Kajal Krishnan G
github.com/kajalNair linkedin.com/in/kajal-nair-4b0674104/ adi2r4@r.postjobfree.com WORK EXPERIENCE
SYNOPSYS SECURITY CONSULTANT
Jan 2018 - Present Bengaluru, Karnataka, India
• Secure Code Review: Performed Secure Code Review both manual and automated on various applications in automobile and banking domain built over technologies like Java, ASP .NET, Javascript, PHP, and mobile
applications.
• Web Application Penetration Testing: Performed
penetration tests on several web application penetration testing engagements on Financial, E-Commerce and
Automobile applications.
• Software Composition Analysis: Worked on Software Composition Analysis solutions to manage security and license compliance risk in the open source and
third-party code used in web applications.
• Secure Design Review: As a part of Secure Design Review Team, prepared best practices to be considered during requirement and design phases of the web
application projects. Involved in discussion with senior consultants to share perspective regarding the review process.
• Responsible for performing security assessments on over 100+ applications. This includes delivering remediation plans and security procedures in detailed and
comprehensive reports.
• Have decent exposure to security assessments of Thick Client Applications, Web Services as well as performed Secure Configuration Review, Architecture Risk Analysis. EDUCATION
CHANDIGARH UNIVERSITY
BACHELOR IN COMPUTER SCIENCE
May 2018 Chandigarh, India
SKILLS
TECHNICAL SKILLS
Information Security
BurpSuite Pro • IBM AppScan • NMAP • SQLMap • Coverity
• Blackduck • DnSpy • JDGui • Other relevant Open Source tools
Development
• Proficient in Java, Python, Reasonably skilled in JavaScript, ASP .NET, C#, PHP and Exposure to React, Swift, Kotlin, C and Web Programming.
• Taint Flow Analysis using CodeQL.
• Automation using Python
Technologies
Git • Docker • Virtualization • Terraform
PROJECTS
AUTOMATION
• Contributed significantly in the end to end automation of Blackduck process to bring down the Assessors time spent in manual efforts.
Technologies used: Python, VB Scripts
SYNOPSYS VULNERABILITY DATABASE
• Enhanced the existing vulnerability database from scratch.
• Added an interface to create and add custom vulnerability. Technologies used: Java Spring, Hibernate, JavaScript TAINT FLOWANALYSIS
• Currently working on taint flow analysis of popular Java APIs and C libraries.
Technologies used: CodeQL
ACHIEVEMENTS AND ACTIVITIES
• Active on Open Source Security Contributions and vulnerability reporting
• Active on contributer on platforms like hackerOne, huntr like bug bounty platforms
• Participated in Synopsys techFair CTF, 2019 (1st runner up)
• Participated in events like Agorize Open innovation challenge, Cisco – APJ Global Problem Solver Challenge, Go Green in the City 2017, WomenTechMaker 2017.
• Presented a technical talk on the topic, ”Reactifying JavaScript - Insecurities and Secure Coding Guidelines” at DEFCON chapter, Trivandrum (2019)
• Instructor Led Training on Defending Python to a group of Security Researchers.
• Initiated coding community called SheCodes in University, to make young girls learn about different fields of technology.
• Participated in CodeQL CTF organised by Github Lab Security.
CERTIFICATION
• Offensive Security Web Expert (OSWE) OS-AWAE-9597
• Cloud Application Developer - Explorer Award for Students 2016 (IBM)