ARETUM

SME Information Security Analyst

ARETUM

contract

Posted on:

Location Type: Hybrid

Location: ArlingtonVirginiaUnited States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF)
  • Development of Security Assessment Plans (SAPs)
  • Conducting technical control evaluations and interviews
  • Analyzing system artifacts
  • Producing Security Assessment Reports (SARs)
  • Presenting findings to stakeholders
  • Daily coordination of assessor activities
  • Alignment with CSAM or equivalent tools
  • Validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis

Requirements

  • Minimum of 5 years of experience in federal cybersecurity
  • At least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities
  • In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines
  • Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan)
  • Hands-on proficiency with A&A platforms, preferably CSAM
  • Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management
  • Proven ability to manage concurrent assessments and track progress through audit-readiness completion.
Benefits
  • This is an independent contractor engagement. It does not establish an employer-employee relationship with Aretum. Contractors are not eligible for employee benefits and are responsible for all associated tax obligations.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security control assessmentNIST SP 800-53 Revision 5Risk Management Framework (RMF)Security Assessment Plans (SAPs)technical control evaluationsSecurity Assessment Reports (SARs)compliance documentationA&A activitiesFISMAFedRAMP Moderate baselines
Soft Skills
organizational skillsanalytical skillscommunication skillsstakeholder engagementmanagement of concurrent assessments