Staff Software Engineer, Information Security Engineering Team
Zurich, Zurich, Switzerland
Join Prog.AI to see contacts
Join Prog.AI to see contacts
Summary
🤩
Rockstar
🎓
Top School
Krzysztof Kotowicz is a Staff Software Engineer on Google's Information Security Engineering team with 16 years of hands-on experience in web and client-side security research. He specializes in discovering and exploiting HTML/JavaScript vulnerabilities, authoring multiple recognized client-side attack vectors and presenting findings at top conferences including Black Hat and OWASP AppSec. At Google he works on product security reviews, the Vulnerability Reward Program, and security-focused engineering such as Trusted Types and cryptographic libraries. His open-source contributions include security hardening and PoC research in high-profile projects like DOMPurify and Google’s security-research PoC repositories. Prior roles as a penetration tester, consultant, and web developer give him uncommon depth across secure development, auditing, and exploit development. He combines deep technical expertise with practical remediation experience, often turning complex research into usable defenses and tooling.
16 years of coding experience
12 years of employment as a software developer
master, master at Uniwersytet Ekonomiczny w Krakowie
Proof-of-concept codes created as part of security research done by Google Security Team.
Role in this project:
Security Engineer
Contributions:23 commits, 5 pushes in 6 months
Contributions summary:Krzysztof focused on security research and proof-of-concept (PoC) development within the Google Security Team. They implemented various script gadgets and modified existing code to explore and demonstrate security vulnerabilities. Their work involved creating and updating bypasses for web application firewalls (WAFs) and exploring cross-site scripting (XSS) vulnerabilities in different frameworks like Aurelia, Ractive, and Dojo, as well as investigating potential vulnerabilities related to Closure and DomPurify. They also moved third-party code and updated scripts for various security tests.
End-To-End is a crypto library to encrypt, decrypt, digital sign, and verify signed messages (implementing OpenPGP)
Role in this project:
Back-end Developer
Contributions:246 commits, 56 PRs, 48 pushes in 1 year 9 months
Contributions summary:Krzysztof primarily worked on a cryptography library, as indicated by the commit messages. Their contributions focused on the internal workings of the library, specifically removing dependencies on certain libraries and removing code related to hash input bytes. The changes involved modifications to existing code related to elliptic curve cryptography (ECC) and AES-CTR encryption operations. These changes contribute to the robustness and efficiency of the cryptography library.
crypto-librarycryptographyend-to-endsignopenpgp
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Krzysztof Kotowicz - Staff Software Engineer, Information Security Engineering Team