Summary
Overview
Work History
Education
Skills
Certification
Personal Information
Timeline
Generic
Gayan Ranaweera

Gayan Ranaweera

Jordbro,AB

Summary

Dynamic IT Consultant with extensive experience at Hybrus AB, specializing in network security and cloud architecture. Achieved a 40% improvement in global security posture through Zero Trust implementations. Proficient in firewall management and skilled in effective communication, driving successful security assessments and compliance across diverse environments.

Overview

14
14
years of professional experience
1
1
Certification

Work History

IT Consultant

Hybrus AB
06.2025 - Current
  • Implemented OT network segmentation and Palo Alto firewall controls, including IPS, application inspection, and secure IT/OT integration, ensuring compliance with NIST, ISO 27001, and IEC 62443 standards.
  • Designed, implemented, and supported Palo Alto Networks firewalls across on-premises, AWS, and Azure, enabling secure connectivity for large-scale, distributed environments.
  • Led firewall vendor migrations to Palo Alto Networks using Expedition, ensuring optimized policy conversion and zero disruption to business operations.
  • Deployed and operated Panorama and Strata Cloud Manager for centralized management of hybrid firewalls and Prisma Access, supporting scalable global operations.
  • Implemented and supported Prisma Access for Mobile Users, Remote Networks, and Service Connections, securing internet access and private access and inter branch connectivity.
  • Designed and supported Palo Alto Prisma SD-WAN for secure, optimized branch connectivity.
  • Designed and deployed a Zero Trust architecture using Strata Cloud Manager and Cloud Identity Engine (CIE), enabling identity-based policy enforcement and centralized visibility across multi-site environments.
  • Performed security hardening, policy optimization, and rule lifecycle management, leveraging App-ID and User-ID to improve traffic visibility and reduce attack surface.
  • Automated security enforcement with Dynamic Address Groups (DAGs) and Auto-Tagging integrated with Azure/AWS Cloud Plugin for dynamic protection of cloud workloads.
  • Architected hybrid cloud network connectivity using AWS NLB, VPN Gateway, Transit Gateway, Azure ExpressRoute, and Load Balancers to enhance network resilience and secure cloud integration.
  • Implemented IPsec and BGP-based connectivity between on-prem Palo Alto firewalls and AWS Transit Gateway, ensuring seamless failover with Direct Connect.
  • Configured and maintained NetBox IPAM and Statseeker for accurate IP address management and proactive network monitoring.
  • Conducted security and compliance assessments of network and security devices, identifying risks and ensuring alignment with enterprise security standards.

Senior Network Security Engineer

Softlogic Information Technologies (Pvt) Ltd
Colombo
09.2024 - 06.2025
  • Led enterprise firewall deployments and migrations across Palo Alto Networks, Fortinet, Check Point, and Cisco FTD, ensuring seamless vendor transitions with no impact to global retail operations.
  • Implemented and maintained Cloudflare WAF rules and DDoS mitigation policies, providing daily monitoring, tuning, and incident support for production environments.
  • Designed and implemented SD-WAN and SASE architectures using Palo Alto and Fortinet, centrally managed via Panorama and FortiManager, enabling secure connectivity for stores, offices, and cloud workloads.
  • Implemented SSE platforms (Prisma Access, Zscaler, Check Point Harmony) to secure internet and private access, enhancing global security posture through identity- and posture-based access controls.
  • Delivered security gap assessments and Zero Trust-aligned network roadmaps, translating business and retail operations requirements into secure, scalable network architectures supporting global digital transformation.
  • Designed highly available enterprise and datacenter networks aligned with business continuity and compliance requirements, ensuring service availability exceeding 99.95% across distributed environments.
  • Built cloud-first network architectures in Azure, including private VNETs, VPN connectivity, and Zero Trust access policies, supporting secure integration of retail, supply chain, and corporate platforms.
  • Automated network provisioning, compliance validation, and configuration drift detection using Ansible and Python, streamlining operations in large-scale environments.

Network Security Engineer

Fentons Information Technology
Colombo
05.2021 - 08.2024
  • Designed and deployed 70+ enterprise firewall solutions across Palo Alto Networks, Check Point, Fortinet, and Cisco FTD, strengthening global network security and reducing unauthorized access incidents by 45%.
  • Designed and secured Azure cloud networking architectures, implementing hub-and-spoke topologies, Azure Firewall, Network Security Groups (NSGs), Application Gateway, and private endpoints, ensuring secure, compliant connectivity for enterprise workloads.
  • Designed and implemented Secure Service Edge (SSE) / SASE architectures using Check Point Harmony and Palo Alto Prisma, enabling Zero Trust Network Access (ZTNA) for secure internet and private application access while delivering a consistent user experience across the organization.
  • Configured and supported Check Point CloudGuard WAF, protecting web applications from OWASP Top 10 threats.
  • Architected and delivered 60+ scalable enterprise network infrastructures using Cisco, Juniper, Aruba, and Huawei, improving network throughput and reliability by 35% to support business growth.
  • Designed and optimized Layer 2/Layer 3 architectures with VLAN segmentation, VXLAN-EVPN overlays, and redundancy mechanisms (HSRP, VRRP, vPC/MLAG), ensuring resilient, always-on connectivity.
  • Deployed and managed Aruba ClearPass and FortiNAC, implementing endpoint posture validation, dynamic access controls, BYOD onboarding, and guest Wi-Fi services to strengthen identity-driven network access.
  • Delivered integrated security architectures across EDR/XDR (SentinelOne, Cortex, Check Point Harmony), SWG, DLP, WAF, PAM, ADC, SDWAN, and network performance monitoring, resulting in reduced security breaches.
  • Led 70+ Proof of Concept (PoC) and Proof of Value (PoV) engagements, providing technical leadership that accelerated solution validation and reduced deployment timelines by 30%.
  • Applied security controls aligned with ISO 27001, GDPR, and NIST frameworks, supporting enterprise compliance and data protection requirements.

Information Security Engineer

CryptoGen (Pvt) Ltd
Colombo
09.2016 - 04.2021
  • Designed, implemented, and managed security solutions including SentinelOne EDR, Fortinet WAF, Manage Engine, Darktrace NDR, Arcon PAM, ForcePoint DLP, SkyBox Firewall and Network Policy Manager, Fortinet Proxy, LogRhythm SIEM, and SilverPeak WAN Optimization.
  • Designing, implementing, and managing 40+ PaloAlto/ Checkpoint Firewall solutions with customers.
  • Implemented best practices to harden devices against potential vulnerabilities.
  • Conducted proof of value and proof of concept for network and security solutions, validating their effectiveness for stakeholders.
  • Colombo, Sri Lanka

Network Engineer

Gulf Business Centre
Doha
02.2015 - 08.2016
  • Designed and implemented enterprise-grade cybersecurity architectures for 80+ customers in Qatar, ensuring robust protection against threats.
  • Designed, implemented, and managed 50+ firewall solutions (Palo Alto, Fortinet, Cisco ASA) to meet diverse customer security needs.
  • Designing, implementing, and managing 60+ HPE Comware/ HPE Procurve /IMC/ Enterprise Network Infrastructure solutions with customers.
  • Integrated network solutions across multiple vendor products to improve compatibility and streamline customer operations.
  • Performed network troubleshooting to quickly resolve connectivity and performance issues, ensuring adherence to SLA requirements.
  • Doha, Qatar

Engineer Specialist

Virtusa
Colombo
02.2014 - 02.2015
  • Maintained core IT infrastructure, disaster recovery, and backup solutions, ensuring high availability and reliability for critical services.
  • Managed system upgrades and patch deployments while monitoring infrastructure to ensure stability and security of systems.
  • Colombo, Sri Lanka

Systems Engineer

Univell Microsystems (Pvt) Ltd
Colombo
01.2012 - 02.2014
  • Designed, implemented, and managed 40+ Extreme, Juniper, and enterprise networking solutions, improving customer infrastructure reliability.
  • Designed, implemented, and managed 20+ Juniper firewall solutions, enhancing customer network security.
  • Troubleshot network issues to resolve connectivity and performance problems, maintaining SLA compliance.
  • Colombo, Sri Lanka

Education

MSc. - Network and Information Security

Kingston University
United Kingdom
05.2022

BSc. (Hons) - Information Technology, Computer Systems & Networking

SLIIT
Sri Lanka
12.2011

Skills

  • Network design
  • Network Protocols
  • Routing and Switching
  • Network automation
  • Virtualization & Container Networking
  • Cloud Networking
  • Information security
  • Firewall management
  • Network segmentation
  • Security assessments
  • Security strategy
  • Cloud architecture
  • Monitoring
  • Problem solving
  • Project documentation
  • Team collaboration
  • Effective communication
  • Interpersonal skills
  • Pressure decision-making
  • Project documentation
  • Problem solving
  • Cloud architecture
  • Security strategy

Certification

  • PaloAlto Next-Gen Firewall Engineer | PCNSE
  • Check Point Certified Security Expert | Maestro Expert
  • Fortinet Certified Solution Specialist Cloud Security | SASE | Secure Networking
  • Cisco Certified Network Professional
  • HPE ASE - FlexNetwork Architect
  • Juniper Networks Certified Specialist - ENT | Security
  • CompTIA Network+

Personal Information

Title: Network Security Engineer / Solution Architect

Timeline

IT Consultant

Hybrus AB
06.2025 - Current

Senior Network Security Engineer

Softlogic Information Technologies (Pvt) Ltd
09.2024 - 06.2025

Network Security Engineer

Fentons Information Technology
05.2021 - 08.2024

Information Security Engineer

CryptoGen (Pvt) Ltd
09.2016 - 04.2021

Network Engineer

Gulf Business Centre
02.2015 - 08.2016

Engineer Specialist

Virtusa
02.2014 - 02.2015

Systems Engineer

Univell Microsystems (Pvt) Ltd
01.2012 - 02.2014

MSc. - Network and Information Security

Kingston University

BSc. (Hons) - Information Technology, Computer Systems & Networking

SLIIT

Similar Profiles

  • Michael CreasserMichael Creasser

    Network, Systems and Security Consultant at TD Securities Automated TradingNetwork, Systems and Security Consultant at TD Securities Automated Trading

  • Awais KhalidAwais Khalid

    Network Consultant at ISM CanadaNetwork Consultant at ISM Canada

  • Kenneth EllisonKenneth Ellison

    IT Network Consultant at Self Employed/FreelanceIT Network Consultant at Self Employed/Freelance

  • BABAJIDE UMARBABAJIDE UMAR

    Computer Network Administrator/Analyst Consultant at UNIVERSITY OF ILORIN TEACHING HOSPITALComputer Network Administrator/Analyst Consultant at UNIVERSITY OF ILORIN TEACHING HOSPITAL

CREATE PROFILE
Gayan Ranaweera