We provide IT Staff Augmentation Services!

Snr Cyber Security Engineer & Sa&a Sme Resume

PROFESSIONAL EXPERIENCE

Snr Cyber Security Engineer & SA&A SME

Confidential

Responsibilities:

  • Support the cloud services Project Manager (PM) in all cyber security related tasks
  • Review configuration change request for cyber security relevance and FISMA compliance
  • Review and monitor/maintain cyber specific administrative cloud services’ interface configurations
  • Support data calls via collection, review, and submission as required by higher headquarters’ staff
  • Support system owner and ISSO as necessary to maintain FISMA compliance
  • Handles and investigates incidents in cooperation with and under the direction of the system ISSO, Staff and Line Office ITSO, and the Computer Incident Response Team (CIRT)
  • Support System Owner in planning/ development and execution of contingency planning, training, and annual exercises; document annual Contingency Plan training/test/exercise for the customer
  • Review security logs and generate appropriate security metrics for reporting to System Owner (SO), Authorizing Official (AO)
  • Develop, remediate and manage POA&Ms
  • Review security documents at least quarterly to ensure updates are made in a timely manner
  • Assist the SO in the planning and coordination of the annual reauthorization of the system
  • Plan for the annual review of security documentation with the AO, SO, cloud services PM, and system ISSO
  • Participate in various cyber security audits, risk analysis, vulnerability testing and ad hoc reviews
  • Represent the company in meetings with key stakeholders and customers
  • Align project deliverables with stakeholder organizational goals
  • Independently provides analysis, evaluation, and recommendations designed to promote economy, efficiency, and effectiveness in the cyber security program
  • Reviews and evaluates programs and operations to determine adherence to policies and procedures
  • Keeps management fully informed concerning cyber security issues
  • Serves as primary liaison with management in all cyber security matters
  • Evaluates security policy and provide recommendations to managers
  • Leads independent and objective evaluations and audits of the security policy implementation
  • Identifies and quantifies cyber security risks
  • Evaluates, develops, recommends and implements cost effective safeguards/ protective measures
  • Performs continuous self - assessment to ascertains compliance with the various cyber security policies
  • Lead the development and interpretation of cyber security policies and procedures
  • Contribute to the development of enterprise-wide cyber security strategy
  • Evaluate and recommend new and emerging cyber security products and technologies
  • Translate security and technical requirements into business requirements
  • Contribute to the technical direction on all areas of the security architecture
  • Work with development teams to identify functional requirements that drive security
  • Develop strategies and architectures that support advanced cyber security topics such as Vulnerability Lifecycle, Management, Identity Management, Intrusion Detection, Authentication, Authorization and Auditing, etc.
  • Influence the selection of security related hardware and software product standards and the design of standard configurations; accountable for security centric, architectural road maps and principles
  • Document all work appropriately in coordination with customer requirements and contractual deliverables
  • Draft weekly/monthly status reports

Confidential

Senior Cyber Security Engineer

Responsibilities:

  • Lead/Manage SA&A program.
  • Lead/Manage the preparation of the Government Accountability Office (GAO) audit.
  • Lead/Manage the preparation of the Office of Inspector General (OIG) audit
  • Manage the closure of POAMs in preparation of Audits.
  • Lead technical interviews for Senior cybersecurity candidates
  • Manage the ATO process of COTS/GOTS applications/systems.
  • Prioritize, Implement, Sustain, and align the 20 Critical Security Controls across the Cyber Security Framework in order to mature the Cyber Security programs.
  • Perform oversight and manage the remediation of architecture design gaps of the Vulnerability Management Program to meet FISMA and FedRAMP compliance.
  • Support various Federal clientele as a Snr. SME for cybersecurity engineering and security assessment & authorization (SA&A).
  • Maintain responsibility for supporting federal clients obtaining the Authority to Operate (ATO) for new and modernized systems.
  • Adhere to the NIST Risk Management Framework (RMF) to support the SA&A process, including analyzing the development of supporting policies, procedures, and plans, designing and implementing security controls, testing and validating security controls, and assessing and tracking corrective action plans.
  • Ensure all supporting artifacts and results will be documented in the NIH System Assessment Tool (NSAT).
  • Lead/Manage technical security engineering SA&A support and implementation.
  • Government risk and compliance tool (GRC Tool) Analysis.
  • Integrating IT security architecture frameworks (DODAF, TOGAF, and Zachman).
  • Lead/develop/implement FISMA security control reports.
  • Lead/develop/implement Non-FedRAMP and FedRAMP CRM/CIS (MAX.GOV)
  • Identify security risks - Security Impact Analysis (NIST 800-128).
  • Assess the Cybersecurity risk of IT data, applications and systems documenting them in formal risk assessments and supporting artifacts associated with the Security Assessment and Authorization (SA&A) process, including System Security Plans.
  • Safeguard security risks identified within Containerization/Kubernetes application architecture.
  • Organize, develop, and present security briefings, written summaries, and written reports incorporating narrative, tabular and/or graphic elements on SA&A activities.
  • Manage the development of IT security solutions and assure successful implementation.
  • Providing analysis of how the client currently employs and embeds Cybersecurity into its tools, design and development methodologies, and Application Programming Interface (API)/service driven architecture.
  • Lead and manage IT security engineering support to cross-functional project teams to ensure that the clients' security policies, processes, procedures, and controls are adhered to, planned for, implemented throughout the project lifecycle
  • Establish standard operating procedures for embedding Cybersecurity driven processes into the agile Software Development Life Cycle (SDLC).
  • Analyze and recommend an integrated system security engineering processes.
  • Lead/Manage secure baseline configurations of application and systems.
  • Lead and Manage risk management framework support.
  • Applying experience in NIST FIPS and SP 800 series to relevant documentations.
  • Lead the assessment of current SA&A processes to address both FISMA and FedRAMP control requirements and make recommendations for integration into the existing SA&A process.
  • Providing ongoing guidance regarding security impacts to design and architecture changes.
  • Consult directly with the clients' project teams to provide security engineering expertise and observations and recommendations where appropriate.
  • Provide support for multiple projects requiring ATO approval.
  • Lead security control Consultation/Assessment working groups.
  • Developed and Built Security Control Implementation and Inheritability Matrix tool (SCIM).

Hire Now