Active Top Secret Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront. Job Summary The Mid-Level Security Compliance & Documentation Analyst serves as an ISSO-aligned cybersecurity professional responsible for leading RMF, authorization, and compliance activities for complex, classified C5ISR and IIR mission systems. This role owns RMF package integrity, documentation quality, and authorization readiness while serving as a senior advisor to government stakeholders. Technical exposure may include select security tools or monitoring capabilities depending on the individual’s background, but the primary focus is governance, compliance, and documentation leadership. Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.  Responsibilities RMF Leadership & Authorization - Support and maintain development, maintenance, and oversight of RMF packages for classified C5ISR and IIR systems - Coordinate with Government System Owners, ISSOs, ISSEs, and Authorizing Officials to collect evidence, validate control implementation and maintain package accuracy. - Execute RMF support activities for ATO/IATT and continuous monitoring across multiple systems/enclaves, including documentation updates driven by engineering and operational changes. - Document and track POA&M items, support risk-based prioritization, and provide remediation status reporting through closure. - Validate documentation alignment with system architecture, interconnections, control inheritance, and mission dependencies. Compliance & Governance - Ensure systems comply with Department of War/DoD, and federal cybersecurity requirements - Support internal and external audits, inspections, and cybersecurity assessments - Monitor changes to cybersecurity policy and support implementation across supported systems - Provide compliance status, risk analysis, and authorization reporting to government leadership Documentation & SOP Development - Author, maintain, and approve cybersecurity SOPs, plans, and technical documentation - Standardized documentation practices across supported systems and teams - Ensure documentation supports audits, inspections, and operational continuity Mission & Network Risk Support - Support cybersecurity risk management for C5ISR and IIR systems - Assess security impacts across enterprise, tactical, and mission networks - Support interconnected and cross-domain system authorization efforts

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description BARR is seeking a part-time contractor to join as the Lead CMMC Certified Assessor (CCA) for our growing CMMC service line. This role offers a unique opportunity to be involved from the outset of our journey towards becoming a C3PAO, with anticipated engagement work starting in 2026. Pending business needs, there's potential for this position to transition to full-time. - Lead and oversee dedicated Assessment Teams for CMMC Level 2 certification assessments on behalf of the C3PAO. - Act as the primary liaison with organizations seeking certification (OSCs), ensuring all assessment activities adhere to CMMC-AB and CAICO requirements. - Ensure assessment integrity and consistency by providing leadership, oversight, and quality assurance across multiple assessment engagements. - Verify adherence to CMMC methodology, guiding Assessment Teams in scoping, evidence collection, and scoring procedures. - Coordinate with CAICO and stakeholders to meet formal designation requirements, submit documentation, and maintain compliance with CMMC assessment protocols. - Utilize industry expertise to train CCAs and other CMMC team members. - Assist the CMMC leadership team in scoping validation, engagement pricing, and resource management. - Provide regular updates to the BARR CMMC Leadership team on engagement status. Qualifications - Lead CMMC Certified Assessor (LCCA) designation by the CyberAB. - United States citizenship required. - Ability to travel approximately 25-35%. - Active DoD Secret Clearance or ability to obtain one. - 8+ years of cybersecurity experience, including 5+ years in managerial roles and 3+ years in CMMC assessments. - Experience with large government contractors and effective communication with executive leadership. - Hold one (1) or more of the following active certifications: - CISM - CISSO - CPTE - CompTIA CySA+ - FITSP-A - GCSA - CISA - CISSP - CISSP-ISSEP - GSLC - GSNA Requirements - Manage assigned Assessment Teams, ensuring roles are defined, daily coordination is effective, and assessors comply with CMMC Assessment Process (CAP) and NIST SP 800-171A. - Oversee evidence collection and validation to ensure objectivity, consistency, and compliance. - Review and approve assessment findings, including preliminary and final scoring, and ensure accurate documentation submission. - Coordinate assessment schedules, logistics, interviews, site visits, and secure information handling. - Participate in post-assessment reviews and continuous improvement efforts, providing feedback to refine internal assessment procedures. Desired Qualifications & Skills - Additional experience with cloud platforms (AWS, Azure, GCP). - Strong leadership, team management, problem-solving, and communication skills. - Deep knowledge of CMMC model, assessment processes, NIST standards, and DFARS requirements. Benefits - BARR Advisory specializes in meeting clients where they are, from small start-ups to global enterprises and everything in between. - Ability to customize cybersecurity compliance and consulting services based on individual client needs. - Focus on building trusted client relationships through partnership and support. - Commitment to a remote culture that ensures autonomy, mastery, and purpose. - Inclusive workplace dedicated to hiring and developing diverse talent. - Equal opportunity employer with a commitment to reasonable accommodations for individuals with disabilities.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Information Security Analyst is responsible for protecting an organization’s computer systems, networks, and data from security threats. This role involves monitoring security systems, analyzing incidents, implementing security controls, and ensuring compliance with security standards. The analyst works closely with IT teams to identify vulnerabilities, respond to cyber incidents, and support the overall cybersecurity strategy. Key Responsibilities - Security Monitoring & Incident Response - Monitor security events, alerts, and logs using SIEM and other monitoring tools. - Investigate potential security incidents and take remedial action. - Conduct root-cause analysis and document findings. - Respond to security breaches and support incident resolution processes. - Vulnerability & Risk Management - Perform routine vulnerability scans and risk assessments. - Assist in patch management and mitigation strategies. - Track and report security risks, ensuring timely remediation. - Security Tools & Technologies - Maintain and configure security tools such as firewalls, endpoint protection, IDS/IPS, and DLP systems. - Support deployment and tuning of SIEM solutions. - Evaluate new security technologies and assist with implementation. - Policy, Compliance & Governance - Support compliance initiatives such as ISO 27001, NIST, SOC 2, GDPR, or HIPAA. - Assist in developing and maintaining security policies, procedures, and standards. - Participate in internal and external audits. - Security Awareness & Training - Collaborate with HR/IT to conduct employee cybersecurity training. - Help develop awareness content on phishing, password hygiene, and secure practices. - Documentation & Reporting - Prepare technical documentation, risk assessments, and incident reports. - Provide regular updates to leadership on security posture and incidents. Qualifications - Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience). - 1–3 years of experience in information security, IT systems, or network administration. - Knowledge of common security frameworks (e.g., NIST CSF, ISO 27001). - Familiarity with security tools: SIEM, IDS/IPS, endpoint security, vulnerability scanners. - Understanding of networking concepts (TCP/IP, DNS, firewalls, VPN). - Strong analytical, troubleshooting, and communication skills. Preferred Qualifications - Industry certifications such as: - CompTIA Security+ - Certified Ethical Hacker (CEH) - GIAC Security Essentials (GSEC) - Certified Information Systems Security Professional (CISSP) (associate level acceptable) - Experience with cloud platforms (AWS, Azure, GCP) and cloud security tools. - Familiarity with scripting languages (Python, PowerShell, Bash).

Position Overview: The Forensic Collection Specialist is responsible for the acquisition, preservation, and documentation of digital evidence in a legally defensible manner. You will work directly with internal teams, clients, and occasionally custodians to collect electronically stored information (ESI) from devices, email systems, cloud services, and enterprise data sources. Key Responsibilities: - Conduct forensic collections of ESI from computers, mobile devices, servers, cloud storage, and network environments. - Ensure the integrity and defensibility of all collections through proper chain-of-custody and documentation. - Use industry-standard tools such as EnCase, FTK, X1 Social Discovery, Cellebrite, Magnet AXIOM, and others. - Interface with clients to schedule and conduct collections with professionalism and discretion. - Collaborate with project managers, legal teams, and review staff to support litigation and investigation workflows. - Maintain current knowledge of digital forensics best practices, legal considerations, and new technologies.