THUVARAKAN NAKARAJAH

Security Operation Analyst Researcher in Facebook & Microsoft White-Hat Hacker adluh3@r.postjobfree.com Phone: 302-***-****

Github.com/thuva11 Linkedin.com/in/thuva11/ Cybertheta.blogspot.com Seeking an opportunity in the Information Security field that will allow for the full utilization of my innovative skills, abilities

& resourcefulness, in order to ensure the success of the organization, as well as to maximize my personal professional growth

& career potential.

PROFESSIONAL EXPERIENCE

Cryptogen PVT LTD - Security Operation Analyst February 2018 – May 2019 Worked on an onsite project which is managed by crypto-gen as Security Operation Center Analyst at Dialog Axiata PLC

• Incident Handling & Response via SIEM Tool (HP Arcsight and LogRhythm)

• Run internal and external Network Vulnerability scans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.

• Oversee testing of scoped systems and applications to identify system vulnerabilities.

• Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally.

• Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.

• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.

• APT Administration and incident investigation (Palo-Alto Traps)

• Web application firewall monitoring (imparva-secure sphere)

• Intrusion prevention system monitoring(mcafee IPS)

• Provide information security support to entire company PlatformOne PVT LTD – Cyber Security Analyst May 2019 – June 2020

• Perform web application, mobile application and network penetration tests

• Perform assessments of security awareness training using social engineering

• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets

• Work with application developers to validate, assess, understand root cause and mitigate vulnerabilities

• Managed IT Security projects such as implementing laptop encryption and use of personal firewall.

• Monitor and investigate IT infrastructure privileged access logs & alert queues

• Working with security guides, procedures, policies, methodologies, frameworks and standards such as ISO/IEC 27001

• Drafting policies, standards and processes to optimize and ensure secure project data management

• Researching, identifying, and mitigating security threats to information systems

• Planning, implementing, maintaining, and updating security measures for maintaining integrity of data EDUCATION

B.Sc. (Hons) Information Technology – Cyber Security June 2015 – June 2019 Sri Lanka Institute of Information Technology

CERTIFICATION

• IBM Cybersecurity Analyst Professional Certificate

• Certified Network Security Specialist By ICSI (International Cybersecurity Institute) ACHIEVEMENTS & AWARDS

• Facebook-listed my name Security Researcher – Awarded $500 bug-finding bounty (2018) https://www.facebook.com/whitehat/thanks/

I found a vulnerability on WhatsApp under Bug bounty program

• Microsoft-acknowledged Security Researcher - October 2017 Security Researchers list https://technet.microsoft.com/en-us/security/cc308589.aspx COMMON SKILLS

• Strong technical skills and ability to think hackers' way

• Experienced in installing firewalls, anti-virus software, and protecting confidential information

• Skilled in testing, maintaining, & troubleshooting computer network

• Ability to protect data and network system from cyber attack

• Strong knowledge of banking and financial business procedures

• Excellent analytical, risk-assessments, and problem-solving skills

• Adept in planning, designing, and implementing information security programs

• Strong organizational skills and ability to multi-task TECHNICAL SKILLS

• Penetration Testing

• Incident Handling & Response via SIEM Tool (HP Arcsight and LogRhythm)

• Vulnerability Management (Nessus, Acunetix, and Nexpose)

• Attacks and Frameworks – SQL Injection, Metasploit, XSS, CSRF, Nmap, Nessus, Burp Suite, Burpsuite, SqlMap

• Reverse engineering

• Languages – C, C#, Java, Shell Programming, C++, Perl, PHP, Web - ASP.NET, HTML, JavaScript, CSS, JQuery, ArcGIS, Bootstrap

• Operating Systems – Linux (Fedora, Debian Kali and Ubuntu), Windows

• Networking: Packet Analysis ( Wireshark)

• IDS Snort, Splunk, Firewall, IDS/IPS, Access Control

• Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP

• Vulnerability Assessment: Nmap, Nessus, Metasploit, Honeypots and BurpSuite

• End Point Security: McAfee Suits McAfee MOVE AV, Symantec McAfee Email Security Gateways GUI & CLI, McAfee Network Data Loss Prevention

• Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect

• Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS

• Protocols: TCP/IP, SSL, SSH, UDP, DHCP, DNS, SNMP, TLS etc.

• Domain Knowledge: Risk Management, ISO 27001, COBIT, SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment

• HIPAA

• Experience in Firewall technology

PROJECT EXPERIENCES

• Developed Automatic Vulnerability Fixing Tool using JAVA algorithms for Final Year Research .

• Asymmetric Encryption examples through Java (GUI) - https://github.com/thuva11/AsymetricEncryprion

• Developed Hotel Management System Website for a John Marry Hotel (C#, ASP.NET)

– C# Programmer and DB Admin

• Developed Airline Reservation System Website utilizing Java & MySQL (School Project)

– Java Programmer and DB Admin

• Catch Me if You Can (Capture the Flag) – Information Security Project (2018), utilizing Cryptography, Steganography, Reverse Engineering, Forensics

REFERENCE

Available upon request.

Contact this candidate