Lead Cybersecurity Assessor, Technical Lead
ARETUM
full-time
Posted on:
Location Type: Hybrid
Location: Washington • District of Columbia • Washington • United States
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Lead end-to-end delivery of cybersecurity assessments/audits of government systems, including assessment planning, evidence collection, technical testing, analysis, and reporting
- Develop and execute Security Assessment Plans (SAP) and ensure assessment procedures align to required control assessment methodologies
- Conduct and oversee technical testing activities (e.g., vulnerability scanning, penetration testing, configuration validation, and other security examinations) and translate results into clear, actionable findings
- Evaluate the effectiveness of security controls (including inherited/common controls where applicable) and document whether controls meet intent and requirements
- Produce high-quality deliverables (e.g., Security Assessment Reports/SARs, risk narratives, remediation recommendations) and support POA&M development and closure evidence
- Provide technical leadership to assessors (tasking, mentorship, peer review, quality assurance, and consistency of methodology across engagements)
- Partner with project leadership to manage scope, schedules, dependencies, and risks; communicate project status and constraints to stakeholders
- Brief technical and non-technical stakeholders on risk, severity and prioritized remediations, and advise on practical mitigation strategies
- Maintain professionalism and independence expected of assessment personnel and ensure assessments are defensible and audit-ready
Requirements
- Minimum 7 years of experience conducting cybersecurity assessments, audits, or control assessments in government or regulated environments
- Demonstrated experience across project management, network design concepts, and testing the security of government systems to identify vulnerabilities
- Strong working knowledge of federal control assessment and risk management practices
- Ability to develop/execute assessment of test plans and document results with clear pass/fail rationale and remediation guidance
- Strong technical writing skills and experience producing assessment deliverables for audit/ATO packages and compliance reviews
- Experience supporting A&A / authorization activities and maintaining audit-ready security documentation (e.g., SSP/SAP/SAR/POA&M)
- Familiarity with common federal assessment artifacts and roles, including coordinating with system owners and stakeholders to execute assessments and record results
- Experience leading teams delivering multiple concurrent assessments in enterprise environments (on-prem, cloud, hybrid)
Benefits
- Health Care Plan (Medical, Dental & Vision)
- Retirement Plan (401k)
- Life Insurance (Basic, Voluntary & AD&D)
- Paid Time Off
- Family Leave (Maternity, Paternity)
- Short Term & Long-Term Disability
- Training & Development
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurity assessmentsauditsvulnerability scanningpenetration testingconfiguration validationrisk managementtechnical writingsecurity documentationassessment planningcontrol assessment methodologies
Soft skills
technical leadershipmentorshipproject managementcommunicationstakeholder engagementquality assuranceindependenceprofessionalismteam leadershipproblem-solving