Yadhu Krishna M

Security Engineer

Bengaluru, Karnataka, India6 yrs 9 mos experience
AI ML PractitionerAI Enabled

Key Highlights

  • 5+ years of experience in cybersecurity.
  • Expert in application security and vulnerability management.
  • Active contributor to cybersecurity discussions and training.
Stackforce AI infers this person is a Cybersecurity Specialist with a focus on Application Security in the Fintech sector.

Contact

LinkedIn

Skills

Core Skills

Application SecurityDevsecopsCybersecurityInformation SecurityWeb Application SecurityTeam LeadershipTeam Management

Other Skills

AI DevelopmentVulnerability ManagementOpen Source DevelopmentSecurity AutomationDashboard DevelopmentSecurity MonitoringProcess AutomationSecurity ToolsTrainingTeam CollaborationProduct SecurityProject ManagementMicro-services SecurityVulnerability AssessmentInternal Security

About

Hey there! πŸ‘‹ I'm Yadhu Krishna M, on a mission to fortify the online world. With 5+ years in Security, I'm all about locking down vulnerabilities. πŸš€ Currently, working as a Product Security Engineer at CRED, I'm strengthening platform security. πŸ’» Beyond work, I'm an active voice in cybersecurity discussions. Connect to discuss supply chain security, anything cybersecurity, or to just say hi! Let's make the digital space safer. πŸ”

Experience

Cred

3 roles

Senior Security Engineer

Promoted

Apr 2024 – Present Β· 2 yrs Β· Bengaluru, Karnataka, India Β· On-site

  • Shift-Left Security: Spearheaded the integration of a comprehensive security suite (SBOM, SCA, SAST, Secret Scanning) into the SDLC, embedding automated guardrails at every stage of development.
  • AI-Driven Security: Engineering AI-native tools to automate vulnerability triaging and remediation, ensuring security infrastructure scales alongside hyper-growth environments.
  • Engineered "SupplyShield": Designed and launched an open-source framework capable of executing automated security scans for 1,000+ daily deployments, ensuring consistent compliance at scale.
  • ASPM Innovation: Developed an in-house Application Security Posture Management dashboard to provide real-time, granular visibility into global and pod-wise security health.
DevSecOpsApplication Security

Security Engineer

Jul 2023 – Apr 2024 Β· 9 mos Β· Bengaluru, Karnataka, India Β· On-site

  • Developed guidelines and automated processes for the Responsible Disclosure Program, ensuring timely and efficient handling of vulnerabilities with SLA-driven responses. This reduced response times by 55%.
  • Developed AI powered security tools "ShieldX" and "RapidRDP" to enhance security team and developer productivity.
  • Conducted annual Capture The Flag (CTF) competitions and hands-on security training sessions for 100+ engineers and elevated security knowledge across teams.
  • Managed end-to-end security for the GTMs of 3+ products, ensuring they met security standards from inception to deployment.
CybersecurityApplication Security

Product Security Intern

Nov 2022 – Jul 2023 Β· 8 mos Β· Bengaluru, Karnataka, India Β· On-site

  • Contributed to CRED's reputation as a trusted and secure platform, by securing highly critical public facing micro-services.
  • Strengthened security measures for CRED's internal tools and software
Information SecurityWeb Application Security

Team bi0s

2 roles

Team Lead

Promoted

Jan 2022 – Dec 2022 Β· 11 mos

  • Managed a team of 20+ members.
  • Mentored and trained beginners in Web Security.
Team LeadershipTeam Management

Web Security Researcher and CTF Player

Jul 2019 – Nov 2022 Β· 3 yrs 4 mos

  • Participated in national & international level cyber security CTF contests.
  • Published write-ups, solved and developed web security challenges for CTF competitions.
  • Developed automated exploit scripts for solving CTF challenges.
  • Organized various cyber security CTF events - Amrita InCTF Series 2020, 2021.
Information SecurityWeb Application Security

Freelance

Security Researcher

Jan 2021 – Present Β· 5 yrs 3 mos Β· Remote

  • Vulnerability Research:
  • CVE-2024-40817 - Safari Web Browser
  • CVE-2024-34714 - Bypass enabled origins - Hoppscotch Browser Extension
  • CVE-2024-1135 - HTTP Request Smuggling in Gunicorn.
  • CVE-2023-46134 - Remote Code Execution in D-tale.
  • CVE-2023-30589 - HTTP Request Smuggling in Node.js.
  • CVE-2022-25850 - Server-Side Request Forgery (SSRF) attack in Proxyscotch.
  • CVE-2021-23404 - Cross-Site Request Forgery (CSRF) bug in SQLite Web.
  • CVE-2021-3666 - Prototype pollution in body-parser-xml Node.js module.
  • Presentations & Talks:
  • 2025
  • BlackHat Asia, Singapore - "SupplyShield: Protecting your software supply chain"
  • Nullcon Goa, India- "Securing the Chains"
  • 2023
  • HackerOne Meetup - Beginner’s Guide to Prototype Pollution
  • 2021
  • Introduction to DNS Spoofing
  • InCTF - Introduction to Web Exploitation
  • A Case Study on the Android Architecture
  • 2020
  • Apache Tomcat RCE by Deserialization - CVE 2020-9484
  • YAML Deserialization
  • Introduction to LDAP and LDAP Injection

Education

Amrita Vishwa Vidyapeetham

Bachelor of Technology - BTech β€” Computer Science and Engineering

Jul 2019 – Jul 2023

Stackforce found 100+ more professionals with Application Security & Devsecops

Explore similar profiles based on matching skills and experience

Manoj kumar M

Manoj kumar M

Assistant Manager Cyber Security

at BNP Paribas

Coimbatore, India9 yrs 8 mos exp
Krunal Savaliya

Krunal Savaliya

Application Security Engineer

at Micron Technology

India4 yrs 3 mos exp
Application SecurityPenetration Testing
Komal Preet Kaur

Komal Preet Kaur

Head of Security Engineering

at Jumio Corporation

Bengaluru, India13 yrs exp
Application SecurityCloud SecurityConsultingLitigation SupportPatent Analysis
Rajat Sharma

Rajat Sharma

Information Security Engineer

at Netskope

Bengaluru, India10 yrs 6 mos exp
Vaibhav Rajput

Vaibhav Rajput

Security Engineer

at PhonePe

Bengaluru, India3 yrs 9 mos exp
Penetration TestingVulnerability Assessment
Hema R

Hema R

Lead Security Engineer

at Freshworks

Chennai, India8 yrs 11 mos exp
Application Security
Elvis Osman

Elvis Osman

Application security lead

at malomatia

Qatar7 yrs 9 mos exp
Vishal Kumar Vishwakarma

Vishal Kumar Vishwakarma

Senior Product Security Engineer

at Hike

Pune, India9 yrs 5 mos exp