ARETUM

Cybersecurity Specialist

ARETUM

full-time

Posted on:

Location: District of Columbia, Washington • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

Mid-LevelSenior

Tech Stack

Cloud

About the role

  • Lead authorship of the System Security Plan (SSP) from first draft to approval, written in clear, testable language that supports an ATO decision
  • Perform security categorization under FIPS 199 and derive baseline requirements from FIPS 200 and NIST SP 800-53 Rev 5 with appropriate tailoring
  • Build a complete and coherent authorization package that explains the system boundary, users, data types and flows, risks, and how controls are met
  • Translate technical inputs into specific control narratives that can be verified by assessors and traced to actual configurations
  • Collect, verify, and index evidence for every control, linking statements to diagrams, configurations, tickets, and scan results
  • Record, organize, and quality-check all artifacts in CSAM with consistent naming, metadata, and cross-references ready for audit
  • Keep documentation current as the system changes by capturing deltas promptly and updating only the affected sections
  • Plan and run readiness reviews before assessments, close gaps, and prepare concise responses to findings
  • Manage POA&M items through closure with clear actions, owners, and target dates
  • Create and maintain templates and checklists that reduce review time and improve consistency across systems
  • Coordinate with the ISSO, assessors, the Authorizing Official, engineers, and vendors to keep schedules and deliverables on track
  • When cloud services are used, align with applicable FedRAMP baselines and document inherited controls clearly
  • Communicate risks and decisions in straightforward terms so leadership can approve with confidence and reviewers can verify quickly
  • Support proposal efforts as needed, including resume formatting, skills alignment summaries, participation in meetings, and contributing subject matter expertise
  • Handle Controlled Unclassified Information (CUI) and adhere to applicable safeguarding and compliance requirements

Requirements

  • 3 years of experience supporting federal government compliance
  • Demonstrated experience producing federal FISMA RMF authorization documentation that resulted in an ATO or successful assessments
  • Strong track record authoring SSP and POA&M with precise control statements and accurate mapping to evidence
  • Working knowledge of NIST SP 800-37, NIST SP 800-53 Rev 5, NIST SP 800-53A, NIST SP 800-18, NIST SP 800-30, FIPS 199, and FIPS 200
  • Ability to elicit engineering details and turn them into assessor-ready narratives with clear boundaries and data flows
  • Hands-on experience managing authorization packages in CSAM with disciplined organization and traceability
  • Familiarity with common assessment evidence and scanner outputs and how they map to NIST 800-53 controls and POA&M entries
  • Clear, concise writing, strong attention to detail, version control discipline, and the ability to drive edits and approvals across teams
  • Willing to commute to Washington, D.C. 4 days a week
  • Eligible to obtain a Public Trust
  • Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis (no sponsorship)