Security Compliance & Documentation Analyst

Active Top Secret Required

About Aretum

Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.

Job Summary

The Mid-Level Security Compliance & Documentation Analyst serves as an ISSO-aligned cybersecurity professional responsible for leading RMF, authorization, and compliance activities for complex, classified C5ISR and IIR mission systems. This role owns RMF package integrity, documentation quality, and authorization readiness while serving as a senior advisor to government stakeholders. Technical exposure may include select security tools or monitoring capabilities depending on the individual’s background, but the primary focus is governance, compliance, and documentation leadership.

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. 

Responsibilities

RMF Leadership & Authorization

• Support and maintain development, maintenance, and oversight of RMF packages for classified C5ISR and IIR systems
• Coordinate with Government System Owners, ISSOs, ISSEs, and Authorizing Officials to collect evidence, validate control implementation and maintain package accuracy.
• Execute RMF support activities for ATO/IATT and continuous monitoring across multiple systems/enclaves, including documentation updates driven by engineering and operational changes.
• Document and track POA&M items, support risk-based prioritization, and provide remediation status reporting through closure.

• Validate documentation alignment with system architecture, interconnections, control inheritance, and mission dependencies.

Compliance & Governance

• Ensure systems comply with Department of War/DoD, and federal cybersecurity requirements
• Support internal and external audits, inspections, and cybersecurity assessments
• Monitor changes to cybersecurity policy and support implementation across supported systems
• Provide compliance status, risk analysis, and authorization reporting to government leadership

Documentation & SOP Development

• Author, maintain, and approve cybersecurity SOPs, plans, and technical documentation
• Standardized documentation practices across supported systems and teams
• Ensure documentation supports audits, inspections, and operational continuity

Mission & Network Risk Support

• Support cybersecurity risk management for C5ISR and IIR systems
• Assess security impacts across enterprise, tactical, and mission networks
• Support interconnected and cross-domain system authorization efforts

Requirements

• Master’s Degree + 5 years of relevant experience or Bachelor’s Degree + 8 years of relevant experience
• 3–6 years of experience in information assurance, cybersecurity, or compliance-focused roles
• IAT Level III Certification: Must possess one of the following: CASP+ CE, CCNP Security+, CISA, CISSP, GCED, GCIH, or CCSP
• Active Top Secret Clearance
• Demonstrated experience maintaining and leading RMF packages in classified or regulated environments
• Strong knowledge of NIST 800-series publications and DoD cybersecurity requirements
• Proven experience developing SOPs, policies, and compliance documentation
• Ability to communicate effectively with both technical and non-technical stakeholders
• Demonstrated willingness to learn new tools/techniques and support cross-functional cybersecurity activities as mission needs evolve

Preferred Requirements

• Extensive knowledge of AWS Security
• Experience supporting Department of War, DoD, or intelligence community mission systems
• Familiarity with Zero Trust concepts and assessment efforts
• Advanced certifications such as CAP, CISM, or CISSP
• Experience with cross-domain solutions and interconnected system authorization

Travel Requirements

This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions. Travel is expected to be less than 10% and will be communicated in advance whenever possible. 

EEO Statement

Aretum is committed to fostering a workplace rooted in excellence, integrity, and equal opportunity for all. We adhere to merit-based hiring practices, ensuring that all employment decisions are made based on qualifications, skills, and ability to perform the job, without preference or consideration of factors unrelated to job performance. 

As an Equal Opportunity Employer, Aretum complies with all applicable federal, state, and local employment laws. 

We are proud to support our nation’s veterans and military families, providing career opportunities that honor their service and experience. 

If you require reasonable accommodation during the hiring process due to a disability, please contact [email protected] for assistance. 

Equal Opportunity Employer/Veterans/Disabled 

U.S. Work Authorization

Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time basis. This position supports a federal government contract and therefore requires an active Top Secret clearance or the ability to obtain one. 

Benefits

Health Care Plan (Medical, Dental & Vision)  

Retirement Plan (401k) 

Life Insurance (Basic, Voluntary & AD&D)  

Paid Time Off 

Family Leave (Maternity, Paternity)  

Short Term & Long-Term Disability  

Training & Development