Resume

Sign in

Security Management

Location:
Riyadh, Riyadh Province, Saudi Arabia
Posted:
April 20, 2018

Contact this candidate

Resume:

RESIDENT & MAILING:

**. Tavistock Place, Cambridge CB4 3NB, UK.

**, *********** **, **********, ********,

SL.

PERSONAL DETAILS

PPNo - N2435933 / Iqama - 243-***-****

[pic]

E-Mail : ac47aa@r.postjobfree.com /

ac47aa@r.postjobfree.com

Telephone : +947*-***-**** / +966-*****-****

EXECUTIVE SUMMARY

About Me / What is my interest in this role:

"Information Security & Digital Forensics is my profession and IT Security

Research & Development and IT Security Project Management is my passion". I

was grown up as an entrepreneur from my little age. I'm a UK Educated and

UK Experienced IT Security & Digital Forensics Consultant with Fifteen

years related the industrial experience. Also Qualified as, MSc in

Information Security and Computer Forensics (UK), MSc in Datamining and

Knowledge Management (UK) (Drop Out), Pg. Cert in Management Studies (UK),

BSc (Hons) Com Eng, MBCS, MIEEE, MPMI. And, completed trainings are CISM,

CISSP, CISA, CEH, CHIF, CGEIT, CRISC, Security+, PMP, ITIL, CCNA, Oracle

Inside-Out, Oracle Application Security, White hat and GCIH & GCFA

Trainings, Symantec Trainings (MSS, SEP, ATP & DLP).

My key strengths and why I am the right candidate:

Currently, I am working with Symantec Project for Saudi Electricity Company

as Sn. IT Security Analyst and Lead for IT and OT Security Monitoring

Operations. It accomplished with 35000 End Users and 8000 Servers &

Devices. I have started my IT career as Data Encoder in 1997. I have

started Computer learning from 1993 with dBASE, Clipper, Lotus 123 and DOS

before windows 3.1 launching. In my Experience, nearly 14 years of

Managerial and Consultant Level. In those 14 years, 5 years I spend in the

UK with Exultant UK Limited as Manager for Enterprise IT Security

Management, Worked as Consultant for SOC, Oracle Enterprise Security and

Digital Forensics Analysis in FusionSyscom Oracle Golden Partner UK and

Consultant in SLM Voice for IT, SOC, Telecom Security Systems Management &

Fraud Analysis. Rest of the Years in Sri Lanka worked as Sn. Manager / Head

of Information Security and Forensics in WinsysNetworks and Worked as

Project Manager and Security Systems Engineer in University of Moratuwa (UN

- NORAD Funded Project).

EXPERIENCE

07 /2017 - To date Senior Information Security Analyst (IT and OT

Security Operations)

Panta Consultancy UK (PVT) Symantec Project in Saudi Electricity

Ltd., Company, KSA.

Nature of Job: This is a SOC implementing Project for Saudi Electricity

company by Symantec.

Main Role:

Manage the Cyber Security Operations Center, IT & OT operations, Incident

Response and Recovery.

Managing and operating SIEM solutions which as Symantec MSS, Endpoint and

ATP.

Monitor Threat Intelligence Sources and analyse threat data, to determine

the security impact of these emerging threats and tune security devices

to pro-active block these emerging threats.

Team lead includes L1, L2 and fresh SOC members activities such as

security monitoring, analysis and incidents handling to accomplish SOC

goals and objectives. Also, Advanced Malware Analysis.

Support the maintenance and provide input to the Security Operations

Department.

Developing and implementing SOC and IT & OT Security technical processes

and procedures.

Lead the management of the emergency & critical incidents and coordinate

to drive the Incident investigation and management activities with

internal and external parties.

Handling security analysis of all security devices such as FWs, IPSs,

WAFs, Mail GWs, F5 Big IP, IDSs AV systems, and Proxy devices on their

logs and events for handling actions of implementation.

Escalating and Coordinating incident handling operations either manually

or ticketing systems.

Recommending best handling actions to close and proactively manage

threats and attacks by tuning security devices to block the attacks

IOC's, TTP's and artefacts. Also, PlayBook Implementation.

Acting as SOC manager / SDM manager. Also, Provide SME support for

incident response and recovery handling methodologies for enhancing

Information Security and Operations.

Reporting to Top Management and Prepare Presentation about Current

Security Strategies.

Preparing Proposals for IT and OT environmental IT Security Enhancements

in Standards and GRC

03 /2013 - 6/2017 (4+ Sn. Manager / Head of Information Security and

years) Forensics

WinSys Networks (PVT) Ltd., Working for Qatar Projects in Sri Lanka

and Qatar.

Nature of Job: This is a business implementing as Franchise in Sri Lanka,

Qatar with SecureI2 UK.

Main Role:

Lead for SOC Operations, IT Security Management and Digital Forensic

Projects & IT Audits.

Information Security Management System Development Lifecycle consultancy

and Governance.

Consulting for Legal Enforcement for Digital Forensics and Evidencing for

Court.

Documenting for Security issues identified during security assessments

and Risk Analysis.

Consultancy & Evidencing for IT Security and Digital Forensics with Legal

Enforcement.

Vulnerability and Risk Assessment cum Telecom and Financial Security

Systems Integration.

02 /2008 - 02/2013 (5+ Consultant for Enterprise IT Security Project &

years) Oracle Security

Fusion Syscom Ltd, (In-House) CEME Innovation Centre, Raynham, London.

Nature of Job: Company is Oracle Golden Partner for Supporting

Telecommunication, Business, Banking and Financial Hubs. My responsible

for the IT Security & Digital Forensic and Business Application Projects.

And, corporate responsible for Running Systems and Projects Consultancy.

Main Role:

The lead of the SOC, IT Security & Digital Forensic Projects and Security

for Enterprise Apps.

Data & Web Security, System auditing also Security and IT Stranded

implementations.

Oracle Identity Management and Access Control Solutions Provide for

Financial Hubs.

Digital forensics Projects, Setup and Maintain the Forensic Lab and

Incident Response.

Vulnerability Assessment and penetration testing & assessments on

Internet exposed systems.

Documenting technical issues identified during security assessments and

Risk Analysis.

7/2001 - 01/2008 (6 Project Manager & Security System Engineer

years)

The University of Moratuwa, Engineering, University of Moratuwa, Sri

Lanka.

Nature of Job: NORAD (UN) Funded Project for Interconnect all

Universities in Sri Lanka.

Main Stakeholders: The Government of Sri Lanka, United Nations (NORAD),

EuroNet (Norway), DMS, All Universities (17 Major Universities and

Colleges) & University Grant Commission.

Main Role:

SOC Project Implementation & Functional Responsible, Coordinate scope

definition, project planning & estimating during requirements & design

phase to produce accurate cost estimates.

Project Committee Member of the Department of IT in Higher Education

.

Internal Web Master for Undergraduate Division and University

Administration Systems.

Engineering Studies Coordination for the third year and Final Year

Undergraduate Student.

EDUCATION

08/2009 - MSc in Information Security and Computer Forensics

08/2011

University of East London, Docklands Campus, University Way, London

E16 2RD

IT Security Management GRC, ISMS, ISO27K, COBIT, COSO, ITIL, SOX,

Physical Security, IAM.

Computer Security Network Security, Cloud Security, Database

Security, Digital Security, SOC.

IT Low & Seizure and Examination Telecommunication Act, Police Act,

Contract Low and other IT Lows.

Digital Forensics Penetration Testing, Social Engineering, FTK,

EnCase, Helix, eDiscovery tools.

Research Topic: - "Mitigate the ID Threats Through Identity Management and

Access Control Mechanism As a Service" (Finding Solution for Big Financial

Frauds and Identity Frauds. Specially revise Banking security and Telecom

Security with Role Management & Information Wright Management. My analysis,

finding and recommendation are guided to upgrade the total security systems

what we have at the moment. Especially, its cover Standard's, Operations,

Policies, Definitions, Laws and Technologies)

02/2008 MSc in Data Mining and Knowledge Management. (Part-time Studies)

-Pending

/ Reading

University of East London, Docklands Campus, University Way, London

E16 2RD

Data Mining WEKA Tool, Machine Learning, Pattern Matching, Data

Mining Algorithms

Advanced Database Management DBMS, Data warehousing, Data canter's,

Coding Performance

Project Management PMP, Prince2 Methodologies, Primavera, Case

Studies, Risk and Procurement

Knowledge Management (Pending

01/2008 - Postgraduate Certificate in Management Studies - Merit Pass

05/2008

London College of Management and IT 71 Whitechapel High Street,

London E1 7PL.

Advanced Professional Development, Managing Change in Organisations,

Human Resources Management, Strategic Planning and Management,

Managing financial Resource, Strategic Marketing Management.

02/2000 - 07/2003 BSc (Hons) in Computer Engineering - Final Grade: A

Equal to BSc (Hons) Full Professional Member British Computer Society (MBCS)

TRAININGS

System Implement and IT Skills Development Trainings

MSS, SEP, DPL, ATP, Malware Analysis, Deep Sight Symantec

Intelligence, Log Analysis

Saudi Electricity Company IT & OT Infrastructures,

Operations Methodologies

System Administration of M-STAS Course EuroNet - Norway

Brio Intelligent (Special Reports, Database Access, View

Creation)

Sever Administration & Group Policies with Security DMS - Colombo

Setting Course

Oracle DB Programming / DBA Support Course

Oracle BIApps, Oracle Business Intelligence and Data Oracle - London /

Warehousing Reading

Oracle EPM, BPM, CRM, SCM and SOA, ADF, BEPL + Oracle

Primavera

Identity Management and Access Control + IRM + Security

Inside-Out

Management Skills Development Trainings

Positive Attitude Mr Thilakasiri -

SLIDA

[Senior Consultant]

Japanese 5 S System

Super Change Dr Kumainthamalena

Personality Development Prof. D.C.H. Senarath

Leadership & Life Skills Training Programme LAUREL - Army

Training

Personal Effectiveness University of

Moratuwa

University Administration System Development Trainings

Handling the Semester System of Conducting Academic Prof. Malik

Programs Ranashinge

Fees Module Course, Curriculum and Diploma EuroNet - Norway

Administration Course

Design of Reports and Transcripts of Grades Course

MEMBERSHIP

ID - 990268524 MBCS - Member of British Computer Society - UK

ID - 950448 MPMI - Member of Project Management Institute - USA.

ID - 80721315 MIEEE - Member of Institute of Electrical & Electronic

ID - Pending Engineers - USA.

MIIBA - Member of International Institute of Business Analysis

- Canada.

PROFESSIONAL CERTIFICATION AND TRAININGS

03/2006 Advanced Certificate in Project Management (PMI - Course Outline) -

NIBM.

10/2008 Project Management Professional - PMP (35 PDU) - Singapore

Informatics.

08/2008 Foundation Certificate in IT Service Management - ITIL V3 - University

of Moratuwa.

07/2008 Data Analysis with SPSS and Advanced SPSS Training - University of

Colombo.

08/2013 Certified Ethical Hacker Training CEH v8 Training + ComTIA Security+

Computer Hacking Forensic Investigator Training CHFI v8 Training

07/2013 Certified Information System Security Professional Training- CISSP

Training (ISC2)

12/2008 Certified Information Security Manager - CISM Training (ISACA)

Certified Information System Auditor Training - CISA Training (ISACA)

09/2008 CISCO Certify Network Associate Course Training - (CCNA) (640-802)

11/2008

06/2008

SKILLS, KNOWLEDGE AND EXPERTISE ON ADVANCED IT SECURITY MANAGEMENT

OT & IT Security Monitoring and IT Security Management Skills

IT & OT Security Monitoring Tools, Technologies, Methodologies, Standard and

Policies Implementation.

Log Analysis, Advance Malware Analysis and Advance log Analysis with data

querying and Data mining.

Incident Response, Escalation to Interest parties and follow up the case until

close. Start Investigation on infected machine and devices through system

internal tools and Forensic tools for Case & Legal Brief.

Generate Reports using reporting tools and utilities. Preparing Shift

schedules and SOC Management.

Security Management and IT Audit Skills

Stranded and Frameworks implementation for Middle East (NIA, NESA) & Western

Organisations.

Information & Business Security, Banking & Org Security, Credit card &

Identity Fraud Analysis.

Social Engineering Protection, Application Support & Security Awareness

Training and Programs.

IT Performance, Business Continuity Planning and IT Security Strategy

Management.

Security Risk Assessment, IT Security System Auditing and best IT Advisory

Management.

Governance Risk Compliance and Policies Making & Privilege Management.

Disaster Recovery, Business Continuity Planning, Asset Management and Change

Management

Computer Forensics and Fraud Prevention Skills

Establishing Digital Forensic Lab and Perform Digital Forensic Investigation,

Analysis and Data Recovery, Incident Response, Fraud Detection and Mal

Activities. Forecast Insider Attacks.

Legal Brief, Crime Investigation, Evidence Collecting. Vulnerability Analysis,

Pen Testing.

Forensic Accounting, ISO 37001 - Anti Bribery Management Systems and Business

Security

Monitoring, Tuning and Improvement the Security Systems and Profiling &

Screening.

Computer Security Incident Response, Penetration Testing and Patch Management.

Enterprise IT Security Analyst Skills

Governance Risk Compliance and Policies Making & Privilege Management. Role

Management, Digital Right Management, Encryption Management System.

Application Access Control.

Federated Identity Management & Access Control, Info. Right Management & Role

Management.

Disaster Recovery, Business Continuity Planning and Asset Management, Firewall

Administration.

Intrusion Detection / Prevention System, Security Information and Event

Management (SIEM).

Physical Security Management, Employee Performance Management, Surveillance

Systems.

Monitoring Networks for Security Breaches and Perform Network Scanning and

Vulnerability Assessments, Mitigating Threats by Analysing Data and Developing

Plans.

Security System Management, Information Security Management System (ISMS).

Data and Web Security Skills

Oracle Security inside - out, Database Security, Data Leakage & Data Loss

Prevention System.

Data Encryption, Stenographic Analysis, Audio Stenographic Analysis & Malware

Detections.

Web Application Firewall, Perimeter security, web protection, DDoS detection

and response.

Oracle Database Firewall, Data Masking, Classification System, SOA Security,

VM Security.

Security Project Management Skills

Project planning and implementation, preparing budgets, RFQ/RFT and Project

Documentation. Prince2 and PMI Project Management Methodologies. Also, Agile,

SDLC, Scrum and RUP.

Primavera v6, EPPM, BI Publisher, SharePoint 2010, MS Project, MS Visio,

Advanced MS Office.

ADVANCED IT SECURITY TECHNICAL SKILLS

IT & OT Security Management Methodologies and Technologies:

Security Stranded implementation such as ISO20000, ISO27001/2/3/4/5, ISO27014,

ISO27035, ISO22301 and Risk Management ISO 31000 QMS and audited

accreditations: ISO 9001:2008, ISO 14001:2004, OHSAS 18001 : 2008, HIPPA, NERC

CIP, NIST 800-82 and ISA/IEC 62443, CSA Frameworks, COBIT5, COSO, ITIL v4,

TOGAF v9, SABSA, IDISA, NIA, NESA, ADSIC, ISR, SANS Security Controls, CIS

Benchmark and PCI-DSS 3.1, PCI - QSA, SOX, Data Protection Act, British IT

Lows ext... & ACPO-eCrime and ISO 37001.

Security Applications for IT & OT Security Monitoring & Operation Center

Technologies:

LogRhythm, Splunk, ArcSight ESM, Symantec MSS, Imperva Securesphere, Balabit

Syslog, Nessus, Symantec NESA, ADSIC, ISRAV, Symantec SDCS, QRadar, McAfee,

Trend Micro, Secunia, Qualys, Qualys BrowserCheck, Cyberoam, Fortinet VDOM,

Big IP ASM, Blucoat Solera, Fidells Endpoint, Lancope, HPSM, FireEye, Cisco

ASA,/ PIX, Juniper SRX, Check Point, Palo Alto, SNORT, IDA Pro, Netwitness

WireShark, CaptureBAT, WS-Security performance, Whitehat Security,

Qualysguard, Retina, CoreImpact, Symantec SEE, PGP FDE, Safenet, Fortigate

DLP, Symantec SEE, PGP FDE, Safenet, Fortigate DLP.

Digital Forensic, Pen Testing & Incident Response and Advance Malware

Analysis:

Encase, FTK, Helix, WinHex, HBGary, Mandiant MIR, Paraben, SysInternals suite,

RegRipper, Volatility, HBGary Responder, Mandiant Redline, host-centric,

network-centric, SIFT, log-centric security analysis. X-Ways, F-Response,

Responder Pro, OllyDbg, Metasploit, Cuckoo, Java, Javascript, Assembly

Language, Powershell, SQL, PL SQL, Python. Cyberbit SCADAShield (ICS/SCADA),

STIX, TAXII, MAEC, CybOX, Anomali, Yara Rules.

IT Security Defence in Depth & Identity and Access Management:

Oracle Security inside - out, Federated Identity Management and Access

Control, SSO, Oracle IDM Suite, Information Right Management, DevOps, SAML,

XACML, OpenID, OAuth 2.0, OATH, OpenAuth. Integrated Automated Identity,

ForgeRock IAM, Microsoft FIM, IBM TIM, Tivoli Directory Integrator, IBM

Identity & Access Suite, CA Identity Suite and Oracle Mobile Security, Sophos

SharePoint Security.

SKILLS, KNOWLEDGE AND EXPERTISE ON BUSINESS MANAGEMENT / ADMINISTRATION

General Management Skills

Communication Skills, Excellent Presentation, Interpersonal, Negotiation,

ProActive, Leadership skills, IT Service Management and Business Service

Management, Staff Training and Development.

Service (SLA), Operational Level (OLA) and Carrying out maintaining license

information (CLA).

Managing enhancements & support of application and infrastructure while

contributing to business - IT strategy & IT budgeting of the assigned LOBs and

Change Management and CAPEX/OPEX.

Design and Develop network architecture, specific network components and

infrastructure, High-End Trouble Shooting skills, Caring End User expectation

and Take care of High Availability.

Big Data, Business Intelligence and Data Mining & Data Analysis Skills

BI Apps, Business Intelligence & Data warehousing and Data Mining & Knowledge

Management.

ETL / DAC / Analytics, Informatica PowerCenter, Hadoop, SOA, ADF, BPEL, LDAP

and WebLogic.

SPSS / SAS / Micro statics. WEKA data mining, Oracle Data Miner and Survey

Tools.

Business Application & Database Management and System Engineering

IT Architecture for Business, Application, Data & Technical (TOGAF 9.1) and

SOA, BPEL & ADF, ERP, EPM, BPM, CRM, SCM, Enterprise Data Quality, GoldenGate,

Big Data, ODI and Data Warehouse. Oracle E-Business Suite R12, Oracle Database

and MS SQL database and SQL, NoSQL & PL/SQL.

Operation System Support and Business System Support (Data Collection,

Mediation, Billing, Monitoring, Assurance, Fraud Management and Provisioning,

Number Management) and Portal.

Server Platform (SPARC, EXTRADATA) Blade servers, HP Enclosure...



Contact this candidate