Aretum

Compensation

Full Description

Public Trust Eligibility Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront. Job Summary Aretum is seeking a skilled and motivated SME Information Security Analyst. As a SME Information Security Analyst, you will be responsible for leading and executing the end-to-end security control assessment process for our client's information systems. Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. Responsibilities Leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF) Development of Security Assessment Plans (SAPs) Conducting technical control evaluations and interviews Analyzing system artifacts Producing Security Assessment Reports (SARs) Presenting findings to stakeholders Daily coordination of assessor activities Alignment with CSAM or equivalent tools Validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis Minimum of 5 years of experience in federal cybersecurity At least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan) Hands-on proficiency with A&A platforms, preferably CSAM Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management Proven ability to manage concurrent assessments and track progress through audit-readiness completion Preferred Qualifications Active CISSP, CISM, or equivalent professional security certifications (CISSP preferred) Experience supporting agency-specific assessment frameworks or tailoring FedRAMP packages Familiarity with hybrid and cloud-native federal environments, and implementation of continuous monitoring strategies Ability to assess emerging federal directives (e.g., OMB memos, Emergency Directives) and translate them into actionable security guidance Work Structure Engagement Type: Independent Contractor (1099) Duration: 6 months with the possibility of extension Location: Hybrid Work Hours: Flexible, determined by contractor (within client requirements) Equipment: Contractor provides own equipment unless otherwise specified by client requirements Travel Requirement: Travel to client sites as required Contractor Acknowledgment This engagement is structured under a 1099 independent contractor agreement. Contractors: Maintain full responsibility for paying federal, state, and local taxes Are not eligible for Aretum employee benefits Retain control over how services are performed, consistent with contract terms Must comply with all applicable federal contracting requirements, including safeguarding Controlled Unclassified Information (CUI), if applicable U.S. citizenship may be required based on federal contract requirements. This is an independent contractor engagement. It does not establish an employer-employee relationship with Aretum. Contractors are not eligible for employee benefits and are responsible for all associated tax obligations.