Eroshan Weerathunga, Developer in Toronto, ON, Canada
Eroshan is available for hire
Hire Eroshan

Eroshan Weerathunga

Verified Expert  in Engineering

Cybersecurity Engineer and Software Developer

Toronto, ON, Canada

Toptal member since December 6, 2022

Bio

Eroshan has over twelve years of experience in cybersecurity solutions. Eroshan's expertise includes helping clients manage and respond to rapidly evolving cyber threats. He has advised some of the largest organizations in North America and worldwide. He led a cybersecurity services portfolio. He also has experience with product development, has managed product vulnerabilities, and managed software development lifecycle (SDLC) for substation automation and protection devices.

Portfolio

PwC
Software, Supervisory Control & Data Acquisition (SCADA)...
General Electric
Security Analysis, Threat Modeling, Secure Coding...
General Electric
VxWorks, Linux, C, Embedded C, Embedded Linux...

Experience

Availability

Full-time

Preferred Environment

Industrial Control Systems (ICS), Risk Assessment, Threat Modeling, Security Testing, Supervisory Control & Data Acquisition (SCADA)

The most amazing...

...experience I've had in cybersecurity is to safeguard critical infrastructure and protect people who would be impacted by a cybersecurity attack

Work Experience

Manager: Cybersecurity, Privacy, and Financial Crime

2022 - PRESENT
PwC
  • Led a threat and risk assessment (TRA) and remediation project for a Canadian healthcare solution provider. Eliminated cybersecurity threats and vulnerabilities before the digitally enabled healthcare navigation tool launched.
  • Managed a cybersecurity risk management project for one of the largest electricity generation companies in the US. Identified the risk exposure and planned risk mitigation activities. Evaluated cybersecurity risk for IT, OT, and NERC CIP assets.
  • Developed cybersecurity policy and procedure for a Canadian-regulated electricity distribution company. Reviewed existing organizational policies and identified digital crown jewels and relevant owners.
  • Led a vulnerability management project using Tenable for a Canadian electricity transmission and distribution company. Eliminated cybersecurity threats and vulnerabilities. Sustained a strong cybersecurity posture.
Technologies: Software, Supervisory Control & Data Acquisition (SCADA), Industrial Control Systems (ICS), Network Security

Senior Cybersecurity Engineer

2017 - 2022
General Electric
  • Developed NERC CIP compliance assessments on substation automation products and created product security requirements for developemnt.
  • Developed OT security architectures. Carried out threat modelling and that assessment and provided recommendations to remediate security gaps.
  • Provided consultation on OT and NIDS selection. Deployed OT NIDS on several substations.
  • Developed and managed a cybersecurity services portfolio. Managed strategic alliances and partnerships.
Technologies: Security Analysis, Threat Modeling, Secure Coding, Supervisory Control & Data Acquisition (SCADA), Software Development Lifecycle (SDLC), Security Architecture, Network Security

Firmware Engineer

2012 - 2017
General Electric
  • Developed a vulnerability and penetration testing framework for the GE grid automation product portfolio. Identified vulnerabilities early in their development cycle.
  • Implemented and validated SCADA protocols such as DNP3, IEC 60870-5-101, 104, Modbus, and EC 61850. Implementated and tested security technologies, such as DNP3, RADIUS, SSH, Syslog, VPN, TLS/SSL, KDC, OCSP, and SCEP.
  • Developed a vulnerability and penetration testing framework for the GE grid automation product portfolio. Identified vulnerabilities early in their development cycle.
  • Designed and executed penetration testing on OT devices to identify product security vulnerabilities. Provided vulnerability remediation actions to improve product cybersecurity maturity.
  • Carried out Wurldtech Achilles, Mu Dynamics, and Nessus tests to evaluate product cybersecurity attack tolerance.
Technologies: VxWorks, Linux, C, Embedded C, Embedded Linux, Real-time Operating System (RTOS), Embedded Systems, Security Architecture, Network Security

Threat Modeling and Penetration Testing

Developed a vulnerability and penetration testing framework for the GE Grid Automation product portfolio. I identified vulnerabilities early in their development cycle. I developed threat models for substation automation and substation protection devices. Wurldtech Achilles, Mu Dynamics, and Nessus tests were used to evaluate product cybersecurity attack tolerance. I designed and executed penetration testing on OT devices to identify product security vulnerabilities. I also provided vulnerability remediation actions to improve product cybersecurity maturity.

Threat and Risk Assessment

Delivered threat risk assessment (TRA) that aims to identify related security risks for the healthcare navigation systems and developed recommendations to address identified risks. This TRA assessed the high inherent risks of the healthcare navigation environment for vulnerabilities examined and potential threats associated with those vulnerabilities and evaluated the current residual risk to be addressed. Key TRA activities include assets identification and valuation, threat assessment, vulnerability review, risk assessment, and recommendations. The TRA report I created helped the client understand the various threats to the healthcare navigation system, determining the level of risk these systems are exposed to and recommending the appropriate level of protection.
2010 - 2012

Master's Degree in Electrical and Computer Engineering

Western Universiy - Ontario, Canada

2005 - 2009

Bachelor's Degree in Electronics and Telecommunication Enginnering

University of Moratuwa - Colombo, Sri Lanka

Platforms

Windows, VxWorks, Linux, Embedded Linux

Industry Expertise

Cybersecurity, Network Security, Telecommunications

Languages

C, Embedded C

Other

Industrial Control Systems (ICS), Security Analysis, Threat Modeling, Supervisory Control & Data Acquisition (SCADA), Software Development Lifecycle (SDLC), Risk Assessment, Security Testing, Real-time Operating System (RTOS), Embedded Systems, Security Architecture, Compliance, Secure Coding, Software, IoT Security, Threat Analytics, Risk Analysis

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring