Cyber Security

Cyber Security
ID : 1457
Education level  : Post graduate
Work experience level  : Expert- (more than year 7)
Work experience in total  : Years
Job type  : Online
Job time  : Maandelijks
Last date of registration :
Profile description

To be a dynamic professional in a challenging environment whilst, utilizing my knowledge and skills in the field of Information Technology and Systems acquired through extensive education and work experience. I’m confident if given a chance I would prove to be an asset for the company, offering best of my contribution to make it success.

Work experience In details :
Job position
Job description

Head – Defensive Cyber Security Operations - Government of Sri Lanka - (Octomber 2020 - to date)

  •  Perform onsite and remote security assessments including application testing, social engineering, wireless assessment and Security scan, analysis, policies, and audit.
  •  Conducting Web Application penetration testing, Network Infrastructure Penetration Testing.
  •  Actively involving in conducting daily vulnerability assessments, threat assessment, mitigation, and reporting activities in order to safeguard information and ensure protection has been put in place on the systems.
  •  Experience with Linux and Windows operating systems.
  •  Conducting web application penetration testing of various applicationsa cquainted with various approaches to Grey & Black box security testing Proficient in understanding application-level vulnerabilities like XSS, SQL Injection, CSRF, authentication bypass, weak cryptography, authentication flaws, etc. using commercial and non-commercial applications.
  •  practical experience on various penetration testing and ethical hacking tools (both commercial and open source)
  •  Develop testing scripts and procedures, develop and leverage custom exploits.
  •  Analyze security test results, draw conclusions from results and develop targeted testing as deemed necessary.
  •  Providing technical consultation on Security Tools and Technical Controls.
  •  Actively searched for potential security issues and security gaps that are beyond the ability of detection by any security scanner tool; perform manual penetration testing deemed necessary.
  •  Assist application developers to validate, assess, understand root cause and mitigate vulnerabilities
  •  Knowledge of secure configuration and hardening of systems
  •  Ability to analyze vulnerabilities in order to appropriately characterize threats and provide remediation advice. Familiarity with classes of vulnerabilities, appropriate remediation, and industry-standard classification schemes (CVE, CVSS, CPE)
  •  Experience in DDos, Sql Injection protection, XSS protection, script injection and major hacking protection techniques to address and integrate Security in SDLC by following techniques like Threat Modeling, Risk Management, Logging, Penetration Testing, etc.
  •  Exploitation: password cracking, brute force, dictionary attacks, social engineering.

Head – IT Risk and Assurance - Government of Sri Lanka - (February  2015 - September 2020)

  • Heading IT Risk and Assurance team which is responsible to conduct IT Risk Assessments and Audits in all the subsidiary establishments.
  •  Ensuring processes and procedures are performed in compliance with
    organizations Information Security Policies and procedures.
  • Conducting information systems audit engagements for subsidiary establishments against the industry accepted standards (ISO 27001) and providing recommendations.
  • Core Management Functions
    • Planning and Managing IS Audit engagements
    •  Presentations for Audit Committees
    •  Staff Performance Evaluations
    •  Training

Group Internal Auditor – Information Systems - McLarens Holdings - (November 2014 - January 2015)

  • Development of Internal audit strategy and audit plan for IT segment of the group
  •  Governance and Management of IT
  •  Provide assurance that the processes for information systems operations, maintenance and support meet the organization’s strategies and objectives.
  •  Provide assurance that the organization’s security policies, standards, procedures and controls ensure the confidentiality, integrity and availability of information assets:
  •  Liaise with External Auditors

Analyst - Information Risk Management - KPMG Sri Lanka - (May 2013 - Octomber 2014)

  • Perform information control reviews to include system development standards, operating procedures, system security, programming controls, communication controls, backup and disaster recovery, and system maintenance.
  •  Recommend improvement of management and internal controls designed to safeguard Company resources and ensure compliance with ISO/ IEC 27001, TIA requirements.
  •  Provide necessary recommendations by evaluating controls and contents related to information security, change management, information systems operations,
    business continuity planning & disaster recovery planning.
  •  Perform reviews of internal control procedures and security for systems under development and/or enhancements to current systems.
  •  Review of the previous audit reports, work papers and implementation status of the findings and recommendations.
  •  Compilation of reports regarding audit findings and working papers in a concise, understandable manner that assists in the resolution of problems and highlights matters requiring immediate attention.
Hard skills
Soft skills
  • Business Acumen
  •  Business analysis
  •  Integrity
  •  Diversify of Knowledge
  •  Global business environment mindset
  •  Leadership Skills/ Team player
  •  Presentation Skills
  •  Relationship building
  •  Professional Skepticism
  •  Ingrained Inquisitiveness
  •  Persuasiveness
  •  Change Management Proficiency
  •  Ability to work to deadlines, under pressure.
Special notes

Reading: M.Sc. in Cyber Security, Expertise: SO/IEC 27001:2013 Information Security Management System Compliance, General IT controls auditing, Project management, IT Risk Management, BCP and DRP auditing, IT & Business alignment, Vulnerable Assessment and Penetration Testing, Cyber Security Consultation

Meer person

ID : 2042
Associate Software Engineer
Education level: Bachelor's degree
Work experience level: Intermediate- (2-4 year experience)
ID : 2041
System Engineer IT
Education level: Bachelor's degree
Work experience level: Experienced- (4-7 year experience)
ID : 2040
Associate Engineer
Education level: Bachelor's degree
Work experience level: Associate- (1-2 year experience)
ID : 2039
Education level: Bachelor's degree
Work experience level: Beginner- (internship- 1 year experience)
Mis geen enkele belangrijke kennisgeving houd jezelf update
Begin met chatten!
Wij staan u graag te woord!
Hallo 👋
Kunnen we je helpen?