Gaya Dissanayake, Developer in Tallinn, Estonia
Gaya is available for hire
Hire Gaya

Gaya Dissanayake

Verified Expert  in Engineering

Cybersecurity and DevOps Developer

Location
Tallinn, Estonia
Toptal Member Since
April 22, 2021

Gaya is a cybersecurity expert who loves finding cracks in company security and creating powerful solutions to fill them. With numerous global CTF (capture the flag) competitions under her belt, Gaya excels in vulnerability management, cloud security, incident response, security awareness, and security risk management (PCI/DSS, ISO 27001, CMMC). Gaya is well versed with Qualys, Rapid7, Nessus, Splunk, Carbon Black, SentinelOne, Azure Sentinel, Azure cloud tools, and those in Kali Linux.

SecurityVulnerability ManagementCybersecurityCertified Ethical Hacker (CEH)Web SecuritySystem AdministrationCloud SecurityVMware ESXiFirewallsDigital ForensicsKali LinuxAzure Active DirectoryWindows ServerIncident ResponseCloud Security FrameworkIncident Response

Portfolio

AFS
Kali Linux, Research, Security, IT Audits, PCI DSS, Vulnerability Management...
Virtusa
Cybersecurity, Virtualization, IT Audits, IT Security, Web Security, Kali Linux...
Lankacom
Web Security, Virtualization, VMware ESXi, IT Support, IT Security, ModSecurity...

Experience

Security - 8 yearsPCI DSS - 5 yearsVulnerability Management - 5 yearsConsulting - 5 yearsIncident Management - 5 yearsCloud Security - 3 yearsSentinel - 3 years

Availability

Full-time

Preferred Environment

Windows, Linux, Kali Linux

The most amazing...

...global CTF (capture the flag) competition I won defeating one of the top 20 universities was for exemplary manual and automated testing.

Work Experience

Cybersecurity Engineer

2017 - 2020
AFS
  • Involved in the Cloud Security project including the process building and use case development.
  • Engaged primarily in vulnerability management and PCI DSS.
  • Oversaw incident management and handling, contributing to the entire process.
Technologies: Kali Linux, Research, Security, IT Audits, PCI DSS, Vulnerability Management, Incident Management, Cloud Security, Office 365, Azure, Cybersecurity, Azure Active Directory, Compliance

Specialized Engineer

2014 - 2016
Virtusa
  • Acted as the main security point-of-contact responsible for 100+ end user security including risk management and vulnerability identifications.
  • Contributed as a key member of the research and development team for internal tools.
  • Handled application-level security and OS level hardening.
Technologies: Cybersecurity, Virtualization, IT Audits, IT Security, Web Security, Kali Linux, Security, System Administration, Compliance

Associate Engineer

2013 - 2014
Lankacom
  • Managed shared (cPanel/Plesk ), dedicated, Cloud (AWS, Rackspace), and VPS web hosting in Linux and Windows.
  • Oversaw Open source/ModSecurity-based research and development.
  • Managed log monitoring and maintenance, including incident handling.
Technologies: Web Security, Virtualization, VMware ESXi, IT Support, IT Security, ModSecurity, System Administration, Compliance

Technical Support Analyst

2013 - 2013
Paycorp
  • Contributed as a key member of the initial PCI-DSS project and process improvements.
  • Provided technical support and security checks for end users including troubleshooting.
  • Created process improvements for log and monitoring the systems.
Technologies: PCI DSS, Security, Technical Support, System Administration, Compliance

Trainee Network Security Engineer

2012 - 2012
SLT
  • Structured cabling and fiber optic cabling in a major project.
  • Delivered a cost benefit analysis proposal and configuration of Cisco Identity Search Engine and rule management.
  • Researched and developed the Bring Your Own Device (BYOD) using Cisco Identity Search Engine.
Technologies: Security, Windows Server, Linux Servers, Firewalls, Research

Risk Assessment and Vulnerability Management

I have consulted for cybersecurity-related certifications including PCI DSS, CMMC, ISO 27001. I have worked with PCI DSS level 1 and 3 companies and have been engaged in the full vulnerability management process and competent with Qualys, Rapid7, Nessus, etc.

Main responsibilities included consultancy, vulnerability and risk management, incident management, asset management, IAM, project planning, and tool selections.

Global Hack - Hackathon 2020

https://devpost.com/software/muvi-mobile-uv-innovations-pty-ltd
The hackathon consisted of 15,000 participants around the world with the motivation of finding solutions to the global pandemic. Over 100 countries participated and more than 500 projects were submitted. It was a 48-hour hackathon.
My team participated in one of the tracks (with the most submissions) winning third place.

Highlights:
• I did not know anybody in my team so it was a very quick adoption within the 48 hours to work towards a common goal.
• It was an intense 48 hours of hard work, but passion and a great to-do attitude lead us to victory.
• We received a monetary price and it was purely dedicated for the continuation of the project.
• I acted in the project management and business consultation side apart from my specialty.

Security CTFs

I had been engaged in multiple CTF (capture the flag) competitions globally. Manual and automated testing had been conducted, including passive active and passive reconnaissance, exploit detections, and injections.

Biggest achievement:
We won first place defeating one of the top 20 universities in the world (name will not be disclosed due to security issues).

Industry Expertise

Cybersecurity, Project Management

Other

Vulnerability Management, Security, Incident Management, PCI DSS, Consulting, Technical Support, IT Security, IT Consulting, Compliance, Risk Assessment, Research, IT Audits, Office 365, IT Support, CompTIA, Cloud Security, Microsoft 365, Ethical Hacking, Digital Forensics, Virtualization, Linux Servers, Firewalls, Web Security, VMware ESXi, ModSecurity, Business Process Analysis, Incident Response, Security Design, System Administration, Certified Ethical Hacker (CEH)

Platforms

Azure, Kali Linux, Windows Server

Languages

Bash Script

Tools

Sentinel

Storage

Azure Active Directory

2016 - 2018

Master's Degree in Cybersecurity

TTU - Estonia

JUNE 2023 - JULY 2024

Security Operations Analyst

Microsoft

NOVEMBER 2020 - PRESENT

MS-500: Microsoft 365 Security Administration

Microsoft

AUGUST 2020 - PRESENT

AZ-500: Microsoft Azure Security Technologies

Microsoft

APRIL 2020 - PRESENT

Exam AZ-900: Microsoft Azure Fundamentals

Microsoft

SEPTEMBER 2018 - PRESENT

Nexpose Certified Administrator

Rapid7

APRIL 2014 - PRESENT

Certified Ethical Hacker

EC council

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring