Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
CARTO

Core Software Engineer – Security & Platform

CARTO

Core Software Engineer focusing on security and platform hardening at CARTO. Improving security across a cloud-native spatial analytics platform used by global brands.

Posted 6/17/2026full-timeRemote • 🇪🇸 SpainMid-LevelSeniorWebsite

Tech Stack

Tools & technologies
AWSCloudGoGoogle Cloud PlatformKubernetesPythonSDLCTerraformTypeScript

About the role

Key responsibilities & impact
  • Improve the security of the platform through code. Work directly in the CARTO codebase to identify, prioritize, and fix security weaknesses. This may involve refactoring existing components, redesigning risky flows, improving authorization boundaries, strengthening input validation, removing unsafe patterns, or building new platform capabilities that make secure development easier for everyone.
  • Strengthen our cloud and infrastructure foundations. Work with our infrastructure and platform teams to harden CARTO’s cloud-native environments across GCP and AWS. You will contribute to areas such as IAM, Kubernetes, containerized workloads, networking, workload isolation, Infrastructure as Code, and secure-by-default deployment patterns.
  • Make security part of the development workflow. Build and improve tools, checks, libraries, CI/CD integrations, and engineering practices that help developers catch security issues early. The goal is not to create gates that slow teams down, but to make the secure path the easiest path.
  • Improve supply-chain security. Help protect CARTO from modern supply-chain attacks by improving dependency management, build integrity, container security, artifact provenance, CI/CD security, and automated scanning. Stay up to date with emerging attack techniques and translate that knowledge into practical protections.
  • Use AI to improve security. Experiment with the latest AI models and tools to assess and improve CARTO’s security posture. This could include AI-assisted code review, automated vulnerability discovery, codebase analysis, threat modeling, dependency analysis, or internal agents that continuously look for risky patterns and misconfigurations.
  • Secure AI and agentic systems. CARTO is building an Agentic GIS platform, which creates new security challenges. You will help us reason about and defend against risks such as prompt injection, tool misuse, data leakage, privilege escalation through agents, untrusted content flowing into automated workflows, and unsafe model/tool interactions.
  • Raise the security bar across engineering. Partner with engineering teams to review designs, identify risks, and implement improvements. Help make every team more security-aware while remaining pragmatic, collaborative, and focused on enabling product velocity.

Requirements

What you’ll need
  • 5+ years of experience as a software engineer, platform engineer, infrastructure engineer, or security-focused engineer.
  • Strong hands-on programming skills in at least one of TypeScript, Python, or Go, and the ability to work across a large production codebase.
  • Experience designing, refactoring, and operating complex cloud-native software systems.
  • Strong understanding of application security, including authentication, authorization, input validation, secure API design, multi-tenant systems, and secure SDLC practices.
  • Practical experience with cloud infrastructure on GCP or AWS, including IAM, secrets management, networking, containers, and Kubernetes.
  • Experience with Infrastructure as Code, preferably Terraform or similar tools.
  • Familiarity with software supply-chain security: dependency risks, CI/CD hardening, container scanning, build integrity, artifact provenance, and secure release processes
  • Previous experience in using AI tools to analyze code, detect vulnerabilities, automate reviews, or improve engineering workflows.
  • A collaborative, low-ego approach. You make security something engineers want to adopt, not something they try to work around.
  • Nice to have
  • Experience in application security, product security, penetration testing, or red-team exercises.
  • Experience securing AI or agentic systems, including prompt-injection defense, tool sandboxing, model access controls, or AI data-exfiltration risks.
  • Experience building internal developer platforms, secure libraries, CI/CD tooling, or engineering automation.
  • Experience with SOC 2, ISO 27001, or similar compliance frameworks, especially if you have helped translate compliance needs into automated engineering controls.
  • Contributions to open-source security tooling, security research, responsible disclosure, or technical writing on security topics.
  • Experience with geospatial, data platforms, cloud data warehouses, or enterprise SaaS platforms.

Benefits

Comp & perks
  • Compensation based on experience, discussed transparently during the process, plus an annual bonus of up to 10% based on company objectives.
  • The opportunity to contribute to a platform used by top companies around the world.
  • A direct impact on the security, reliability, and future architecture of CARTO.
  • Access to our Employee Stock Options Plan.
  • Private medical insurance.
  • Flexible compensation.
  • Education stipend.
  • Remote work stipend.
  • English classes.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
TypeScriptPythonGoapplication securitycloud-native software systemsInfrastructure as CodeTerraformAI toolspenetration testingCI/CD
Soft Skills
collaborativelow-ego approachsecurity awarenesspragmaticcommunication
Certifications
SOC 2ISO 27001