THUVARAKAN NAKARAJAH
Security Operation Analyst Researcher in Facebook & Microsoft White-Hat Hacker adluh3@r.postjobfree.com Phone: 302-***-****
Github.com/thuva11 Linkedin.com/in/thuva11/ Cybertheta.blogspot.com Seeking an opportunity in the Information Security field that will allow for the full utilization of my innovative skills, abilities
& resourcefulness, in order to ensure the success of the organization, as well as to maximize my personal professional growth
& career potential.
PROFESSIONAL EXPERIENCE
Cryptogen PVT LTD - Security Operation Analyst February 2018 – May 2019 Worked on an onsite project which is managed by crypto-gen as Security Operation Center Analyst at Dialog Axiata PLC
• Incident Handling & Response via SIEM Tool (HP Arcsight and LogRhythm)
• Run internal and external Network Vulnerability scans at least quarterly after any significant change in network such as a new system component, installations, changes in network topology, firewall rule modifications and product upgrades.
• Oversee testing of scoped systems and applications to identify system vulnerabilities.
• Monitored and researched Cyber Threats with a direct & indirect impact to the organization internally.
• Integrity Monitoring systems, Data Loss Prevention (DLP) toolsets, enterprise Antivirus solutions, and endpoint encryption.
• Adding new vulnerabilities to the Vulnerability Database for various platforms with proper exploits.
• APT Administration and incident investigation (Palo-Alto Traps)
• Web application firewall monitoring (imparva-secure sphere)
• Intrusion prevention system monitoring(mcafee IPS)
• Provide information security support to entire company PlatformOne PVT LTD – Cyber Security Analyst May 2019 – June 2020
• Perform web application, mobile application and network penetration tests
• Perform assessments of security awareness training using social engineering
• Work on improvements for security services, including the continuous enhancement of existing methodology material and supporting assets
• Work with application developers to validate, assess, understand root cause and mitigate vulnerabilities
• Managed IT Security projects such as implementing laptop encryption and use of personal firewall.
• Monitor and investigate IT infrastructure privileged access logs & alert queues
• Working with security guides, procedures, policies, methodologies, frameworks and standards such as ISO/IEC 27001
• Drafting policies, standards and processes to optimize and ensure secure project data management
• Researching, identifying, and mitigating security threats to information systems
• Planning, implementing, maintaining, and updating security measures for maintaining integrity of data EDUCATION
B.Sc. (Hons) Information Technology – Cyber Security June 2015 – June 2019 Sri Lanka Institute of Information Technology
CERTIFICATION
• IBM Cybersecurity Analyst Professional Certificate
• Certified Network Security Specialist By ICSI (International Cybersecurity Institute) ACHIEVEMENTS & AWARDS
• Facebook-listed my name Security Researcher – Awarded $500 bug-finding bounty (2018) https://www.facebook.com/whitehat/thanks/
I found a vulnerability on WhatsApp under Bug bounty program
• Microsoft-acknowledged Security Researcher - October 2017 Security Researchers list https://technet.microsoft.com/en-us/security/cc308589.aspx COMMON SKILLS
• Strong technical skills and ability to think hackers' way
• Experienced in installing firewalls, anti-virus software, and protecting confidential information
• Skilled in testing, maintaining, & troubleshooting computer network
• Ability to protect data and network system from cyber attack
• Strong knowledge of banking and financial business procedures
• Excellent analytical, risk-assessments, and problem-solving skills
• Adept in planning, designing, and implementing information security programs
• Strong organizational skills and ability to multi-task TECHNICAL SKILLS
• Penetration Testing
• Incident Handling & Response via SIEM Tool (HP Arcsight and LogRhythm)
• Vulnerability Management (Nessus, Acunetix, and Nexpose)
• Attacks and Frameworks – SQL Injection, Metasploit, XSS, CSRF, Nmap, Nessus, Burp Suite, Burpsuite, SqlMap
• Reverse engineering
• Languages – C, C#, Java, Shell Programming, C++, Perl, PHP, Web - ASP.NET, HTML, JavaScript, CSS, JQuery, ArcGIS, Bootstrap
• Operating Systems – Linux (Fedora, Debian Kali and Ubuntu), Windows
• Networking: Packet Analysis ( Wireshark)
• IDS Snort, Splunk, Firewall, IDS/IPS, Access Control
• Systems Administration: Active Directory, DNS, FTP, SSH, DHCP, SMB, HTTP
• Vulnerability Assessment: Nmap, Nessus, Metasploit, Honeypots and BurpSuite
• End Point Security: McAfee Suits McAfee MOVE AV, Symantec McAfee Email Security Gateways GUI & CLI, McAfee Network Data Loss Prevention
• Platforms/Applications: Continuous Monitoring Vulnerability Management, Web Application Scanning, Threat Protect
• Networking: LAN, WAN, Wi-Fi, DNS, WINS, DHCP, TCP/IP, ISCSI, Firewalls/IPS/IDS
• Protocols: TCP/IP, SSL, SSH, UDP, DHCP, DNS, SNMP, TLS etc.
• Domain Knowledge: Risk Management, ISO 27001, COBIT, SWOT analysis, Cryptography, Incident Response, Penetration Test, Risk Assessment
• HIPAA
• Experience in Firewall technology
PROJECT EXPERIENCES
• Developed Automatic Vulnerability Fixing Tool using JAVA algorithms for Final Year Research .
• Asymmetric Encryption examples through Java (GUI) - https://github.com/thuva11/AsymetricEncryprion
• Developed Hotel Management System Website for a John Marry Hotel (C#, ASP.NET)
– C# Programmer and DB Admin
• Developed Airline Reservation System Website utilizing Java & MySQL (School Project)
– Java Programmer and DB Admin
• Catch Me if You Can (Capture the Flag) – Information Security Project (2018), utilizing Cryptography, Steganography, Reverse Engineering, Forensics
REFERENCE
Available upon request.