Apr 2021 – Jun 2023 · 2 yrs 2 mos · France · Remote

• I led security at ChartMogul.
• With a small team, we coordinated the efforts of all startup departments to obtain a SOC-2 Type II report.
• As an autonomous engineer, I was capable of carrying out initiatives and making code changes on my own.
• Designed every initiative with a focus on staff workflow, balancing security and usability.
• Conducted security code reviews of the entire code base, which resulted in discovering a few critical vulnerabilities.
• Ability to deconstruct vulnerabilities into their building blocks to identify similar scenarios in the code base using tools such as Semgrep.
• Create and deliver technical content to developers about secure software development.
• Created the Vulnerability Management and Disclosure Program.
• Implemented the Incident Response Plan, acting as a Commander in 5+ incidents.
• As the main security point of contact, I was available to all audiences, including developers with secure software development questions, staff seeking general recommendations, and customers reporting security issues.

Nov 2019 – Dec 2020 · 1 yr 1 mo · France · Remote

• In security, I did vulnerability research and lead exploit writing from public vulnerabilities to be integrated into the product. I also participated in onsite training about technical details to all kind of audience.
• In software development, I designed and implemented secure solutions based on principles of least privilege, isolation, etc with a high component of usability and supported by a full suite of tests. I also managed data integrity, consistency and synchronization in the implementation of new features and microservices.

May 2019 – Oct 2019 · 5 mos · France · Remote

May 2017 – Apr 2019 · 1 yr 11 mos · Provincia de Santiago, Santiago Metropolitan Region, Chile · Remote

• I was one of the co-founders in charge of leading the project development.
• We were part of StartupChile Seed Program Generation 18th.
• My tasks were:
• 1. Lead platform design and development, from deploying our infrastructure on cloud providers up to frontend programming using Typescript/React/Redux.
• 2. Head security services and research on interesting topics.
• 3. Public speaking at conferences about our research.
• 4. Maintainer of own open-source projects.

Mar 2013 – Sep 2013 · 6 mos · Valparaíso

• Teaching "Web Security Workshop" course to undergraduate students. I created the material for the whole course which was taken by over 60 students.
• The lessons are available here: http://www.spect.cl/education/

Jun 2012 – May 2017 · 4 yrs 11 mos · Remote

• I have a wide expertise developing and leading web scraping projects on any kind of technology. My main achievements were:
• Leading a project with more than 1400 sites, including management of the team, design of the underlying architecture and a lot of technical challenges to support customer's needs.
• Development and research of advanced spiders to scrape data from well-known web software (i.e. Wordpress). It has involved a lot of iterations to improve spider architecture and flexibility to support different variants of the same software.
• Development of distributed spiders for huge sites with more than 300M products.
• Participation in around 20 projects (many solo projects) inside the company, ranging from development of spiders scraping pre-roll ads in videos to purchase event tickets as soon as they appear on a site.
• I've also had other tasks inside the company such as:
• Contribution to open-source projects.
• Security assessment of some internal projects.
• Notification of security vulnerabilities in software used in our daily workflow.
• Reverse engineering to understand software logic.
• Person in charge to reply reports of security findings.
• Consultancy to customers on external projects involving the use of Scrapy.