This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description This role provides a critical opportunity to safeguard enterprise systems and data through advanced threat detection, incident response, and proactive security monitoring. The Senior Information Security Analyst will operate within a Security Operations Center (SOC), leveraging cloud, endpoint, and network expertise to identify, analyze, and mitigate cyber threats. This role blends investigative skills, automation, and threat intelligence to protect business assets, while mentoring junior analysts and contributing to SOC process improvements. The position offers a high-impact environment where strategic thinking, technical proficiency, and continuous learning are central to success. - Monitor and triage alerts from security platforms, including CrowdStrike Falcon and Microsoft Sentinel. - Lead investigations into endpoint, network, and cloud security incidents, including malware, privilege escalation, and data exfiltration. - Conduct proactive threat hunting, forensic analysis, and anomaly detection across enterprise systems and cloud environments. - Develop and refine SOC playbooks, runbooks, and automation to improve detection, response, and operational efficiency. - Serve as an escalation point for Tier 1 and Tier 2 analysts, mentoring junior team members and sharing threat intelligence. - Collaborate with internal stakeholders to strengthen cloud security posture, incident readiness, and response workflows. - Participate in red/blue team exercises and continuous SOC process and capability improvements. Qualifications - 4–7 years of experience in a SOC or cybersecurity analyst role. - Expert-level proficiency with CrowdStrike Falcon and Microsoft Defender. - Hands-on experience with SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic. - Deep knowledge of Windows, Linux, and macOS internals. - Practical experience in cloud incident investigations across Azure, AWS, and GCP. - Proficiency in scripting and automation (Python, PowerShell) and advanced log analysis. - Strong understanding of MITRE ATT&CK framework, malware behavior, and incident response methodology. - Excellent written and verbal communication skills, with the ability to influence and mentor teams. - Preferred certifications: CCFR, CCFA, GIAC (GCIA, GCIH), CySA+, or equivalent. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field (or equivalent experience). Benefits - Competitive salary reflective of experience and market standards. - Comprehensive healthcare coverage, including medical, dental, vision, and life insurance. - Retirement savings options, including 401(k) and employee stock purchase plan. - Paid time off, including vacation, holidays, and sick leave. - Flexible remote work arrangements across eligible U.S. states. - Opportunities for professional growth, certification support, and participation in industry events. - Collaborative and innovative work environment focused on advanced cybersecurity practices. Company Description

• Monitor, maintain, and respond to security alerts for our infrastructure • Identify potential, successful, and unsuccessful intrusion attempts • Participate in vulnerability assessment program • Configuration, maintenance, and troubleshooting for single sign on solutions, anti-virus, web filtering, and web application firewalls • Respond to security incidents, assist with troubleshooting, and provide on-call support as needed • Propose creative solutions to grow our business by delighting our clients • May perform other duties as assigned

Active Top Secret Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront. Job Summary The Mid-Level Security Compliance & Documentation Analyst serves as an ISSO-aligned cybersecurity professional responsible for leading RMF, authorization, and compliance activities for complex, classified C5ISR and IIR mission systems. This role owns RMF package integrity, documentation quality, and authorization readiness while serving as a senior advisor to government stakeholders. Technical exposure may include select security tools or monitoring capabilities depending on the individual’s background, but the primary focus is governance, compliance, and documentation leadership. Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.  Responsibilities RMF Leadership & Authorization - Support and maintain development, maintenance, and oversight of RMF packages for classified C5ISR and IIR systems - Coordinate with Government System Owners, ISSOs, ISSEs, and Authorizing Officials to collect evidence, validate control implementation and maintain package accuracy. - Execute RMF support activities for ATO/IATT and continuous monitoring across multiple systems/enclaves, including documentation updates driven by engineering and operational changes. - Document and track POA&M items, support risk-based prioritization, and provide remediation status reporting through closure. - Validate documentation alignment with system architecture, interconnections, control inheritance, and mission dependencies. Compliance & Governance - Ensure systems comply with Department of War/DoD, and federal cybersecurity requirements - Support internal and external audits, inspections, and cybersecurity assessments - Monitor changes to cybersecurity policy and support implementation across supported systems - Provide compliance status, risk analysis, and authorization reporting to government leadership Documentation & SOP Development - Author, maintain, and approve cybersecurity SOPs, plans, and technical documentation - Standardized documentation practices across supported systems and teams - Ensure documentation supports audits, inspections, and operational continuity Mission & Network Risk Support - Support cybersecurity risk management for C5ISR and IIR systems - Assess security impacts across enterprise, tactical, and mission networks - Support interconnected and cross-domain system authorization efforts

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description BARR is seeking a part-time contractor to join as the Lead CMMC Certified Assessor (CCA) for our growing CMMC service line. This role offers a unique opportunity to be involved from the outset of our journey towards becoming a C3PAO, with anticipated engagement work starting in 2026. Pending business needs, there's potential for this position to transition to full-time. - Lead and oversee dedicated Assessment Teams for CMMC Level 2 certification assessments on behalf of the C3PAO. - Act as the primary liaison with organizations seeking certification (OSCs), ensuring all assessment activities adhere to CMMC-AB and CAICO requirements. - Ensure assessment integrity and consistency by providing leadership, oversight, and quality assurance across multiple assessment engagements. - Verify adherence to CMMC methodology, guiding Assessment Teams in scoping, evidence collection, and scoring procedures. - Coordinate with CAICO and stakeholders to meet formal designation requirements, submit documentation, and maintain compliance with CMMC assessment protocols. - Utilize industry expertise to train CCAs and other CMMC team members. - Assist the CMMC leadership team in scoping validation, engagement pricing, and resource management. - Provide regular updates to the BARR CMMC Leadership team on engagement status. Qualifications - Lead CMMC Certified Assessor (LCCA) designation by the CyberAB. - United States citizenship required. - Ability to travel approximately 25-35%. - Active DoD Secret Clearance or ability to obtain one. - 8+ years of cybersecurity experience, including 5+ years in managerial roles and 3+ years in CMMC assessments. - Experience with large government contractors and effective communication with executive leadership. - Hold one (1) or more of the following active certifications: - CISM - CISSO - CPTE - CompTIA CySA+ - FITSP-A - GCSA - CISA - CISSP - CISSP-ISSEP - GSLC - GSNA Requirements - Manage assigned Assessment Teams, ensuring roles are defined, daily coordination is effective, and assessors comply with CMMC Assessment Process (CAP) and NIST SP 800-171A. - Oversee evidence collection and validation to ensure objectivity, consistency, and compliance. - Review and approve assessment findings, including preliminary and final scoring, and ensure accurate documentation submission. - Coordinate assessment schedules, logistics, interviews, site visits, and secure information handling. - Participate in post-assessment reviews and continuous improvement efforts, providing feedback to refine internal assessment procedures. Desired Qualifications & Skills - Additional experience with cloud platforms (AWS, Azure, GCP). - Strong leadership, team management, problem-solving, and communication skills. - Deep knowledge of CMMC model, assessment processes, NIST standards, and DFARS requirements. Benefits - BARR Advisory specializes in meeting clients where they are, from small start-ups to global enterprises and everything in between. - Ability to customize cybersecurity compliance and consulting services based on individual client needs. - Focus on building trusted client relationships through partnership and support. - Commitment to a remote culture that ensures autonomy, mastery, and purpose. - Inclusive workplace dedicated to hiring and developing diverse talent. - Equal opportunity employer with a commitment to reasonable accommodations for individuals with disabilities.