This job has closed.

Aretum · 3 days ago

Lead Cybersecurity Assessor/Technical Lead - Contingent

Washington, DC

Full-time

Hybrid

Senior Level, Lead/Staff

7+ years exp

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to customers across defense, civilian, and homeland security sectors. The Lead Cybersecurity Assessor / Technical Lead is responsible for leading independent cybersecurity assessments and audits of government information systems, focusing on validating the effectiveness of security controls and identifying vulnerabilities.

ConsultingInformation Technology

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Lead end-to-end delivery of cybersecurity assessments/audits of government systems, including assessment planning, evidence collection, technical testing, analysis, and reporting

Develop and execute Security Assessment Plans (SAP) and ensure assessment procedures align to required control assessment methodologies

Conduct and oversee technical testing activities (e.g., vulnerability scanning, penetration testing, configuration validation, and other security examinations) and translate results into clear, actionable findings

Evaluate the effectiveness of security controls (including inherited/common controls where applicable) and document whether controls meet intent and requirements

Produce high-quality deliverables (e.g., Security Assessment Reports/SARs, risk narratives, remediation recommendations) and support POA&M development and closure evidence

Provide technical leadership to assessors (tasking, mentorship, peer review, quality assurance, and consistency of methodology across engagements)

Partner with project leadership to manage scope, schedules, dependencies, and risks; communicate project status and constraints to stakeholders

Brief technical and non-technical stakeholders on risk, severity and prioritized remediations, and advise on practical mitigation strategies

Maintain professionalism and independence expected of assessment personnel and ensure assessments are defensible and audit-ready

Qualification

Cybersecurity assessmentsRisk management practicesTechnical writingVulnerability scanningPenetration testingSecurity documentationProject managementTeam leadershipCommunication skillsCollaborationMentorship

Required

Public Trust Eligibility Required

Minimum 7 years of experience conducting cybersecurity assessments, audits, or control assessments in government or regulated environments

Demonstrated experience across project management, network design concepts, and testing the security of government systems to identify vulnerabilities

Strong working knowledge of federal control assessment and risk management practices

Ability to develop/execute assessment of test plans and document results with clear pass/fail rationale and remediation guidance

Strong technical writing skills and experience producing assessment deliverables for audit/ATO packages and compliance reviews

Experience supporting A&A / authorization activities and maintaining audit-ready security documentation (e.g., SSP/SAP/SAR/POA&M)

Familiarity with common federal assessment artifacts and roles, including coordinating with system owners and stakeholders to execute assessments and record results

Experience leading teams delivering multiple concurrent assessments in enterprise environments (on-prem, cloud, hybrid)