Security engineer. Builder's mindset. I'm

Arnold Mavhezha

Security

Engineer AppSec Practitioner Detection Engineer Cloud Security

4+ years in enterprise security: SOC operations, detection engineering, cloud hardening, and application security assessments. I started as a developer. That background is the edge. I understand how applications are built, how data flows through systems, and where assumptions break. That knowledge surfaces vulnerabilities that tooling alone misses. 200+ Splunk detection rules built from scratch. 45% reduction in critical CVEs. AWS cloud infrastructure hardened across IAM, Security Groups, and CloudTrail. CompTIA Security+. ISO 27001 Lead Auditor. ISC2 CC.

Security Engineering Highlights

Engineered 200+ Splunk detection rules across a 1,000+ endpoint enterprise environment, mapped to MITRE ATT&CK TTPs. Mean time to detect reduced by 35%.
Led application security assessment of OWASP Juice Shop: 9 vulnerabilities across 7 OWASP Top 10 categories. SQL injection to full admin access. CVSS-scored findings report delivered.
Hardened AWS cloud infrastructure: IAM least-privilege, Security Groups, CloudTrail logging. 40% reduction in unauthorized access vectors. 45% drop in critical CVEs through 30-day remediation cycles.

Detection Engineering Application Security Cloud Security Vulnerability Management

View Work Download CV Contact

arnoemavhezha@gmail.com +1 917 449 0928

What I Bring

Four domains built through real enterprise security operations, not theory.

Application Security

OWASP Top 10 testing, Burp Suite manual assessment, API security, and vulnerability analysis. Developer background means I read source code the way the team that wrote it does.

Burp Suite OWASP Top 10 SQLi IDOR API Security Code Review

Detection Engineering

200+ custom Splunk detection rules built from scratch and mapped to MITRE ATT&CK TTPs. SIEM tuning, behavioral baselining, false positive reduction, and alert logic design.

Splunk MITRE ATT&CK SIEM IDS/IPS Alert Tuning Threat Hunting

Cloud Security

AWS IAM hardening, Security Groups, CloudTrail logging, and MFA enforcement. Identifying overprivileged roles, stale access keys, and misconfigured trust policies before they become incidents.

AWS IAM CloudTrail Security Groups MFA Least Privilege Access Reviews

Vulnerability Management

Nessus and Nmap-based vulnerability assessments, CVSS scoring, risk prioritization, and remediation tracking. Compliance alignment with ISO 27001 and NIST CSF across external audit cycles.

Nessus Nmap CVSS ISO 27001 NIST CSF Remediation

Featured Projects

Real engagements with documented findings and measurable outcomes.

Application Security Assessment

OWASP Juice Shop: Web Application Security Assessment

Target OWASP Juice Shop (Node.js)

Type Black-box web application

Methodology OWASP Testing Guide v4

Tools Burp Suite, Kali Linux, Docker

Findings 9 vulnerabilities, 7 categories

Deliverable CVSS-scored findings report

SQL Injection Broken Authentication IDOR Sensitive Data Exposure Missing Rate Limiting Improper Input Validation

Outcome: Full admin access achieved via SQL injection on the login endpoint. IDOR vulnerability exploited to enumerate all user basket data. BIP-39 seed phrase recovered from plaintext storage. Admin credentials cracked at attempt 3 due to missing rate limiting. Full CVSS-scored findings report with remediation guidance across all 9 findings.

View Report LinkedIn Post

Detection Engineering

Enterprise SIEM Detection Program: 200+ Rules Across 1,000+ Endpoints

Platform Splunk SIEM

Scale 1,000+ endpoints

Framework MITRE ATT&CK

Alert Volume 1,200+ daily alerts triaged

Duration 3 years (2022 - 2025)

Environment Enterprise production

35% MTTD Reduction

200+ Rules Built

25% False Positive Reduction

98% SLA Resolution Rate

Outcome: 200+ custom Splunk detection rules engineered from scratch and mapped to MITRE ATT&CK TTPs across initial access, lateral movement, credential access, and exfiltration. Mean time to detect reduced by 35%. Behavioral baselining and detection tuning cut false positives by 25%. Microsoft Defender EDR/XDR deployed in parallel for endpoint coverage: ransomware precursors and lateral movement activity contained at 98% SLA.

Work Experience

5 years in the industry. Exceedingly Great Technologies, Harare, Zimbabwe.

Security Engineer

Apr 2022 - Jul 2025

Exceedingly Great Technologies

Engineered 200+ custom Splunk detection rules across a 1,000+ endpoint environment mapped to MITRE ATT&CK TTPs, cutting mean time to detect by 35%.
Led penetration testing and vulnerability assessment engagements using Nessus and Nmap, driving a 45% reduction in critical CVEs within 30-day remediation cycles.
Hardened AWS cloud infrastructure: IAM least-privilege controls, MFA, Security Groups, and CloudTrail logging. Closed 40% of unauthorized access vectors including overprivileged roles and stale access keys.
Deployed Microsoft Defender EDR/XDR across enterprise endpoints, containing lateral movement and ransomware precursors at 98% SLA resolution.
Drove ISO 27001 and NIST CSF compliance programs across consecutive external audit cycles.

SplunkMITRE ATT&CKNessusAWS IAM Microsoft DefenderISO 27001NIST CSFIDS/IPS

Junior Security Analyst

Feb 2021 - Mar 2022

Exceedingly Great Technologies

Triaged and investigated 1,200+ daily SIEM alerts in Splunk, reducing false positives by 25% through detection tuning and behavioral pattern analysis.
Investigated 15+ potential incidents weekly: malware, phishing, and unauthorized access. Escalated findings with full forensic context.
Vulnerability assessments across 250+ endpoints and 10 servers, remediating 95% of critical findings within SLA.
Executed phishing simulation campaigns across 80+ staff members, achieving a 60% improvement in phishing awareness scores.

SplunkSIEMIncident Response Vulnerability ScanningPhishing SimulationLog Analysis

Junior Developer

Aug 2020 - Jan 2021

Exceedingly Great Technologies

Full-stack development with MERN stack: Node.js, React, MongoDB, Express, REST API design.
This foundation is the competitive differentiator. I find application vulnerabilities by reading code the way the developer who wrote it does.

Node.jsReactMongoDB ExpressREST APIsJavaScript

Open to Security Engineering Roles

Actively seeking Security Engineer, AppSec, and Detection Engineering positions. Available January 2027. Based in New York.