AYUSH GUHA guhaayush16007@gmail.

com

SECURITY ENGINEER 7044044888

BANGALORE, INDIA

linkedin.com/in/ayush-guha-693a4a210

“We are only as strong as our weakest link”. As a security engineer and an IT grad my interest lies in finding the weakest link in
a system and securing it. I program security tools , automate security scans and tests and I have experience securing one of
the fastest growing unicorn startups in India from ground-up which gave me the chance to wear different hats and hone my
cloudsec and appsec skills. I also have participated in multiple CTF events (TyphoonCon, Google, eHaCon) and am a bit of a
documentation freak who likes sharing those write-ups with the larger tech community!

Experience

1. Security engineer @Apna (current)

- Designing an auth framework for Apna (auth V2 microservice).
- Implementing zero-trust arch for internal dashboards and apps.(Hashicorp boundary)
- Building pipelines for cred scanning
- Creating Jira helpdesks and projects with automations for agile security workflows
- Focusing on cost-efficient methods to build security
2. Security Engineer intern@ Apna (8 months)
- Auditing and reviewing cloud infrastructure and IAM policies
- Developing scripts and tools for security automation and ASM.
- Internal VAPT and security testing of web and android app before deployment.
- Creating security roadmaps and also doing POCs of security tools.
- Microservice security and codebase review
- Container scanning for vulnerabilities
- Creating a Vulnerability Disclosure Program and VD handling process
- Creating a plan for a S-SDLC using frameworks such as OWASP ASVS and threat
modelling.
- Helping in development of a security mindset for devs/employees by running social
engineering campaigns.
3. Microsoft security Azure sentinel Hackathon (3 months)
- Created analytic rules, hunting queries, playbooks, data connector and parser for azure
sentinel.
4. Open source contributor at Hacktoberfest@2021. (1 month)

SKLLS
1. Python, C, Bash, PowerShell, XML, YAML, JSON
2. Data structures and OOPS
3. KQL, SQL (MySQL, PostgreSQL)
4. Linux (Ubuntu and Kali) [from kernel to shell and beyond].
5. Azure (Defender, Sentinel, Logic apps, Virtual Networks, functions etc).
6. GCP (Cloud storage, cloud Armor, IAM, VPC network & firewalls, GCR, beyondcorp,
compute engine, SCC, Bigquery etc)
7. Network security & analysis of network protocols - Wireshark, tcpdump, Cisco packet
tracer.
8. Network troubleshooting (DNS server, Firewall, IDS/IPS, network configuration, Routing)
9. Wireless security (802.11a/b/g/n/ac, 802.1x)
10. Incident investigation and remediation
11. Microsoft defender suite including Defender for endpoint, defender for office 365, cloud
app security, etc.
12. WAF – Reblaze, GCA, Azure Firewall, IPtables and windows adv firewall
13. Implementation of OAuth2 flows and JWT and API testing
14. Manual security code review.
15. Infrastructure as a code (IAC) – Nginx, HCL and docker
16. Automation using Jenkins and Zapier
17. Container security
18. Well-versed in security compliance/regulation frameworks like ISO/IEC, SOX, PCI DSS, CIA
triads, HIPAA.
19. Implementing email authentication (DMARC, DKIM & SPF)
20. Calculation of vulnerability scores (CVSS 3.1).
21. Social engineering and OSINT
22. Webapp attacks (SQLi, LFI, RFI, RCE, XSS, Tabnabbing, Rate limit bypass, SSRF etc)
23. VAPT using tools like MSF, Burp suite, HashCat, NMAP, Aircrack-ng suite etc.
24. Memory analysis (volatility)
25. Git, Bitbucket
26. Agile project development and scrum methodologies (Jira, Jira service desk, confluence)
27. Reverse engineering & binary exploitation (x86), Basic Cryptography.

CERTIFICATIONS

1. Certified Ethical Hacker by EC-council (CEH) (passed with 80%).

2. IBM certified cyber security analyst (Professional certificate)
3. Cisco Network Essentials (passed with 88%)
4. IBM Cybersecurity Compliance Framework & System Administration.
5. Cisco CCNAv7- Bridging (passed with 85.6%)
6. Microsoft certified Security Operations associate.

PROJECTS ( https://github.com/HelloGit-ty)
1. Secure_Wrike_using_Azure_Sentinel – Azure sentinel solution for Wrike PMS (Python, JSON, Azure, KQL)
2. Log4j-scan – Contributed WAF bypass rules and features to the tool for discovery of log4shell on remote
hosts.(python)
3. 3Bucket-eer – Tool to scan for public buckets in an unauthenticated manner as well as enumerate info on
buckets and objects on GCP in an authenticated & fully automated manner and send alerts over slack if a
blacklisted bucket is found exposed (python).
4. Security On-call- Automation script to rotate on-call security Engineers in a slack usergroup using non-
consecutive repetition (python)
5. Rate limit metric automation – Ingesting WAF and LB level logs into a Bigquery dataset and using python to
fetch and report metrics in slack related to rate-limits.
6. Shell Manager - Multi-client reverse Shell (Python).
7. DeviceFinder - ARP SCANNER (Python).
8. A$$etH0und - (Python) Asset tracking tool for red teaming.
9. Backstory App - An app and a web app for reading and submitting short stories and poetry.
 ACHIEVEMENTS
1. 2021 - Received the most popular project award and the top 10 eligible project awards by Microsoft in
the Azure sentinel hackathon. Our project was also featured in the Microsoft blog post and received
praise from the CEO of SOC prime & inventor of Uncoder.IO, Andrii Bezverkhyi.
2. 2021- My project has been recognized and praised by the associate director of KPMG India and by their GSOC team
as well.
3. 2021- Received Hacktoberfest swags for successfully completing 10 PRs to various open source projects.
4. 2019 - Came 2nd in ICELTS for developing the Backstory app.

EDUCATION
COLLEGE/UNIVERSITY
Institute of Engineering and management (IEM), Salt Lake.

DEGREE
B.tech in IT 2018-2022 (CGPA – 8.67/10)