Security Engineer

Go Charan Kilaru

I break applications, then build the tools that catch what broke.

Application and product security across web, APIs, source code, and CI/CD pipelines. I do offensive work — red team, penetration testing, bug bounty — and I ship open-source security tooling that turns those findings into repeatable checks. Based in Delaware, USA.

kspect — scan
$ kspect scan
FAIL HIGH    KSPECT-SYSCTL-003    Unprivileged BPF disabled
     observed: sysctl kernel.unprivileged_bpf_disabled = "0"
     expected: sysctl kernel.unprivileged_bpf_disabled in {1, 2}
     fix:      sysctl -w kernel.unprivileged_bpf_disabled=1
...
Summary: 50 checks — 18 fail, 21 pass, 11 unknown

Output from kspect, one of the open-source tools below.

Featured work

kspect

Linux kernel security auditing and drift detection in one static Go binary. 50 built-in checks, SARIF output for GitHub code scanning, baseline diffing for CI gates.

github.com/5h4rk-lab/kspect

Basilisk

Proof-based security testing framework for LLM apps and AI agents, covering the OWASP LLM Top 10. Detects prompt injection and data leakage with markers and canaries instead of guesswork.

github.com/5h4rk-lab/basilisk-llm

Credentials

GCP Professional Cloud Security Engineer · CRTP · CEH · eJPT

M.S. Cybersecurity, University of Delaware — GPA 3.96, May 2025