Skip to main content
Product · ShadowMap

Senior Security Researcher — ShadowMap

Lead exploitation, validation, and customer-facing remediation work on ShadowMap — Security Brigade's proprietary attack surface management platform.

📍 Mumbai / Remote 🗓 Full-time 📊 Senior
web application penetration testingOWASP Top 10burp suiteattack surface managementShadowMapexploitationremediationclient management

Ready to apply?

Send us your CV and a short note on why this role excites you.

Apply Now →

Usually responds within 2 business days

About the Role

Security Brigade is hiring a Senior Security Researcher to work alongside ShadowMap, our proprietary attack surface management platform. You will analyse alerts the platform surfaces — web and mobile application exposure, data leaks, dark-web findings, and exposed code repositories — validate them through hands-on penetration testing, and drive remediation conversations directly with customer engineering and security teams. You will own customer-facing technical engagements end-to-end: scoping the validation, demonstrating proof-of-concept, helping the customer fix what we found, and contributing back research that improves the platform itself.

What You'll Do

  • Analyse the attack surface intelligence ShadowMap surfaces — web/mobile alerts, data leaks, dark-web exposure, code-repo leakage, exposed services
  • Validate findings through targeted manual penetration testing; produce proof-of-concept exploits where customers need evidence
  • Lead client-facing remediation conversations including executive summaries, technical walkthroughs, and follow-up validation
  • Collaborate with customer engineering teams to ship fixes and revalidate them
  • Feed research back into ShadowMap — new attack patterns, false-positive reduction, scoring improvements, new detection ideas
  • Mentor junior researchers and contribute to internal knowledge-sharing

What We're Looking For

  • 4+ years of hands-on web application penetration testing experience
  • Deep working knowledge of OWASP Top 10 and the OWASP Top 10 Proactive Controls — both how to attack and how to advise on remediation
  • Comfortable working customer-side: presenting findings to engineering teams, demonstrating exploits live, and walking remediation owners through fixes
  • Track record on practical labs (Hack The Box, TryHackMe, PortSwigger Web Security Academy) is a strong signal even without enterprise experience
  • Excellent written communication for client-facing reports and executive summaries

What We Offer

  • Competitive salary + performance-linked variable
  • Hybrid + remote-friendly
  • Sponsorship for relevant offensive-security certifications (OSCP, OSWE, OSCE, CRTO, BSCP)
  • Internal research time and dedicated lab environment
  • Direct authorship influence on a real product (ShadowMap) shipping to enterprise customers

Quick Facts

Team Product · ShadowMap
Location Mumbai / Remote
Type Full-time
Level Senior
Posted 1 May 2026
Apply for This Role →
← Back to all open positions