Karan Singh

Security Researcher · CTF Player

I am a Security Researcher and Engineer dedicated to uncovering vulnerabilities and fortifying the digital landscape. With a deep focus on Web Application and Browser Security, I bridge the gap between technical exploitation and enterprise-grade compliance. Whether I am analyzing malicious browser extensions at scale, triaging bug bounty reports, or navigating the complexities of GRC (Governance, Risk, and Compliance) audits, my goal is to build a safer web. My work often translates into technical writeups and sales collateral that validate product efficacy and educate the broader security community.

Experience

Research & Development Intern Jan 2026 – Present
Zscaler
  • Led GRC audit evidence collection for post-acquisition security compliance.
  • Mitigated SSRF, IDOR, and Privilege Escalation in internal products.
  • Analyzed 700+ extensions and reported threats to Chrome Web Store.
  • Authored extension research used as sales collateral for product efficacy.
  • Triaged and validated vulnerability reports for the Bug Bounty program.
Software Engineer Intern Nov 2025 – Jan 202
SquareX
  • Hardened core products against IDOR and Privilege Escalation.
  • Discovered a critical restriction-bypass during enterprise browser testing.
  • Audited 100+ extensions for credentials and data exfiltration risks.
  • Conducted regular QA security analysis

BUG BOUNTY EXPERIENCE

Yandex

CTF Player

I maintain a strong commitment to technical excellence through active participation in global cybersecurity competitions. Throughout 2025, I competed in various Capture The Flag (CTF) events, consistently placing within the top 100 in numerous challenges, including NOPS CTF, BCA-CTF, GPN-CTF, CORN-CTF, INDUSTRIAL INTRUSION. To further advance my practical exploitation skills, I have rigorously trained on the TryHackMe platform, where I currently hold a global ranking within the top 1%.