Passionate about information security, vulnerability assessment, and performing system audit. A true fast learner and a researcher who always seeks for novel knowledge. A dedicated team member who always enjoys contributing to the team, with the capability of hard work. Willing to engage myself in a workplace that allows to utilize skills and capabilities while providing utmost contribution to the organization.
Performing compliance management for ISMS, PCI-DSS, local regulations and SWIFT system Security.
Review all system-related security plans throughout organizations network, acting as liaison to Information Systems and advise organization with current information about information security technologies and related regulatory issues.
Initiate, facilitate, and promote activities to create information security awareness within organization.
Monitor compliance with information security policies and procedures, referring problems to appropriate department manager.
Develop and implementation of organizational information security policies and procedures
Performing information security incident management.
Keep users/ relevant teams informed about current security threats and steps to mitigate.
Performing threat analysis using “McAfee” SIEM solution
Performing vulnerability assessment and penetration testing for web applications and networks.
Performing security reviews on Android mobile applications.
Perform research and development relevant to cyber security implementations.
11/2018 to 08/2020
Specialist Cyber Security AuditTravis County – Austin, TX,
Reviewed of corporate IT GRC, IT strategic planning, IT Processes, information security, IT Systems, IT development, SAP ERP system, Billing systems, CRM systems.
Performed security audit base on ISO 27001:2005, PCIDSS standards.
Performed security review on Mobile commerce platforms, Digital money platforms, NFC and e-Wallets platforms.
Performed System Audits for Telecommunication (Telco) Eco Systems.
Performed vulnerability assessment and penetration testing for web applications and networks.
Performed security reviews on Android mobile applications.
06/2018 to 11/2018
Information System AuditorMotion Recruitment – Fullerton, CA,
Performed system audits for core banking systems.
Performed over 10 vulnerability assessment and penetration testing for web applications and networks.
Performed security reviews on Android mobile applications.
Reviewed products and system security
01/2016 to 01/2018
Information Security EngineerHcl Technologies Ltd. – Houston, TX,
Performed Information Security Incident Handling in Sri Lankan Financial Sector (Banks & Finance companies).
Performed and reviewed technical security assessments (Black box testing) over 20+ of "Banking web applications" to identify points of vulnerability and non-compliance with established information security standards and recommend mitigation strategies.
Assessing firewall security.
Performed Internal web application assessments and server hardening verification assessments as per CSI and NIST guidelines.
Managed and hardening “RedHat” based Linux servers.
Managed experience in “Spacewalk” repository manager.
Managed and deploying experience in “OSSEC” HIDS system.
Experience working in Security Operation Center.
Experience in configuring Open Source malware analysis tool and conducting malware analysis using Open Source tools (Cuckoo sandbox and IRMA).
Developed & implemented, and documented security programs and policies and monitored compliance across departments.
Validated and verified system security requirements definitions and analyzed system security designs.
Applied leading theories and concepts to development, maintenance, and implementation of information security standards, procedures, and guidelines.
Performed risk analyses to identify appropriate security countermeasures.
Developed plans to safeguard computer files against modification, destruction or disclosure.
Reviewed violations of computer security procedures and developed mitigation plans.
01/2015 to 01/2016
Junior AnalystKPMG Sri Lanka – City, STATE,
Performed information risk assessments engagements for clients in Financial services, Technology, Engineering and Manufacturing, Internet service providers and Public Sector.
Performed information security management system policy reviewing.
Performed system auditing on Banking, Telecommunication and Financial Systems.
Performed General IT Control auditing base on ISO27001.
01/2014 to 01/2015
Trainee Network AdministratorVictory Information Limited – City, STATE,
Performed Active Directory services in server 2012R2
Performed and manage SQL Server 2008R2 data base server and running backup schedule.
Performed IIS web hosting.
Certifications
Red Hat Certified System Administrator (RHCSA) [Credential ID: 180-022-014]
Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.