Summary
Carlos Villa is a Principal Application Security Engineer based in Madrid with 8 years of experience securing web, API, and cloud-native applications. He has progressed from offensive testing and DevSecOps at Accenture to building product-focused security at Oracle, where he designs threat models, automates SAST/DAST checks, and integrates security tooling into developer pipelines. Skilled in building pragmatic developer-first security (TypeScript tooling, Semgrep checks, CI integrations), he combines hands-on pentesting experience with systems-level thinking from his telecom and CS education at UPM and EPFL. He co-built a cross-platform Python desktop app for translators, reflecting a taste for shipping user-facing software as well as backend protections. Colleagues rely on him for code reviews, secure development docs, and turning manual DAST workflows into automated, pipeline-friendly solutions. Quietly curious and continuously learning, he blends academic rigor with practical engineering to make security an enabler rather than a gate.
8 years of coding experience
4 years of employment as a software developer
Master in Computer Science, Master in Computer Science at EPFL
Master in Telecommunication Engineering, Master in Telecommunication Engineering at Universidad Politécnica de Madrid
English, Spanish, French