Soroush Dalili

Product Manager

Worcestershire, England, United Kingdom20 yrs 1 mo experience
Most Likely To SwitchAI Enabled

Key Highlights

  • Over 20 years of experience in security research.
  • Pioneered AI-assisted security auditing workflows.
  • Contributed security advisories to major tech companies.
Stackforce AI infers this person is a Cybersecurity expert specializing in vulnerability research and application security.

Contact

LinkedIn

Skills

Core Skills

Application SecurityCybersecurityVulnerability AssessmentPenetration TestingVulnerability ResearchWeb Application Security

Other Skills

secure code reviewsAI-assisted security auditing workflowsbug bounty researchred team exploitscustom tools developmentdeserializationsecurity advisoriescommunicationweb application penetration testingvulnerability tracking systemsBurp Suitevulnerability assessmentsweb application security auditspenetration testssource code review

About

Security researcher with over 20 years of experience in vulnerability research, exploit development, and offensive tooling. Discovered the IIS Short File Name Disclosure vulnerability, maintain the YSoSerial.Net deserialization framework, and have contributed security advisories to Microsoft, Mozilla, Adobe, Yahoo, and Facebook. Speaker at AppSec EU, SteelCon, and NDC Manchester. Now applying AI-assisted techniques to security research, including building security tools with LLM coding agents (Claude Code, GitHub Copilot, Codex), developing AI-augmented source code auditing workflows, and researching AI-enabled vulnerability discovery and exploit development.

Experience

20 yrs 1 mo
Total Experience
2 yrs 10 mos
Average Tenure
3 yrs
Current Experience

Bentley systems

Principal Application Security Engineer

Nov 2025Present · 7 mos · Remote

  • Leading the Defenders application security group focused on vulnerability research and secure code reviews
  • Conducting deep security-focused source code audits of enterprise applications
  • Developing AI-assisted security auditing workflows using LLM agents to accelerate vulnerability discovery in enterprise codebases
vulnerability researchsecure code reviewsAI-assisted security auditing workflowsApplication SecurityCybersecurity

Secproject ltd

Director

Jun 2023Present · 3 yrs · England, United Kingdom · Remote

  • Delivering cybersecurity consulting including penetration testing, and vulnerability research
  • Conducting bug bounty research and responsible vulnerability disclosure
penetration testingvulnerability researchbug bounty researchCybersecurityVulnerability Assessment

Mdsec

Principal Research Consultant

Jan 2020Jun 2023 · 3 yrs 5 mos · Remote

  • Led and executed penetration testing assessments.
  • Crafted detailed penetration testing reports.
  • Guided clients in understanding issues and mitigating risks.
  • Led research projects and developed red team exploits.
  • Managed consultant servers for daily testing.
  • Developed custom tools like Burp Suite Sharpener and expanded YSoSerial.Net.
penetration testingred team exploitscustom tools developmentPenetration TestingVulnerability Research

Ncc group

3 roles

Principal Security Consultant

Jul 2017Nov 2019 · 2 yrs 4 mos

communication

Managing Security Consultant

Jan 2016Jun 2017 · 1 yr 5 mos

communication

Senior Security Consultant

Feb 2014Dec 2015 · 1 yr 10 mos

  • Led web application penetration testing engagements
  • Managed research initiatives as Manchester office research lead
  • Developed internal vulnerability tracking systems
  • Built custom tools including Burp Logger++ and Outlook HTML Leak Test
web application penetration testingvulnerability tracking systemsWeb Application SecurityVulnerability Assessment

Bet365

Senior Information Security Specialist

Jan 2010Jan 2014 · 4 yrs · Stoke-on-Trent, United Kingdom

  • Conducted secure code reviews and large-scale application penetration testing
  • Led threat modelling and vulnerability assessments
  • Managed a team of three penetration testers
  • Developed internal secure development standards aligned with PCI
secure code reviewsvulnerability assessmentsApplication SecurityVulnerability Assessment

Meal2go ltd

Security Adviser (part time contracting)

Feb 2009Jun 2009 · 4 mos

  • Performed web application security source code audits, identifying coding and logical issues using both manual techniques and automated scanners.
  • Assisted in designing solutions to improve internal network security.
  • Regularly conducted internal and external penetration tests.
  • Worked with internal developers to understand and effectively resolve identified security issues.
communication

Contracting

Web Application Security Tester (part time contracting)

Feb 2006Jun 2008 · 2 yrs 4 mos · Iran

  • Conducted penetration testing for diverse industries, mitigating security risks
  • Invested in professional development by attending industry-relevant security training courses.
  • Mentored junior staff in web application security testing, utilizing the Web Application Hacker’s Handbook as a primary resource.
  • Reviewed application source code, identifying and resolving vulnerabilities.
web application security auditspenetration testsWeb Application Security

Pars it net

Web Developer (part time contracting)

Dec 2003May 2005 · 1 yr 5 mos

  • Led a team to develop multiple customer web applications using ASP Classic (VBScript).
  • Enhanced network and application security at Shahid Beheshti University's Computer Centre.
penetration testingsource code reviewWeb Application Security

Education

University of Birmingham

MSc. — Computer Security

Jan 2008Jan 2009

Shahid Beheshti University

BSc. — Electrical Engineering

Jan 2003Jan 2008

Stackforce found 100+ more professionals with Application Security & Cybersecurity

Explore similar profiles based on matching skills and experience

BS

Bilal Shaikh

IT Security Engineer

at Perseus Group, Constellation Software

Pakistan4 yrs 2 mos exp
Penetration TestingVulnerability AssessmentApplication SecurityCybersecurity
SS

Surendra Nath Reddy Satti

Principal Engineer

at Unacademy

Bengaluru, India8 yrs 9 mos exp
CybersecuritySecurity ArchitectureApplication SecurityVulnerability Assessment
DG

Dhwani Girwalkar

Senior Cyber Defense Analyst

at PayU

Bengaluru, India7 yrs 9 mos exp
Aimar Sechan Adhitya

Aimar Sechan Adhitya

Lead Security Researcher

at HYPERHUG

Bali, Indonesia1 yr 10 mos exp
CybersecurityPenetration TestingMobile SecurityVulnerability Assessment
Somesh Jaiswal

Somesh Jaiswal

Senior Application Security Engineer

at Twilio

Bengaluru, India7 yrs 6 mos exp
Rajesh Bopalkar

Rajesh Bopalkar

Senior Professional - Security Compliance (Technical Account Manager)

at Gainwell Technologies

Pune, India19 yrs 8 mos exp
Vulnerability ManagementCompliance Management
Umesh Pawar

Umesh Pawar

Staff Security Engineer

at Stryker

Bengaluru, India11 yrs 6 mos exp
Secure SDLCProduct SecurityApplication SecurityThreat and Vulnerability Management
Anand Prabhat

Anand Prabhat

Principal Cloud Security Engineer

at Autodesk

Bengaluru, India7 yrs exp
Cloud SecurityInformation SecurityIdentity & Access Management (IAM)Cyber-security