s security posture. This could include AI-assisted code review, automated vulnerability discovery, codebase analysis, threat modeling, dependency analysis, or internal agents that continuously look for risky patterns and misconfigurations. • Secure AI and agentic systems. CARTO is building an Agentic GIS platform, which creates new security challenges. You will help us reason about and defend against risks such as prompt injection, tool misuse, data leakage, privilege escalation through agents, untrusted content flowing into automated workflows, and unsafe model/tool interactions. • Raise the security bar across engineering. Partner with engineering teams to review designs, identify risks, and implement improvements. Help make every team more security-aware while remaining pragmatic, collaborative, and focused on enabling product velocity.

• Design and implement security solutions to protect systems, networks, and data from cyber threats across our cloud and application ecosystem. • Embed Security into Workflows (DevSecOps): Work directly with engineering teams to integrate automated security scanning (SAST, DAST, SCA) and validation into CI/CD pipelines. • Cloud Infrastructure Security: Implement security controls as code (Infrastructure as Code) to ensure our AWS environment is secure by default, including container hardening and network security groups. • Network & Web Security: Manage and optimize our Cloudflare implementation, including WAF, Zero Trust, and CDN tooling to protect our web applications. • Vulnerability Management & Incident Response: Monitor security systems, act as the primary responder for security incidents, and conduct regular security assessments, threat modeling, and code reviews. • Champion Security Culture: Act as a security consultant and mentor to software engineers, promoting secure coding practices and fostering a culture of technical excellence. • Manage External Testing: Coordinate and assist in running penetration testing, bug bounty programs, and red teaming exercises.