Sanjaya Ranasinghe

• Designed and implemented secure remote access in AWS using Client VPN and Zero Trust principles, enabling encrypted, least-privilege access for distributed teams.
• Applied IAM policies, security groups, and audit logging to enforce compliance, improve visibility, and reduce attack surfaces across AWS workloads.
• Led development of secure, automated UAT environments using ephemeral IaC pipelines (Bitbucket, Terraform, AWS), enhancing security and cost efficiency.
• Integrated OpenVAS vulnerability scanning into CI/CD pipelines and Jira, automating remediation and reducing MTTR.
• Mentored DevOps engineers in cloud security, vulnerability management, and secure-by-design practices, embedding ISO 27001 and Essential Eight compliance into operations.

UNIVERSITY PLACEMENT

• Developed and implemented access control policies, strengthening security posture and ensuring compliance with business requirements.
• Designed and deployed Bash automation tool, integrated with AlienVault (SIEM), to analyze suspicious URLs from alarms.
• Queried VirusTotal API for risk classification, automated alerts, and reduced manual workload.
• Integrated CrowdStrike into incident response workflows, enabling threat detection, investigation, and mitigation across endpoints.
• Improved incident response efficiency through automation and policy alignment with IT and security teams.

• Configured and managed OpenVAS vulnerability scanning across on-premise and AWS workloads, automating reporting and remediation through Jira.
• Implemented quarterly security scanning processes that identified and mitigated high-risk vulnerabilities, ensuring compliance with security standards.
• Developed Python automation scripts to parse OpenVAS reports and create Jira tickets, streamlining vulnerability management.
• Configured AWS Client VPN endpoints and BIND DNS to provide secure hybrid network access, and seamless domain resolution.
• Migrated Docker-based applications to AWS ECS, leveraging CloudFormation and ECR to improve scalability and deployment consistency.
• Built and maintained Jenkins CI/CD pipelines integrated with Bitbucket, automating build, test, and deployment workflows.
• Delivered zero-downtime deployments with infrastructure-as-code, automated rollbacks, and cloud-native best practices.

• Designed and implemented secure remote access in AWS using Client VPN and Zero Trust principles, enabling encrypted, least-privilege access for distributed teams.
• Enforced compliance and reduced attack surfaces through IAM policies, security groups, and audit logging across AWS workloads.
• Developed secure, automated UAT environments with ephemeral IaC pipelines (Bitbucket, Terraform, AWS), improving security and cost efficiency.
• Integrated OpenVAS vulnerability scanning into CI/CD pipelines and Jira, automating remediation and reducing MTTR.
• Mentored DevOps engineers on cloud security, vulnerability management, and secure-by-design practices, aligning operations with ISO 27001 and Essential Eight.

• Deployed and managed containerized applications using Docker, Docker Compose, and Docker Swarm, ensuring scalability, and reliable production releases.
• Administered and maintained Linux-based systems (Debian, CentOS) across development, staging, and production environments.
• Configured and managed Zabbix monitoring infrastructure with email alerting, serving as the primary administrator for Sri Lanka’s largest Zabbix-based mail server at the time.
• Built and maintained CI/CD pipelines with Bitbucket, automating deployments to improve delivery speed and reliability.
• Managed database servers (MS SQL, MySQL, MariaDB, MongoDB), implementing backup and recovery strategies to ensure performance, security, and business continuity.

• Managed firewall/proxy servers (pfSense), mail servers (Zimbra), and Linux systems (CentOS, RedHat, SUSE), ensuring security, performance, and stability across environments.
• Built and optimized CI/CD pipelines in collaboration with developers, automating deployments and system operations with Bash and Ansible.
• Administered and maintained Jira and Confluence, streamlining workflows and improving team efficiency.
• Deployed and maintained container clusters using Docker Swarm and Kubernetes, supporting scalable application environments.
• Supported development and QA teams by designing Linux server environments, handling production operations (deployments, upgrades, patches), and mentoring team members.