About Me
Professional Summary
I am a results-driven offensive security professional with hands-on experience across vulnerability assessment, penetration testing, and security consultancy. Currently working as a Trainee Information Security Consultant at Trustvault, where I specialize in web, API, network, and Active Directory penetration testing.
My passion lies in red teaming and securing critical systems by thinking like an adversary. I continuously strive to uncover complex vulnerabilities and provide actionable remediation strategies to enhance the overall security posture of organizations.
Experience
Trainee Information Security Consultant
Trustvault
Sep 2025 – Present
- Internal VAPT (black box & grey box) using Nessus
- External Network Penetration Testing (real-world attack simulations)
- Web Application Pentesting using Burp Suite (OWASP Top 10)
- API Penetration Testing (auth, injection flaws)
- Active Directory Pentesting (enumeration, privilege escalation, lateral movement)
- Wireless & Mobile Pentesting
- Endpoint Security Assessments
- Firewall, Database & DNS configuration reviews
- Phishing simulations using PhishingBox
- Security compliance assessments & full pentest report writing
Cyber Security Intern
Centre for Defence Research and Development (Ministry of Defence Sri Lanka)
- Built open-source SOC (SIEM, HIDS, NIDS, EDR, SOAR)
- Threat hunting & intelligence analysis
- Bluetooth & Wireless penetration testing
- Hardware pentesting exposure
- Network device configuration (routers, switches, firewalls)
- VMware ESXi & server handling
Education
BSc (Hons) in Information Technology (Cyber Security)
Sri Lanka Institute of Information Technology
2022 – 2026
Technical Skills
Domains
Tools & Infra
Certifications
- CR
CRTA
Certified Red Team Analyst
- EJ
eJPT
Junior Penetration Tester
- OC
Oracle Cloud Foundations Associate
- CC
CCNA
- LSA
Linux Server Administration