We provide IT Staff Augmentation Services!

Subject Matter Expert Resume

EXPERIENCE:

Confidential

Subject Matter Expert

Responsibilities:

  • Advised upper levels of management to the VA for Confidential as a service
  • Translate and interpret functional requirements into applications and programs needs for design and implementation
  • Prepared and delivered briefs, policy, SOPs to all level of management and VA staff
  • Conduct monthly PKI/PIV related meetings for the VA Enterprise reported numbers up to OMB
  • Liaison for VA PKI/PIV SME to NIST
  • Producing a Derived Credential (DC) pilot to lead all federal organizations in a DC solution
  • Consulting and providing direction to the VA executive staff on an overall Identity Management Infrastructure and Confidential related tasks
  • Consult with executive staff gathering PKI/PIV related requirements and helping to communicate and disseminate the needs via policy and procedures throughout the VA enterprise

CBP Manager

Confidential

Responsibilities:

  • Managed Confidential as a Service for entire CBP organization, main liaison to DHS PKI
  • Managed all aspects for PKI, Network Engineering and Security Engineering Branches
  • Work with all levels of management to coordinate the Division goals for engineering and security to establish a CBP - wide Confidential infrastructure
  • Develop policies, procedures, and strategies governing the planning and delivery of services related to engineering, PKI, and cyber security
  • Managed multiple PM’s, engineers, contracts, government personnel
  • Provide technical guidance in designing, testing, debugging and maintaining applications and programs from a security perspective
  • Translate and interpret functional requirements into applications and programs needs for design and implementation
  • Test, install, implement, document and maintain the DMZ environment for CBP
  • Experience coordinating the implementation of IT security programs across different platforms - as well as the coordination with varying stakeholders from different Programs, Divisions, Branches and Teams
  • Establish IT vulnerability reporting criteria
  • Assess the cybersecurity impact of changes to assigned IT systems
  • Evaluative and Restructure IT security incident response policies
  • Identify the need for IT security changes based on modern technologies or the latest threats and propose new systems/networks/software for potential IT security risks
  • Institute measures to ensure IT security awareness/compliance from the; network, component, hardware and software perspectives
  • Serve as the subject matter expert for conducting and overseeing enterprise risk assessments based on threats and vulnerabilities within architecture and engineering design and because of, and in defense of, cyber incidents
  • Ensure implementation of system-level security controls and to maintain system documentation by using the 6-step cyclical RMF process as outlined in all relevant FIPS (199) and NIST (SP 800-37 ) documents for SSP controls and PIA
  • Using a self-assessment tool, and performance evaluation tool, to evaluate the level of compliance with ISSO duties as established by the DOC IT Security Program Policy and Minimum Implementation Standards (ITSPP)
  • Make System Owners, engineers and others aware of comprehensive IT security policies that are mandated, and produce detailed documentation to establish procedures are in place to adhere to Security Policies
  • Advise the system owner regarding security considerations in applications systems procurement or development, implementation, operation and maintenance, and disposal activities (i.e. life cycle management)
  • Conduct annual self-assessments and the development of POA&Ms and the remediation of them
  • Perform continuous monitoring of security controls to ensure that they continue to be implemented correctly for assigned IT systems
  • Advise system owners on all matters, technical and otherwise, involving the security of assigned IT systems
  • Assist in the determination of an appropriate level of security commensurate with impact levels
  • Assist in the development and maintenance of system security plans and contingency plans for systems within my responsibility
  • Participate in risk assessments (RA) to periodically re-evaluate sensitivity of system, risks, and mitigation strategies with ISSO framework steps
  • Conduct self-assessments of security controls, identify weaknesses and track remediation activities in Plan of Action and Milestones (POA&M) as well as A&A (Assessment and Authorization) activities on assigned IT systems using technical scans and tools (Nessus, airsnort, splunk, Agency ‘gold-disks’)

Hire Now