My roles and responsibilities are as follows - – Conduct comprehensive scans of the organization's networks, systems, and applications to identify vulnerabilities.– Analyze the severity and potential impact of identified vulnerabilities, considering the specific context of the organization.– Prioritize vulnerabilities based on risk, considering both the likelihood of exploitation and the potential damage or data loss.– Conducting Risk Assessments for vulnerabilities that the infrastructure team can't remediate and creating risk exceptions with proper executive approvals.– Collect threat intelligence from various sources, including commercial feeds, open-source intelligence (OSINT), and information sharing communities.– Align threat intelligence with organizational assets and vulnerabilities to understand potential security breaches and the methods by which these might be exploited.– Work closely with other IT and cybersecurity teams to ensure a unified approach to security and assist the incident response team in identifying and addressing vulnerabilities during security incidents.– Engage with various stakeholders within the organization to communicate findings and recommend actions.– Take lead on various infrastructure implementation projects and ensure projects are delivered in a timely manner.– Coordinated with the PMs and platform teams within the enterprise to tackle the vulnerabilities and ensure projects’ security requirements.– Produce monthly metrics reports detailing threat landscape trends, identified vulnerabilities, and the status of ongoing mitigation efforts.

Technology Associate, Cybersecurity is a 2-year rotation in 3 different cybersecurity domains in CTC. Currently on my 3rd rotation with the Cyber Endpoint Security team.– Deploy, configure, and manage endpoint protection solutions such as antivirus software, anti-malware tools, and intrusion detection/prevention systems. (McAfee/Trellix, MS Defender).– Ensure all endpoints have the latest security patches installed to ensure compliance with industry standard and periodically check device health from scan reports.– Manage security configurations, ensuring they align with security policies and industry best practices on endpoints such as Windows, Linux, MacOS, iOS and other platforms. (Microsoft Intune)– Monitor data loss prevention (DLP) systems and prevent unauthorized data transfers using Microsoft Purview to check DLP rules for blocking PAN/PII data and other rules related to DLP.– Evaluate new endpoint security tools to enhance organization’s security capabilities and deploying security tools to improve endpoint security measures.– Managing application whitelisting and FIM on enterprise endpoint systems and periodically improving rules on our endpoint platforms. (SolidCore)– Performing vulnerability assessments (e.g., Nexpose, Kenna) on enterprise endpoints to identify critical vulnerabilities and escalating those vulnerabilities to platform teams for remediation.– Performing configuration checks for endpoints to ensure configuration gaps within endpoints are remediated and escalation of endpoints that are not properly reporting to our tool (Tripwire).– Collaborate with IT and security teams to address security risks & recommendations to enhance overall security posture.

Technology Associate, Cybersecurity is a 2-year rotation in 3 different cybersecurity domains in CTC. Currently on my 2nd rotation with the Cyber Governance, Risk & Compliance team. Rotation-2: Cyber GRC– Conduct risk assessments to identify and evaluate security risks, vulnerabilities, and threats for multiple initiatives such as infrastructure/network, financial/supply chain applications, PCI compliance and cloud migrations (Azure). – Conducting Risk Assessments for critical CTC assets in coordination with external risk stakeholders.– Collaborate with stakeholders to develop risk mitigation/acceptance strategies and action plans.– Creating risk acceptance and risk mitigation requests for risk assessments done within CTC.– Acting as the subject matter expert (SME) for CTC's GRC tool (ServiceNow) and assisting risk assessors to get accustomed to our ServiceNow work processes.– Performing process improvement tasks and quality assurance with CTC's GRC tool (ServiceNow).– Performing vulnerability assessments for ongoing projects to find out critical vulnerabilities that need to be remediated. (e.g., Nexpose, Kenna)– Coordinated with the PMs and platform teams within the enterprise to tackle the vulnerabilities and ensure projects’ security requirements.– Performing compliance and configuration checks for project assets to confirm they properly following CTC standards before they go-live. (e.g., Tripwire, Exabeam, McAfee/Trellix ePO)

Technology Associate, Cybersecurity is a 2-year rotation in 3 different cybersecurity domains within the CTC. Completed my first rotation with the Threat Intelligence and Vulnerability Management team. Rotation-1: Threat Intel and Vulnerability Management– Gathered and evaluated up-to-date security information from OSINT and cybersecurity communities, including RH-ISAC, FS-ISAC, CCCS, and CCTX. – Coordinating with MSSP and incident response teams in the analysis of critical incidents and blocking of IOC related to incidents. (e.g., Anomali ThreatStream, PaloAlto Minemeld, McAfee ePO)– Conducting in-depth analysis and producing threat intelligence brief & reports regarding security breaches, zero-day vulnerabilities, and malware to stakeholders enhancing threat informed defense within the enterprise. – Conduct threat hunting related to gathered threat intelligence and potential threats within the organization. (e.g., Azure Sentinel, Exabeam) – Perform threat risk assessments to identify and quantify potential security risks and assist in risk mitigation efforts.– Collaborate with Cyber Culture team regarding new phishing tactics & techniques performed by adversaries and take part in phishing campaigns.– Manage and prioritize vulnerabilities using vulnerability assessment tools (e.g., Nexpose, Kenna).– Engage in vulnerability management activities including vulnerability assessments and contact with platform teams/owners whenever necessary.– Conducting enterprise-wide penetration testing with external stakeholders and escalate exploitable findings if any to platform teams/owners.

• As a Technical Systems Analyst at CIBC Infrastructure lab Technology operations, my responsibilities are as follows:– Manage and maintain the company's Testing IT infrastructure, including servers, workstations, and network devices.– Overall administration of lab test user accounts, permissions, and group policies in Active Directory.– Configure and manage virtualization environments using VMware. (e.g. VMware vSphere)– Provide technical support to end-users, troubleshoot hardware and software issues, and resolve technical problems promptly.– Implement and maintain security measures, like antivirus management and application whitelisting (Bit9 CarbonBlack) on testing infrastructure.– Install, configure, and update software applications and operating systems through SCCM/Endpoint Configuration Manager.– Create and maintain documentation for IT processes, procedures, and troubleshooting guides.

• As part of the IT Network & Support team my responsibilities were as follows:– 24/7 Monitoring and maintenance of network infrastructure to ensure optimal performance and support related to network-emergencies.– Configure, deploy, and maintain network devices, including routers, switches & Firewalls. (e.g., Cisco, Fortinet)– Identify and resolve network issues, minimizing downtime and ensuring seamless operations.– Implement and manage network monitoring tools such as Nagios, SolarWinds, or PRTG for real-time performance analysis.– Collaborate with cross-functional teams to implement network enhancements and upgrades.– Provide tier 2 and tier 3 technical support to end-users, addressing hardware and software issues promptly.– Overall management of user accounts, permissions, and group policies in Active Directory.– Conduct regular system updates and patch management on enterprise endpoints through SCCM/Endpoint Configuration Manager.– Implement and maintain security measures on enterprise endpoints, including firewall configuration and antivirus management.– Assist in the management of the company's IT inventory and asset tracking. Create and maintain documentation for IT processes and procedures.

• As part of the IT team my responsibilities were as follows:– Manage and maintain the company's IT infrastructure, including servers, workstations, and network devices.– 24/7 Monitoring of network system performance and take proactive measures to optimize and ensure reliability.– Provide tier 1 and tier 2 technical support to end-users, addressing hardware and software issues.– Diagnose and troubleshoot IT problems, ensuring minimal downtime and optimal system performance.– Install, configure, and update software applications and operating systems.– Collaborate with cross-functional teams to resolve complex technical issues.– Overall administration of user accounts, permissions, and password resets on Active Directory.– Educate end-users on IT best practices and security awareness.– Assist in the management of the company's IT inventory and asset tracking.– Create and maintain documentation for IT processes, procedures, and troubleshooting guides.

• As part of the network monitor & control (NMC) team my responsibilities were as follows:– 24/7 Monitoring of network performance and security to proactively identify and resolve issues, ensuring 99.99% uptime.– Collaborate with cross-functional teams to troubleshoot and resolve network incidents, minimizing service disruptions.– Configure, deploy, and maintain network devices, including routers, switches. (e.g., Cisco, Juniper)– Implement and manage network monitoring tools such as Nagios, SolarWinds, or PRTG for real-time performance analysis.– Conduct routine network maintenance and software updates to keep the infrastructure secure and up to date.– Perform regular backups and implement disaster recovery plans to safeguard critical network data.– Create and update network documentation, diagrams, and Standard Operating Procedures (SOPs).– Provide customer support to resolve customer technical issues and ensuring proper followups to ensure the service is running properly.– Collaborate with vendors and service providers to optimize network connectivity and reduce costs.