Core Software Engineer, Security & Platform
Remote · Spain or Madrid, Madrid, Spain
Job Summary
Senior Software Engineer focused on Security & Platform Hardening to join CARTO’s Core Team. Responsible for strengthening platform security across code, cloud infrastructure (GCP/AWS), and development workflows; improving supply-chain security, building secure-by-default deployment patterns, and leveraging AI tools for vulnerability discovery and automated reviews. Responsibilities span refactoring components, tightening authorization boundaries, improving input validation, hardening Kubernetes and containerized workloads, implementing Infrastructure as Code (Terraform), and integrating security checks into CI/CD pipelines. The role emphasizes pragmatic security enablement, collaboration with engineering teams, and addressing risks in AI/agentic systems (prompt-injection defense, tool sandboxing, data leakage risks). Beneficial experience includes security-focused product work, compliance frameworks (SOC 2, ISO 27001), and contributions to security tooling; location preference is Europe with remote-first options, with optional in-person collaboration at CARTO offices in Madrid or Seville.
Required Qualifications
- 5+ years of experience as a software engineer, platform engineer, infrastructure engineer, or security-focused engineer
- Strong hands-on programming skills in TypeScript, Python, or Go
- Experience designing, refactoring, and operating complex cloud-native software systems
- Strong understanding of application security (authentication, authorization, input validation, secure API design, multi-tenant systems, secure SDLC)
- Practical experience with cloud infrastructure on GCP or AWS (IAM, secrets management, networking, containers, Kubernetes)
- Experience with Infrastructure as Code, preferably Terraform
- Familiarity with software supply-chain security (dependency risks, CI/CD hardening, container scanning, build integrity, artifact provenance)
- Experience using AI tools to analyze code, detect vulnerabilities, automate reviews, or improve engineering workflows
- Collaborative, low-ego approach to security adoption
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.