Information Security Engineer
TRILLISYS
Chicago, IL
09.2024 - 12.2024
- Conducted vulnerability scans on systems and network devices to ensure compliance with IAVA/B, CTOs, TASKORDS, and other security mandates.
- Managed account and data access controls, ensuring proper clearances, accountability, and compliance with security policies, including SIPRNet account management and user validation.
- Monitored and maintained Cyber Awareness and Cybersecurity Workforce training certificates for all users.
- Ensured compliance with physical security standards for Restricted Access Areas (RAA), Controlled Access Areas (CAA), and Open Storage Secret spaces.
- Completed annual Physical Security STIG assessments for all ONE-NET computers under JRM’s purview.
- Developed and implemented Configuration Management (CM) control policies, ensuring the security posture remains uncompromised with software and hardware changes.
- Managed system security documentation, updated e MASS records, and ensured compliance with security standards.
- Conducted system security evaluations, audits, and risk assessments, overseeing the Command IAVM and CTO programs.
- Inspected and certified classified physical spaces to meet DoD-mandated security classification requirements.
- Developed and maintained IT security policies, provided Public Key Infrastructure (PKI) and Common Access Card (CAC) support, and ensured adherence to DoD, DON, DISA, and other agency security policies.
- Provided INFOSEC training management, VRAM management, ACAS scanning support, and HBSS security management.
- Created, modified, and maintained Assessment and Authorization (A&A) packages via e MASS.
- Supported Information Systems Security Manager (ISSM) and Information Systems Security Officer (ISSO) in security compliance, risk mitigation, and RMF Steps 1-4 assessments, and implementation.
- Conducted risk analysis and security assessments, implementing risk-based decisions to certify security controls and countermeasures throughout the IT engineering lifecycle.
