SME Information Security Analyst - 1099

Aretum is seeking a skilled and motivated SME Information Security Analyst. As a SME Information Security Analyst, you will be responsible for leading and executing the end-to-end security control assessment process for our client's information systems.

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.

Responsibilities

• Leading and executing the end-to-end security control assessment process for federal information systems, aligned with NIST SP 800-53 Revision 5 and the Risk Management Framework (RMF)
• Development of Security Assessment Plans (SAPs)
• Conducting technical control evaluations and interviews
• Analyzing system artifacts
• Producing Security Assessment Reports (SARs)
• Presenting findings to stakeholders
• Daily coordination of assessor activities
• Alignment with CSAM or equivalent tools
• Validation of compliance documentation including POA&Ms and RMF lifecycle artifacts such as the BIA, Contingency Plan, Configuration Management Plan, and Privacy Threshold Analysis

• Minimum of 5 years of experience in federal cybersecurity
• At least 3 years conducting or leading RMF-based assessment and authorization (A&A) activities
• In-depth knowledge of NIST SP 800-53 Rev. 5, FISMA, and FedRAMP Moderate baselines
• Demonstrated experience preparing and reviewing RMF documentation (e.g., SAP, SAR, SSP, POA&M, BIA, Contingency Plan)
• Hands-on proficiency with A&A platforms, preferably CSAM
• Strong organizational, analytical, and communication skills, with the ability to interface with both technical staff and senior management
• Proven ability to manage concurrent assessments and track progress through audit-readiness completion

Preferred Qualifications

• Active CISSP, CISM, or equivalent professional security certifications (CISSP preferred)
• Experience supporting agency-specific assessment frameworks or tailoring FedRAMP packages
• Familiarity with hybrid and cloud-native federal environments, and implementation of continuous monitoring strategies
• Ability to assess emerging federal directives (e.g., OMB memos, Emergency Directives) and translate them into actionable security guidance

• Location: Hybrid
• Work Hours: Flexible, determined by contractor (within client requirements)
• Equipment: Contractor provides own equipment unless otherwise specified by client requirements
• Travel Requirement: Travel to client sites as required

Contractor Acknowledgment

This engagement is structured under a 1099 independent contractor agreement. Contractors:

• Maintain full responsibility for paying federal, state, and local taxes
• Are not eligible for Aretum employee benefits
• Retain control over how services are performed, consistent with contract terms
• Must comply with all applicable federal contracting requirements, including safeguarding Controlled Unclassified Information (CUI), if applicable

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.