Gaya Dissanayake, Developer in Tallinn, Estonia
Gaya is available for hire
Hire Gaya

Gaya Dissanayake

Verified Expert  in Engineering

Cybersecurity and DevOps Engineer Developer

Tallinn, Estonia

Toptal member since April 22, 2021

Expertise
IT ConsultantCybersecuritySystem SecurityEthical HackingSystem AdministrationAzure
Bio

Gaya is a cybersecurity expert with a passion for uncovering vulnerabilities and building robust defenses to close them. A seasoned competitor in global capture-the-flag (CTF) challenges, she brings deep expertise in vulnerability management, cloud security, incident response, security awareness, and risk management across frameworks such as PCI DSS, ISO 27001, and CMMC. Gaya is proficient with leading cybersecurity tools, including Qualys, Rapid7, Nessus, Splunk, and the Kali Linux toolkit.

Portfolio

AFS
Kali Linux, Research, Security, IT Audits, PCI DSS, Vulnerability Management...
Virtusa
Cybersecurity, Virtualization, IT Audits, IT Security, Web Security, Kali Linux...
Lankacom
Web Security, Virtualization, VMware ESXi, IT Support, IT Security, ModSecurity...

Experience

  • Security - 12 years
  • PCI DSS - 5 years
  • Vulnerability Management - 5 years
  • Consulting - 5 years
  • Incident Management - 5 years
  • Sentinel - 3 years
  • Cloud Security - 3 years

Availability

Full-time

Preferred Environment

Windows, Linux, Kali Linux

The most amazing...

...global capture-the-flag (CTF) competition I won involved defeating one of the top 20 universities, thanks to exemplary manual and automated testing.

Work Experience

Cybersecurity Engineer

2017 - 2020
AFS
  • Guided cloud security initiatives, including process development and use case creation.
  • Focused on vulnerability management and compliance with the Payment Card Industry Data Security Standard (PCI DSS).
  • Oversaw end-to-end incident management and response, ensuring swift resolution and continuous improvement.
Technologies: Kali Linux, Research, Security, IT Audits, PCI DSS, Vulnerability Management, Incident Management, Cloud Security, Office 365, Azure, Cybersecurity, Azure Active Directory, Compliance

Specialized Engineer

2014 - 2016
Virtusa
  • Served as the primary security point of contact, overseeing risk management and vulnerability identification for over 100 end users.
  • Played a key role in the research and development of internal security tools.
  • Managed application security and implemented operating system hardening.
Technologies: Cybersecurity, Virtualization, IT Audits, IT Security, Web Security, Kali Linux, Security, System Administration, Compliance

Associate Engineer

2013 - 2014
Lankacom
  • Managed shared web hosting using cPanel and Plesk, dedicated servers, cloud environments such as AWS and Rackspace, and VPS hosting across Linux and Windows platforms.
  • Spearheaded research and development efforts focused on open-source and ModSecurity-based solutions.
  • Managed log monitoring and maintenance processes, including incident response and resolution.
Technologies: Web Security, Virtualization, VMware ESXi, IT Support, IT Security, ModSecurity, System Administration, Compliance

Technical Support Analyst

2013 - 2013
Paycorp
  • Contributed as a key member to the initial PCI DSS project and ongoing process improvements.
  • Provided technical support and conducted security checks for end users, including troubleshooting.
  • Implemented process improvements for system logging and monitoring.
Technologies: PCI DSS, Security, Technical Support, System Administration, Compliance

Trainee Network Security Engineer

2012 - 2012
SLT
  • Structured cabling and fiber optic cabling in a major project.
  • Delivered a cost-benefit analysis and configured Cisco Identity Services Engine (ISE) with rule management.
  • Researched and developed a Bring Your Own Device (BYOD) solution using Cisco ISE.
Technologies: Security, Windows Server, Linux Servers, Firewalls, Research

Experience

Risk Assessment and Vulnerability Management

I consulted on cybersecurity certifications such as PCI DSS, CMMC, and ISO 27001, working extensively with PCI DSS Level 1 and Level 3 companies. I was fully engaged in the vulnerability management lifecycle and am proficient with tools like Qualys, Rapid7, and Nessus.

My primary responsibilities included providing expert consultancy, managing vulnerabilities and risks, overseeing incident response, handling asset management, administering identity and access management (IAM), leading project planning, and guiding tool selection to strengthen security posture.

Global Hack, Hackathon 2020

https://devpost.com/software/muvi-mobile-uv-innovations-pty-ltd
The hackathon attracted 15,000 participants from over 100 countries, all motivated to find solutions to the global pandemic. More than 500 projects were submitted during the intense 48-hour event. My team competed in one of the tracks with the highest number of submissions and secured 3rd place.

Despite not knowing any team members beforehand, I quickly adapted to collaborate effectively toward our common goal within the limited timeframe. The 48 hours were intense and demanding, but our passion and positive attitude drove us to success. We were awarded a monetary prize, which was fully dedicated to continuing the project. In addition to my technical expertise, I took on project management and business consulting responsibilities to support our efforts.

Security CTFs

I participated in multiple global CTF competitions, conducting manual and automated testing. My work included active and passive reconnaissance, exploit detection, and injection techniques.

My greatest achievement was winning 1st place against one of the world's top twenty universities, whose name I cannot disclose due to security reasons.

Education

2016 - 2018

Master's Degree in Cybersecurity

Tallinn University of Technology (TTU) - Tallinn, Estonia

Certifications

JUNE 2023 - JULY 2024

Security Operations Analyst

Microsoft

NOVEMBER 2020 - PRESENT

MS-500: Microsoft 365 Security Administration

Microsoft

AUGUST 2020 - PRESENT

AZ-500: Microsoft Azure Security Technologies

Microsoft

APRIL 2020 - PRESENT

Exam AZ-900: Microsoft Azure Fundamentals

Microsoft

SEPTEMBER 2018 - PRESENT

Nexpose Certified Administrator

Rapid7

APRIL 2014 - PRESENT

Certified Ethical Hacker

EC council

Skills

Tools

Sentinel

Industry Expertise

Cybersecurity, Project Management

Platforms

Azure, Kali Linux, Windows Server

Languages

Bash Script

Storage

Azure Active Directory

Other

Vulnerability Management, Security, Incident Management, PCI DSS, Consulting, Technical Support, IT Security, IT Consulting, Compliance, Risk Assessment, Research, IT Audits, Office 365, IT Support, CompTIA, Cloud Security, Microsoft 365, Ethical Hacking, Digital Forensics, Virtualization, Linux Servers, Firewalls, Web Security, VMware ESXi, ModSecurity, Business Process Analysis, Incident Response, Security Design, System Administration, Certified Ethical Hacker (CEH)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring