ShadowCore was founded by cybersecurity operators who build, break, and defend. Penetration testing, compliance, SOC — one team covering your entire attack surface.
The operational doctrine that guides every engagement.
We attack to protect. Our red team insights directly improve our defensive capabilities.
We publish our methodologies, maintain a public trust center, and hold ourselves accountable.
The threat landscape shifts daily. Our team trains weekly, researches constantly, and adapts.
Zero tolerance for data exposure. Strict need-to-know access. All engagements sanitized.
Security professionals with hands-on experience across pentest, compliance, SOC, and application security.
Founder, Head of Security
Web & Mobile Application Security, Penetration Testing, NIS2 Compliance, DevSecOps. Worked in gov, product & fintech sectors. Conducted 20+ full-scope penetration tests, built Secure SDLC from zero, supported NIS2 audit for a major pharmacy company.
Co-Founder · AI Direction
Leads AI direction at ShadowCore — AI-driven security automation, agent workflows for security operations, and integration of AI tooling into pentest and SOC delivery.
Co-Founder · SOC, Threat Intelligence & Incident Response
Leads SOC, Threat Intelligence, and Incident Response direction. Two years of SOC analytics for government agencies and large energy companies; built a Vulnerability Management process for a critical-infrastructure government entity; ~10 penetration tests conducted.
Senior AppSec Engineer
7+ years in security and bug bounty. Detected hundreds of critical vulnerabilities, Mozilla Hall of Fame, authored cybersecurity researches. Performed Red Team Engagement for product company, detected critical vulnerability in Mozilla Firefox.
Security Engineer
Application and infrastructure penetration testing, vulnerability management, and secure SDLC practices. Performed code review and secure SDLC integration for a fintech startup, conducted vulnerability assessment and hardening of cloud-hosted infrastructure.
Security Engineer
Web and API penetration tests, code reviews, and security assessments for SaaS and fintech clients. Conducted internal network pentesting and Active Directory security review, executed web application and API penetration testing for a SaaS analytics platform.
Supported by vetted security engineers for project delivery, research, documentation, and remediation support under senior supervision.