Apply on Employer Site

Aretum · 1 day ago

Security Architect / Infrastructure Security Specialist - Contingent

Washington, DC

Full-time

Hybrid

Senior Level

5+ years exp

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to customers across defense, civilian, and homeland security sectors. The Security Architect / Infrastructure Security Specialist assesses enterprise IT environments and designs security architecture improvements for government systems, partnering with various teams to identify vulnerabilities and implement security controls.

ConsultingInformation Technology

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Assess enterprise IT environments (on-prem, cloud, and hybrid) to identify security risks, architectural weaknesses, misconfigurations, and opportunities to improve defense-in-depth

Design and document security architectures and reference patterns (network segmentation, secure remote access, privileged access, boundary protections, logging/monitoring, and secure configuration baselines)

Work with network/infrastructure teams on secure network design and validation, including connectivity flows, trust boundaries, and segmentation approaches aligned to modern federal security architecture practices (e.g., zero trust concepts)

Lead or support security testing activities for government systems (vulnerability scanning coordination, configuration assessments, and validation testing) and translate results into clear remediation actions

Provide technical leadership and project management support for security improvement initiatives (planning, task tracking, coordinating dependencies, and delivery of architecture artifacts)

Ensure security designs and infrastructure changes align with applicable control requirements and are documented in an audit-ready manner consistent with federal control frameworks

Create and maintain architecture diagrams, security design documentation, implementation guidance, and standards for operational teams

Brief technical and non-technical stakeholders on architecture risk, tradeoffs, and prioritized remediation recommendations

Qualification

Security architecture designVulnerability managementZero trust securityNIST complianceProject managementTechnical writingNetwork designSecurity testingSystems security engineeringCommunication skills

Required

Public Trust Eligibility Required

Minimum 5 years of experience assessing enterprise IT environments (infrastructure, networks, platforms, and/or security engineering in complex environments)

Demonstrated experience in project management, network design, and testing the security of government systems to identify vulnerabilities

Working knowledge of security controls and how they map to enterprise implementations (identity, access control, configuration management, logging/monitoring, boundary protections, etc.)

Hands-on familiarity with vulnerability management practices and assessment techniques used to identify deviations and weaknesses in systems/networks

Strong technical writing skills and ability to produce clear architecture/security documentation and implementation guidance

Experience implementing or maturing zero trust-aligned security architecture (identity-centric controls, segmentation, continuous verification)

Experience applying systems security engineering concepts to ensure security is designed into systems across the lifecycle (not bolted on)

Experience in federal environments using NIST-aligned security/privacy control catalogs and baselines