• Leading end-to-end research projects - from idea generation, through discovery and exploitation, to publication • Conducting deep security research across operating systems, cloud environments, enterprise software, and emerging technologies • Developing proof-of-concepts and research tools • Leveraging AI to scale research workflow • Publishing research via technical blogs, whitepapers, and top-tier conferences • Collaborating with detection and product teams to translate research into security capabilities

We are looking for a highly technical investigator who can analyze diverse sources of digital evidence in support of complex investigations. The successful candidate will have experience investigating sophisticated computer-enabled crime, strong communications skills, comfort using programming languages (e.g. Python, SQL) to accomplish investigative objectives, and an understanding of evidentiary rules and procedures. Candidates will also be able to identify, analyze, and synthesize relevant information from various sources to support investigations. The ideal candidate will also have experience analyzing software code and conducting investigations in support of ongoing litigation. Key Responsibilities: - Analyze digital evidence from various sources in support of investigations. - Extract and preserve data from mobile devices, computers, cloud systems and other digital media. - Conduct open-source research and analysis to support technical analysis. - Develop and maintain tools to facilitate investigations. - Create reports and other materials to summarize findings and support investigative efforts. - Contribute to ongoing research and development efforts. - Advise clients regarding cybersecurity best practices. Requirements: - Experience using a programming language to accomplish investigative goals (e.g. Python). - Strong analytical and critical thinking skills, with the ability to synthesize complex information from multiple sources - Excellent communication skills, both written and verbal. - At least three years of experience conducting technical investigations. - Ability to work independently and as part of a team in a fast-paced, dynamic environment. Preferred Qualifications: - Familiarity with software application and/or platform development and, ideally, experience analyzing source code. - Basic understanding of the cryptocurrency ecosystem, including knowledge of various blockchain networks, cryptocurrencies, and exchanges. - Data science experience, including exposure to programming languages used to understand and synthesize large data sets. - Knowledge of relevant legal and regulatory frameworks related to cryptocurrency and cybersecurity investigations. - Experience developing, implementing and/or maintaining network security systems. - Experience working in a law enforcement or intelligence agency. NAXO is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, status as a protected veteran, or any other protected characteristic under applicable law.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description LMI is seeking an experienced Security Lead to support a key client at the General Services Administration (GSA) in delivering a modern, web-based acquisitions system. This initiative modernizes Governmentwide Indefinite Delivery Vehicle (IDV) contracting through modular, API-driven services deployed in federal cloud environments. The Security Lead will serve as the senior authority responsible for defining and enforcing the program’s security and compliance approach in alignment with GSA requirements. This individual must possess a comprehensive understanding of the Authorization to Operate (ATO) process for cloud applications and collaborate closely with the client’s Information Technology Security Officers (ITSOs) to ensure the development team adheres to approved security controls and compliance standards. The ideal candidate combines deep federal security expertise, hands-on cloud security experience in AWS, and the ability to integrate DevSecOps practices into modern Agile software delivery. This position is anticipated to be majority remote, but with the ability to travel and visit the client’s offices in Washington, D.C. as frequently as needed. Responsibilities - Security Strategy & Governance - Serve as the primary authority for system security architecture and compliance - Collaborate directly with GSA security personnel to define and implement security and compliance controls for cloud-based applications - Ensure development teams adhere to approved security architecture and control implementations - Establish and maintain security documentation, policies, and procedures aligned with federal standards - Ensure compliance with FISMA and agency-specific security policies governing federal information systems - ATO & Federal Compliance - Lead the system through the full Authorization to Operate (ATO) lifecycle for applications - Develop and maintain System Security Plans (SSPs), security control documentation, and supporting artifacts - Manage Plans of Action and Milestones (POA&Ms) and track remediation activities - Support security control assessments and coordinate responses to findings - Align controls with guidance from the National Institute of Standards and Technology (NIST), FedRAMP requirements, and Trusted Internet Connections (TIC)/cloud security guidance - DevSecOps & CI/CD Integration - Embed automated security controls into CI/CD pipelines to enable secure, continuous delivery - Ensure static and dynamic code analysis, dependency scanning, container security, and infrastructure-as-code validation are integrated into build and deployment processes - Promote secure coding practices and continuous monitoring across development teams - Cloud Security (AWS) - Lead security architecture for applications and infrastructure deployed within AWS cloud environments - Configure and manage native AWS security services (e.g., IAM, Security Hub, GuardDuty) - Enforce least privilege access controls and secure identity and access management practices - Monitor cloud environments for threats, misconfigurations, and vulnerabilities - Risk Management & Audit Readiness - Conduct security risk assessments and oversee vulnerability scanning and penetration testing activities - Manage security incident response coordination and reporting - Maintain continuous monitoring practices and ensure audit readiness for all system components - Support ongoing authorization and continuous ATO practices through automated control monitoring and real-time risk visibility - Track, report, and mitigate identified risks throughout the system lifecycle - Team & Stakeholder Collaboration - Mentor development teams on security requirements and secure coding standards - Partner closely with team’s leadership to align security with system architecture and delivery timelines - Communicate security risks, compliance status, and remediation strategies clearly to both technical and non-technical stakeholders Qualifications - Demonstrated experience serving as a Security Lead (or equivalent role) on federal IT programs - Extensive hands-on experience implementing federal security architectures aligned with NIST guidance, FedRAMP, and TIC/cloud security requirements - Proven track record leading systems through the full ATO lifecycle, including SSP development and POA&M management - Deep understanding of integrating security controls into CI/CD pipelines consistent with DevSecOps principles - Expert-level knowledge securing applications and infrastructure in AWS cloud environments - Experience conducting risk assessments, vulnerability management, and maintaining audit readiness - Strong written and verbal communication skills Desired Qualifications - Experience supporting GSA or other federal cloud modernization initiatives - Relevant certifications (e.g., CISSP, CCSP, AWS Security Specialty, Security+) - Experience supporting systems at moderate or high impact levels under federal security frameworks - Familiarity with continuous monitoring tools and automated compliance validation solutions Salary Information The target salary range for this position is $135,000-$225,000. The salary range displayed represents the typical salary range for this position and is not a guarantee of compensation. Individual salaries are determined by various factors including, but not limited to location, internal equity, business considerations, client contract requirements, and candidate qualifications, such as education, experience, skills, and security clearances.

Public Trust Eligibility Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors. Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront. Job Summary Aretum is seeking a motivated and skilled Senior Security Controls Assessor. As a Senior Security Controls Assessor, you will be responsible for conducting comprehensive security assessments of information systems to ensure compliance with applicable security controls and regulations. Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements. Responsibilities - Independently perform all aspects of the security controls assessment in alignment with NIST 800-53 Revision 5 - Ensure comprehensive understanding and application of ATO documentation requirements - Coordinate all aspects of testing with relevant stakeholders and team lead - Develop a security assessment plan with input from stakeholders - Conduct and lead assessment interviews and tests while managing evidence - Provide insightful recommendations to improve security posture