Kevin J.

Co-Founder

Copenhagen, Capital Region, Denmark11 yrs experience
Most Likely To Switch

Key Highlights

  • Discovered multiple CVEs impacting major software.
  • Over 300 confirmed bug bounty reports.
  • Expert in application security and vulnerability research.
Stackforce AI infers this person is a highly skilled security consultant specializing in application security and vulnerability research.

Contact

LinkedIn

Skills

Core Skills

Application SecurityInformation SecuritySoftware DevelopmentSecurity Controls

Other Skills

CommunicationProject ManagementJava Virtual Machine (JVM)AutomationSmall and Medium-Sized Enterprises (SME)GitJavaScriptLinuxx86PythonReverse EngineeringPentesting

About

Technical with a strong foundation in software & security engineering. These are some of my publicly acknowledged contributions to improving the security of widely used software impacting millions of users. Public vulnerabilities discovered by me: CVE-2025-59922 - Fortinet Forticlient EMS RCE CVE-2025-11208 - Google Chrome (And all other chromium related browsers) CVE-2025-32017 - Umbraco Authenticated RCE CVE-2024-31963 - Mitel RCE CVE-2024-31964 - Mitel CVE-2024-31965 - Mitel CVE-2024-31966 - Mitel CVE-2024-31967 - Mitel CVE-2023-31448 - PRTG Path Traversal CVE-2023-31449 - PRTG Path Traversal CVE-2023-31450 - PRTG Path Traversal CVE-2023-31451 - PRTG File Disclosure with Regex CVE-2023-31452 - PRTG CSRF CVE-2023-32781 - PRTG RCE CVE-2023-32782 - PRTG RCE CVE-2023-24037 - Nagios CVE-2023-24036 - Nagios (Auth Bypass) CVE-2023-24035 - Nagios CVE-2023-24034 - Nagios CVE-2022-38165 - F-Secure Policy Manager (Unauthed arbitrary filewrite) CVE-2022-38162 - F-Secure Policy Manager CVE-2022-28885 - F-Secure Policy Manager CVE-2022-45871 - WithSecure fsicapd CVE-2020-12480 - Play Framework (Global CSRF Bypass) CVE-2020-XXXX - BTCPay (XSS to leaked private key) CVE-2019-XXXX - Cerberus FTP (XSS to RCE) CVE-2019-XXXXX/fsc-2019-3 - F-secure Internet Gatekeeper (RCE) CVE-2019-XXXXX/fsc-2019-4 - F-secure Server Security (RCE) CVE-2018-9191 - Fortinet FortiClient (LPE) CVE-2018-9193 - Fortinet FortiClient (LPE) Besides that I have +300 confirmed bugbounty reports mostly in web security. Talks: Introduction to exploiting embedded devices - https://vimeo.com/1070786516 Harnessing zero-days in assume breach testing - https://vimeo.com/1063883979 Blogposts: https://blog.secu.dk/blog/Tunnels_in_a_hard_filtered_network/ (use google cache) https://blog.secu.dk/blog/hitcon/ (use google cache) https://blog.secu.dk/blog/Forticlient/ (use google cache) https://blog.doyensec.com/2020/02/03/heap-exploit.html https://blog.doyensec.com/2020/08/20/playframework-csrf-bypass.html https://baldur.dk/research.html <- most recent research

Experience

Pleo

Senior Application Security Engineer

Jun 2024May 2025 · 11 mos · Copenhagen, Capital Region of Denmark, Denmark

Baldur.

Principal Security Consultant & Founder

Nov 2023Present · 2 yrs 5 mos · København, Region Hovedstaden, Danmark

  • Helping companies stay secure through top-tier application security
Application SecurityInformation SecuritySecurity ControlsCommunicationSoftware DevelopmentProject Management+4

Csis security group a/s

Principal Security Consultant

Oct 2022Nov 2023 · 1 yr 1 mo

  • Offensive Security & Research
  • Penetration testing and red team engagements for a variety of clients, helping them identify and address vulnerabilities in their systems and applications.
  • Web application security assessments to evaluate the security of client web applications, identifying and documenting vulnerabilities and providing remediation guidance.
  • Source code audits to identify vulnerabilities in client software, utilizing both manual and automated techniques to ensure comprehensive coverage.
  • Research and development to discover zero-day vulnerabilities and develop custom exploits, contributing to the state of the art in offensive security.
Application SecurityInformation SecuritySecurity ControlsCommunicationSoftware DevelopmentProject Management+4

Corporate funding partner

CTO

Jul 2020Sep 2022 · 2 yrs 2 mos · København, Hovedstaden, Danmark

  • Developing and managing the infrastructure at Corporate Funding Partner with a strong focus on security and availability.
  • Developed our entire platform for matching lenders and clients.
  • Build secure login system with national ID(NemID).
  • Integrated bank API’s to show customer transactions and organize them.
  • Building the whole kubernetes cluster to automatically deploy and maintain our apps.
  • Routing our network for maximum security.
  • Manage and aid our frontend developers as well as external ux designer.
  • Developing fullstack in Django, Vue.js, Celery, Redis, Kubernetes, Docker.
  • Build optimized searchable database for all property information in denmark.
AutomationSoftware DevelopmentJavaScriptGitSecurity ControlsCommunication+1

Doyensec

Security Researcher

Jul 2019Jul 2020 · 1 yr · US / EMEA

  • Working at the intersection of software development and offensive engineering to help some of the most important companies craft secure code and eradicate security flaws.
  • Conducted manual code reviews in a variety of programming languages, uncovering intricate vulnerabilities, in very mature codebases
  • Utilized SAST tools and contributed to secure software development life cycles (SSDLCs), including working with tools like CodeQL.
  • Vulnerability research and developed tools to aid in this process.
  • Vulnerability research specifically in the area of Android applications security.
Application SecurityInformation SecuritySecurity ControlsSoftware DevelopmentJava Virtual Machine (JVM)Automation+2

Secu a/s

Security Consultant

Feb 2015Jun 2019 · 4 yrs 4 mos · Dragør

  • Web Application Assessments
  • Red Team Assessments
  • Penetration tests
  • Binary Exploitation
  • Developing internal tools
AutomationProject ManagementSoftware DevelopmentSecurity ControlsInformation Security

Stackforce found 100+ more professionals with Application Security & Information Security

Explore similar profiles based on matching skills and experience

AB

Abhay Bhargav

Co-Founder

at SecurityReviewAI

United States21 yrs 6 mos exp
Mark Curphey

Mark Curphey

Co-founder and Board Member

at Crash Override

United Kingdom26 yrs 10 mos exp
Sebastian Porst

Sebastian Porst

Security Engineering Manager (Android Security)

at Google

Munich, Germany22 yrs exp
Malware AnalysisReverse EngineeringSecurityTeaching
Olexandr Tsyshenko

Olexandr Tsyshenko

Lead Security System Engineer

at EPAM Systems

Ukraine9 yrs 2 mos exp
GS

Gurpreet Singh

Software Engineering Leader, Security

at NVIDIA

United States30 yrs 3 mos exp
Cloud SecurityCybersecurity
Sandesh Mysore Anand

Sandesh Mysore Anand

Co-Founder

at Seezo.io

Bengaluru, India17 yrs 11 mos exp
Vivek Srivastava

Vivek Srivastava

Manager - Application Security Enablement

at KPMG

Noida, India12 yrs 9 mos exp
Application SecurityPenetration TestingSecure SDLCSecurity AwarenessVulnerability Assessment
Prithvinder Singh

Prithvinder Singh

Sr. Manager CyberSecurity[M&A/JV’s/Partnerships]

at Grab

Singapore, Singapore15 yrs 9 mos exp