Austin · Texas, USA
17:22CST
Pentesters,
not vendors.
Original research, not templated reports. CREST-accredited pentesters publish CVEs from production systems and deliver proof-of-exploit on every engagement. Now extended as BugDazz, autonomous pentest, PTaaS, and API scanning.
Trusted by security teams across Fintech, SaaS & Education, Enterprise & Telecom, Security & Critical Infrastructure
What we are after
Vision and mission.
Vision
Make cyberspace a secure place, globally.
Real security work, delivered to teams shipping software in every market we operate in. Not a dashboard. Not a SKU. The work itself.
Mission
Class-leading security, run by people who care about the work.
Offer the security products and services our clients need, through a team of pentesters and researchers who own the outcome, and counter the threats that scanners alone will not catch.
Production-tested
Pentest practice, running since 2012.
Engaged across the largest banks, insurers, retailers, and tech companies in the world. The playbook is sharpened from real production work, not invented per project.
14Years in productionCREST-accredited, CERT-In empanelled, ISO 27001 and SOC 2.
- 10+Top banks and insurersAcross North America, EMEA, and APAC.
- 3 / 10Global tech companiesEngaged on offensive testing.
- Tier‑1Retailers and marketplacesEcommerce, SaaS, and logistics.
Recognized by
Read in the reports buyers actually open.
The pentest market gets surveyed every quarter. We have shown up in the reports our buyers read before they cut a PO.
Peer Insights, Application Security Testing
Radar, Penetration Testing as a Service
A customer wrote publicly.
“Thank you for being our pentest partners. Our user base is safer because of y'all.”
Public moments
In the open since 2012.
Conference talks, vendor credits, customer endorsements. Specific, dated, verifiable.
US government adds SL7-disclosed n8n RCE to Known Exploited Vulnerabilities catalog
READ
Sandyaa: Open-source autonomous security bug hunter
READ
A Bird's Eye View Of Large Language Model Security
READ
Sandeep Kamble cited as outside expert on Indian insurance breach
READ
Loom co-founder publicly thanks SL7 as pentest partners (SSO account-takeover finding)
READ
COVID-19 pentest initiative, partnered with Cure53 and X41 D-Sec to test pandemic-response apps for free
READ
SecureLayer7 + Sandeep Kamble at Japan's Code Blue international security conference
READ
Security Researcher Disappointed with How an XSS Bug Was Fixed in Drupal 8
READ
Oracle E-Business Suite unauthenticated file upload, credited to SecureLayer7 in Oracle CPU July 2015
READ
Sandeep Kamble at Nullcon Goa, 'Jailbreak' talk
READ
CP
Dec 2012Sandeep Kamble, 'FatCat Web Based SQL Injector' (open-source release)
READ
Where we work
Two cities, one team.
Austin and Pune. Pentesters, researchers, and engagement leads work from both, local hires, local hours.
Pune · Maharashtra, India
03:52IST
What we believe in
F · I · R · E · W · A · L · L
Eight letters, eight defaults. Operating principles for how we hire, scope, and ship, read top to bottom, they spell out the firm.
Follow your passion.
Do it with passion or not at all.
Go the extra mile.
Integrity, non-negotiable.
Integral to every aspect of the business.
No findings massaged for politics.
Reach for glory.
Build for scale.
Through an elite workforce.
Encourage innovation.
Never say no to an idea.
Make mistakes, but get things going.
We work and win in teams.
Struggle and celebrate together.
Display humility when opinions differ.
Act decisively.
Be accountable.
Commit to the uncomfortable.
Live for customer delight.
Customer first.
Going above and beyond.
Lead with example.
Performance matters.
Deliver consistent quality results.
Leadership
The people who sign the work.
Two founders and a working bench. Names show up on the engagement letter, the report, and the LinkedIn profile your security team can audit before they hire us.
Kishor Desarda
Co-founder & CEO
Runs the firm. Closes the engagements that matter. Will read your threat model before the call.
Sandeep Kamble
Founder & CTO
Started SecureLayer7 in 2012. Still drops into engagements when an exploit needs a second pair of hands.
Deepak Kewalramani
CFO
Runs the numbers so the pentesters do not have to. Approves the procurement paperwork before you see it.
Varun Madnani
CMO
Translates the firm's research into language buyers actually use. If you found us through a search, that was him.
John Dill
Field CISO
Field CISO running enterprise red-team engagements; 20+ years in offensive security and CISO advisory.
Praveen Dixit
Business Head, BFSI
Runs the BFSI book, banks, insurers, fintechs. The auditor's questions, the procurement form, the compliance boundary, handled before the kickoff call.
Jinendra Khobare
Head of Product · Co-founder, Sensfrx.ai
Runs product at Sensfrx.ai, the SecureLayer7 spin-out that turns engagement intel into a fraud-detection signal. Translates buyer scope docs into engagements that find the bugs.
Pushkar Kadadi
Head of Products
Owns the BugDazz product surface. Ships fewer features, harder ones, the ones our pentesters use first.
Deepali Sarode
Head of People
Hires the pentesters you will eventually meet on a call. Sets the bar that the rest of the firm has to clear.
Ketki Baregar
Lead, Talent Acquisition
Sources the pentesters we'll need before the seats exist. Offensive-security talent is rare, finding it ahead of demand is half the job.
Careers
Find the right opportunity for you.
We hire for the bench, not for headcount. Senior pentesters and researchers who own the outcome.
A note from the firm
If your company ships software, you are already a target. We would rather you find out from us, on a Tuesday, with a clean reproducer and a Friday fix path, than from someone who is not going to leave a voicemail.
, SecureLayer7
SL7 University
Ready to see exploit-grade findings on your stack?
A six-month, no-fee pentest training program for final-year college students. Hands-on labs on web, internal, and external network. Hiring pipeline at the end for the students who clear the bench.