Key skills
Cyber SecuritySAPRisk ManagementCommunication
About this role
Role Overview
- Leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF)
- Development of Security Assessment Plans (SAPs)
- Conducting technical control evaluations and interviews
- Analyzing system artifacts
- Producing Security Assessment Reports (SARs)
- Presenting findings to stakeholders
- Daily coordination of assessor activities
- Alignment with CSAM or equivalent tools
- Validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis
Requirements
- Minimum of 5 years of experience in federal cybersecurity
- At least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities
- In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines
- Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan)
- Hands-on proficiency with A&A platforms, preferably CSAM
- Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management
- Proven ability to manage concurrent assessments and track progress through audit-readiness completion.
Tech Stack
- Cyber Security
Benefits
- This is an independent contractor engagement. It does not establish an employer-employee relationship with Aretum. Contractors are not eligible for employee benefits and are responsible for all associated tax obligations.