All mentors
Andrew Kutuzov
Free test session

Study price

First session -30%
37$/ hour
Session with mentor
53$/ hour
5 sessions pack -5%
50$/ hour
10 sessions pack -10%
48$/ hour
15 minute test
Free
Extra services
Remote project review
Depends on complexity
Eligible for payments via wire transfer How it works?
Доступна рассрочка

Andrew Kutuzov

 Val´éncia, Spain / GMT+01

Senior Application Security Engineer Ringcentral

Solvery mentor icon
13
Sessions complete

Senior Application Security Engineer with over 10 years of IT experience, including 4+ years specialized in offensive AppSec. Currently, I drive security at a major product company, focusing on Secure SDLC implementation, automation, and comprehensive security assessments across Web, API, and Mobile platforms. I approach applications with an attacker’s mindset but always ground my strategy in business context and engineering efficiency. My goal is to bridge the gap between security and development: finding real-world vulnerabilities while reducing scanner noise and building seamless processes for developers. - Active CTF Player: 16th place at Amazon AppSec CTF 2025 (EMEA), Standoff participant. - Certified Professional: OSCP, OSWE, CWEE, eMAPT, CAPT/CIPT. - Tool Builder: Developing custom Python and AI-driven tools to enhance AppSec workflows.

Autotests Interviews CI/CD Cyber security Pentest Cybersecurity analysis LLM (large language models) Cобеседование на английском языке Using AI AI-Analyze

🤝 Can help with

  • What are SAST, DAST, and SCA? How do they work, and how do they differ from one another?
  • Practical examples of using SAST, DAST, and SCA, and common mistakes when implementing them.
  • What is the Secure SDLC (SSDLC), and how is security integrated into the development process?
  • What does an Application Security Engineer do in practice?
  • How to conduct an application security assessment.
  • How to find and analyze vulnerabilities in web and API applications.
  • How to write high-quality vulnerability reports: structure, prioritization, and recommendations.
  • A breakdown of security code review and common code issues.
  • Preparation for technical interviews in Application Security, both in Russian and English.
  • Preparation for professional certifications in Application Security and penetration testing, such as OSCP, OSWE, eMAPT, CIPT, CAPT, COAE and CWEE.
  • The offensive and defensive sides of AI.

💻 Work experience

January 2023 — until now

RingcentralSenior Application Security Engineer

July 2022 — December 2023

Digital SecurityPenetration Tester

March 2017 — August 2022

СПБГУTechnical Support Engineer

September 2018 — July 2022

VirusdieSecurity Analyst

🤟 Projects

Burp Suite extension for finding XSS vulnerabilities

A concept for a PortSwigger Burp Suite extension designed to test and bypass XSS filters. This project was part of the Digital Security “Summer of Hack 2022” internship.

Stealth Prompt

Python application for automating penetration testing of AI agents. To generate payloads and analyze responses, Stealth Prompt uses local Ollama models or the OpenAI API, as well as Chromium + Selenium to interact with AI agents in the user’s browser.

📰 Publications