Amarnath Araveti
St. Louis
Summary
Security professional with 4+ years of hands-on experience working across incident response, vulnerability management, and offensive security assessments. Comfortable in the "cleanup role" -walking through environments, mapping attack paths, validating real exploitability, and explaining what actually matters to security and business teams. Experienced collaborating with SOC, IR, and infrastructure teams to translate findings into concrete remediation, detection improvements, and risk reduction. Known for staying calm in noisy environments, documenting clearly, and following issues through until fixes are verified.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Information Security Engineer / Security Operations Analyst
Oracle
St. Louis
04.2025 - Current
- Performed hands-on security assessments across cloud, application, and identity layers, validating exploit paths instead of relying solely on scanner output.
- Investigated attack surface weaknesses including exposed services, excessive permissions, weak auth flows, and misaligned access controls.
- Supported penetration testing and red/purple team exercises by reproducing findings, validating fixes, and helping blue teams tune detections.
- Walked through Azure and hybrid environments identifying IAM abuse paths, lateral movement risks, and cloud-specific misconfigurations.
- Performed root cause analysis on recurring vulnerabilities, documenting why controls failed and how to fix them without breaking workflows.
- Wrote clear technical reports with step-by-step reproduction, impact explanation, and prioritized remediation guidance.
- Collaborated closely with SOC and IR teams to translate offensive findings into detection logic and hardening recommendations.
IT Risk, Compliance & Security Analyst
EY GDS
Bangalore
06.2020 - 08.2023
- Participated in internal penetration testing and vulnerability assessment cycles across enterprise applications and infrastructure.
- Assisted in web application testing focusing on authentication flows, access control, injection issues, and business logic flaws.
- Reviewed threat intelligence relevant to healthcare and financial environments to guide attack path modeling.
- Worked with security teams to validate remediation efforts and confirm vulnerabilities were fully resolved.
- Helped align findings with MITRE ATT&CK and NIST CSF to communicate risk clearly to leadership.
- Produced technical and executive-facing reports explaining real-world impact rather than theoretical risk.
Security & IT Operations Intern
Splenta Systems Pvt Ltd
Bangalore
04.2019 - 03.2020
- Assisted with manual security testing of internal applications and APIs under supervision.
- Reviewed logs, access controls, and configurations to identify weak authentication and authorization patterns.
- Helped reproduce vulnerabilities and document proof-of-concepts for remediation teams.
- Gained hands-on exposure to real-world operational constraints, testing authorization, and safe data handling.
Education
Master's - Information Technology Management
Webster University
08.2025
Bachelor's - Electrical and Electronics Engineering
MBU University
10.2020
Skills
- Penetration Testing
- Methodologies
- Exploitation
- Active Directory & Azure AD
- Cloud Attacks
- Tooling
- Scripting & Automation
- Reporting
Certification
- CompTIA Security+
- CompTIA Network+
- ISC2 Certified in Cybersecurity (CC)
Projects And Engagement Highlights
- Attack Surface & Vulnerability Validation Initiative, Reviewed recurring vulnerability findings to determine exploitability and eliminate false positives., Identified misconfigurations in identity and network controls that allowed unintended access paths., Validated fixes through retesting and documented closure evidence.
- Cloud IAM Abuse Path Review, Mapped Azure IAM roles and permissions to identify privilege escalation paths., Demonstrated potential lateral movement scenarios and provided cloud-specific remediation guidance.
Core Offensive Security Skills
- Penetration Testing: External, Internal, Web Application, API, Cloud (AWS / Azure)
- Methodologies: PTES, OWASP WSTG / ASVS, MITRE ATT&CK, Threat Modeling
- Exploitation: Recon, Enumeration, Auth Bypass, Access Control, Injection, Business Logic Abuse
- Active Directory & Azure AD: Kerberoasting, Delegation Abuse, ACL Misconfigurations, Certificate Services
- Cloud Attacks: IAM Misconfigurations, Storage Exposure, Network Segmentation Gaps, Serverless Risks
- Tooling: Burp Suite, Kali Linux, Nmap, Metasploit, BloodHound, Nessus, custom scripts
- Scripting & Automation: Python, Bash, PowerShell (PoCs, validation, data extraction)
- Reporting: Executive summaries, reproducible steps, risk ratings, remediation guidance
Timeline
Information Security Engineer / Security Operations Analyst
Oracle
04.2025 - Current
IT Risk, Compliance & Security Analyst
EY GDS
06.2020 - 08.2023
Security & IT Operations Intern
Splenta Systems Pvt Ltd
04.2019 - 03.2020
Master's - Information Technology Management
Webster University
Bachelor's - Electrical and Electronics Engineering
MBU University