Shubham Shah

CEO

Sydney, New South Wales, Australia15 yrs 3 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Ranked #1 bug bounty hunter in Australia.
Co-founded a leading attack surface management platform.
Expert in discovering complex vulnerabilities.

Stackforce AI infers this person is a Cybersecurity expert specializing in application security and vulnerability management.

Contact

Skills

Core Skills

CybersecurityVulnerability ManagementApplication SecurityPenetration TestingSecurity ConsultingIt SecurityWeb Application Security

Other Skills

Technical VisionPlatform ArchitectureVulnerability AssessmentPlatform DevelopmentVulnerability DiscoveryReportingBlack-box TestingSecurity AutomationBug Bounty HuntingApplication Security AssessmentSource Code ReviewMobile Application SecurityOperational Disruption TestingFirewall ReviewsSecurity Vulnerability Management

Experience

Searchlight cyber

SVP of Engineering & Research

Jan 2025 – Present · 1 yr 3 mos · Sydney, New South Wales, Australia · Remote

Engineering and research leader overseeing Assetnote's cybersecurity platform development and technical vision. Directing offensive security research programs focused on zero-day and N-day vulnerability discovery while managing platform architecture and scalability initiatives.
Leading engineering teams in developing innovative security tooling while driving vulnerability research that expands attack surface coverage. Established efficient development workflows and scaled engineering operations to support continuous platform advancement and cutting-edge security research, resulting in multiple critical-impact vulnerability discoveries.

Web Application SecurityVulnerability ManagementCybersecurityTechnical VisionPlatform Architecture

Assetnote

CTO

Jul 2018 – Feb 2025 · 6 yrs 7 mos · Brisbane, Australia

Shubham Shah is a security researcher and entrepreneur, known for co-founding Assetnote - a leading attack surface management platform. He's ranked as the #1 bug bounty hunter in Australia for three consecutive years and #27 in the world on HackerOne. Shubham specializes in discovering complex vulnerabilities in enterprise software and engineering security automation.

Application SecurityVulnerability ManagementSecurity AutomationBug Bounty Hunting

Hackers helping hackers

Co-Founder and Board Director

Jan 2017 – Jan 2019 · 2 yrs

Bishop fox

Senior Security Analyst

Feb 2015 – Jan 2017 · 1 yr 11 mos · Sydney, Australia

Shubham Shah is a Senior Security Analyst at Bishop Fox, a security consulting firm providing IT security services to the Fortune 500, global financial institutions, and high-tech startups.
Shubham’s primary areas of expertise are application security assessment, source code review, and mobile application security.

Application Security AssessmentSource Code ReviewMobile Application SecurityApplication SecuritySecurity Consulting

Ey

IT Forensics/Security Consultant

Sep 2014 – Feb 2015 · 5 mos · Sydney, Australia

Penetration Testing of Web Applications and Networks (Red Team and Blackbox)
Wireless Network Penetration Testing
Operational Disruption Testing
Firewall Reviews

Penetration TestingOperational Disruption TestingFirewall ReviewsIT Security

Atlassian

Security Contractor

Jun 2014 – Jul 2014 · 1 mo · Sydney, Australia

As a security contractor, I manually pentested web applications externally facing and owned by Atlassian. Additionally, I performed penetration testing on Atlassian's main products (JIRA, Confluence, HipChat, Bitbucket and more). Through this process, I was able to discover a large number of medium-risk vulnerabilities and a few high risk vulnerabilities.
In performing very thorough testing, I was also able to communicate with fellow developers of Atlassian products by assisting in the management of bugs and external bug reports. This required me to formally verify and assist in identifying the origin of security vulnerabilities in Atlassian products.

Penetration TestingSecurity Vulnerability ManagementApplication Security

Hacklabs

Security Consultant

Dec 2013 – May 2014 · 5 mos · Sydney, Australia

In my time at HackLabs, I developed a professional outlook on penetration testing where I was able to perform web application security assessments with a talented team of people in order to find, investigate and exploit potential security flaws. I participated in many projects as a part of my employment, such as the development of the Tastic RFID Scanner and assisted with the production of security related tools/proof of concepts.

Web Application Security AssessmentPenetration TestingWeb Application Security

Contractor

Security Researcher

Jan 2011 – Present · 15 yrs 3 mos

High impact application security research, discovery of zero-day vulnerabilities and co-ordinating disclosure to affected vendors and companies.
Ranked #1 on HackerOne leaderboard in Australia for multiple years in a row, #28 in the world.
Performed black-box penetration tests, organised reports and suggested effective strategies to prevent intrusion of systems/applications.
Reported vulnerabilities in web applications developed by companies such as Google, PayPal, Facebook, LinkedIn, KhanAcademy, Medium, Microsoft, Blackberry, Adobe, Nokia, eBay, Coinbase and Prezi.

Penetration TestingApplication SecurityVulnerability DiscoveryReportingBlack-box Testing