Kajal Krishnan G

github.com/kajalNair linkedin.com/in/kajal-nair-4b0674104/ adi2r4@r.postjobfree.com WORK EXPERIENCE

SYNOPSYS SECURITY CONSULTANT

Jan 2018 - Present Bengaluru, Karnataka, India

• Secure Code Review: Performed Secure Code Review both manual and automated on various applications in automobile and banking domain built over technologies like Java, ASP .NET, Javascript, PHP, and mobile

applications.

• Web Application Penetration Testing: Performed

penetration tests on several web application penetration testing engagements on Financial, E-Commerce and

Automobile applications.

• Software Composition Analysis: Worked on Software Composition Analysis solutions to manage security and license compliance risk in the open source and

third-party code used in web applications.

• Secure Design Review: As a part of Secure Design Review Team, prepared best practices to be considered during requirement and design phases of the web

application projects. Involved in discussion with senior consultants to share perspective regarding the review process.

• Responsible for performing security assessments on over 100+ applications. This includes delivering remediation plans and security procedures in detailed and

comprehensive reports.

• Have decent exposure to security assessments of Thick Client Applications, Web Services as well as performed Secure Configuration Review, Architecture Risk Analysis. EDUCATION

CHANDIGARH UNIVERSITY

BACHELOR IN COMPUTER SCIENCE

May 2018 Chandigarh, India

SKILLS

TECHNICAL SKILLS

Information Security

BurpSuite Pro • IBM AppScan • NMAP • SQLMap • Coverity

• Blackduck • DnSpy • JDGui • Other relevant Open Source tools

Development

• Proficient in Java, Python, Reasonably skilled in JavaScript, ASP .NET, C#, PHP and Exposure to React, Swift, Kotlin, C and Web Programming.

• Taint Flow Analysis using CodeQL.

• Automation using Python

Technologies

Git • Docker • Virtualization • Terraform

PROJECTS

AUTOMATION

• Contributed significantly in the end to end automation of Blackduck process to bring down the Assessors time spent in manual efforts.

Technologies used: Python, VB Scripts

SYNOPSYS VULNERABILITY DATABASE

• Enhanced the existing vulnerability database from scratch.

• Added an interface to create and add custom vulnerability. Technologies used: Java Spring, Hibernate, JavaScript TAINT FLOWANALYSIS

• Currently working on taint flow analysis of popular Java APIs and C libraries.

Technologies used: CodeQL

ACHIEVEMENTS AND ACTIVITIES

• Active on Open Source Security Contributions and vulnerability reporting

• Active on contributer on platforms like hackerOne, huntr like bug bounty platforms

• Participated in Synopsys techFair CTF, 2019 (1st runner up)

• Participated in events like Agorize Open innovation challenge, Cisco – APJ Global Problem Solver Challenge, Go Green in the City 2017, WomenTechMaker 2017.

• Presented a technical talk on the topic, ”Reactifying JavaScript - Insecurities and Secure Coding Guidelines” at DEFCON chapter, Trivandrum (2019)

• Instructor Led Training on Defending Python to a group of Security Researchers.

• Initiated coding community called SheCodes in University, to make young girls learn about different fields of technology.

• Participated in CodeQL CTF organised by Github Lab Security.

CERTIFICATION

• Offensive Security Web Expert (OSWE) OS-AWAE-9597

• Cloud Application Developer - Explorer Award for Students 2016 (IBM)

Contact this candidate