Summary
Overview
Work History
Education
Skills
Certification
Languages
Accomplishments
Timeline
Generic
Anvesh Guthikonda

Anvesh Guthikonda

Bangalore

Summary

  • 6+ years of experience in penetration testing, vulnerability assessment, and vulnerability management include network, web application, API's, mobile, thick client, DevSecOps, and AD assessment.
  • Experienced in deploy Security Control Validation Platform as a BAS Tool's that includes Picus Security Control Validation (SCV), Attack Path Validation (AVP) and Cymulate, it enables organizations to gain a deeper understanding of security posture vulnerabilities by automating testing of threat vectors and continuously testing the effectiveness of their security tools.
  • Experience in deploy the DevSecOps Tools such as SonarQube and Fortify Web Inspect such as Software Security Center and DAST (Dynamic Application security assessment).
  • Conduct Red Team activities like OSINT, Bloodhound, Ping Castle, Purple Knight, File Share Assessment, External Perimeter Scanning, BAS Simulation, and AD Assessment activities on quarterly and semi-annual bases to identify publicly exposed assets that lead to compromise the network.
  • Conduct application scanning using both black-box and grey-box approaches for on-premises, publicly hosted (Vendor), and Internal applications to perform vulnerability assessment accordance with OWASP & SANS, based on the organization's policies and procedures.
  • Performing Peer Reviews for the team member reports.
  • The comprehensive report preparation includes vulnerability details, associated risks, and outlining remediation actions. These reports are then used for presentations and coordination across lines of business owners.
  • Present the reports to the business stakeholders to represent the remediation of the activities including the BAS along with the offensive activities’ details.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Security Analyst - Attack & Pentest

Diageo Business Services Pvt Ltd(Client)
Bangalore
10.2019 - Current

· Conduct the Breach and Attack Simulation (BAS) activities to identify the risk and vulnerabilities to check effectiveness of security defense and score.

· Identify high-risk applications from customer portfolio that need consideration their requirements for security assessments, such as Business Critical, Crown jewelers, Data Sensitive based on e-commerce, CMS, payroll applications, etc.

· Conduct Pentest on internal applications using black box and grey box methods. This involves scanning and crawling the application, analyzing tool outputs, and manually testing to identify and report the vulnerabilities according to OWASP top 10 vulnerabilities.

· Conduct bloodhound activity to find the Active Directory misconfigurations permissions, i.e., ACL permissions, excessive local admin rights, targetable users and computers, misconfigurations service account, password policy, etc.

· Conduct sensitive information hunting using the OSINT framework and internal file share assessments to prevent internal information disclosure.

· Creating SOP documents for offensive securities activities.

· Providing recommendations and tracking the vulnerabilities to closure.

Penetration Tester

Netsentries Infosec Solutions Pvt Ltd
Kerala
05.2019 - 10.2019
  • performed vulnerability assessment on the web application and network using primarily the Kali Linux platform and open source tools, such as Nessus , Burp, Nmap,Dirb,Dirbuster, Metasploit Framework, sqlmap, dirsearch, and many more.
  • Produced video proof of concept in detailed steps and screenshots for identified critical and high vulnerabilities, as well as document the replication instructions in the video poc’s along with the detailed report.
  • Vulnerabilities will reported based in the CVSS (Common Vulnerability Scoring System).
  • Assisting the application team to remediate the reported vulnerabilities.

Engineer

Team Lease Technologies Private LTD
Bangalore
05.2018 - 04.2019

· Gather details on the scope of work for network subnets and the list of applications, and formulate a detailed plan on a quarterly basis for necessary approvals.

· Notify the team to perform daily external black-box network and web application penetration testing.

· Conduct automated and manual network penetration testing on designated subnets using tools such as Tenable Nessus Professional, Nmap, Metasploit, manual scripts, Kali Linux Tools, and other open-source tools available on GitHub.

· Preparing comprehensive security vulnerability reports and provide walkthrough of the report and revalidate the identified vulnerabilities.

· Create quarterly executive summaries and dashboards for presentations, ensuring coordination and communication across various lines of business owners.

Education

Master of Computer Applications - Computer Applications

Vaagdevi College of Engineering

Bachelor of Computer Applications - Computer Applications

Bharathi Degree College

Skills

  • Web Application Pentest
  • API Pentest
  • Network Pentest
  • Mobile Pentest
  • Thick Client Pentest
  • IOS Pentest
  • Red Teaming
  • DevSecOps

Knowledge in:

  • Docker Pentest
  • Threat modeling
  • Source Code Review

Certification

  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Professional (CRTP)
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft Certified: Azure Fundamentals

Languages

  • English
  • Telugu
  • Hindi

Accomplishments

Awards and Rewards:

  • Appreciations from the CPO (Chief People Officer) and Director of Happiest Minds for NSE InfoSec Project.
  • Received the SPOT Awards for setting the benchmark in innovation, technical improvement, teamwork, and excellence.

Timeline

Security Analyst - Attack & Pentest

Diageo Business Services Pvt Ltd(Client)
10.2019 - Current

Penetration Tester

Netsentries Infosec Solutions Pvt Ltd
05.2019 - 10.2019

Engineer

Team Lease Technologies Private LTD
05.2018 - 04.2019

Master of Computer Applications - Computer Applications

Vaagdevi College of Engineering

Bachelor of Computer Applications - Computer Applications

Bharathi Degree College
  • Offensive Security Certified Professional (OSCP)
  • Certified Red Team Professional (CRTP)
  • Microsoft Certified: Azure Security Engineer Associate
  • Microsoft Certified: Azure Fundamentals
Anvesh Guthikonda