Security Analyst Junior

Active Top Secret Clearance Required

About Aretum

Aretum is a mission-driven organization committed to delivering innovative technology-enabled solutions to our customers across defense civilian and homeland security sectors. Our teams work at the intersection of strategy technology and transformation helping agencies solve their most critical challenges. We believe in investing in our people and creating a culture where collaboration inclusion and professional growth are at the forefront.

Job Summary

The Junior-Level Security Analyst provides cybersecurity and compliance support to Department of War information systems operating in classified and unclassified environments. This contractor role supports the protection of mission-critical systems by executing vulnerability management configuration compliance and RMF support activities in accordance with Department of Defense and federal cybersecurity requirements. The role is execution-focused and tool-driven with opportunities for exposure to security operations based on individual background and skillset.

Responsibilities

Vulnerability Management & Security Assessments

• Execute vulnerability management activities using ACAS ESS SCAP tools and manual validation techniques to confirm findings and reduce false positives.
• Conduct application and web vulnerability assessments using tools such as Burp Suite and document results with clear remediation guidance.
• Support vulnerability triage and prioritization based on mission impact exposure exploitability and operational constraints.
• Support the Vulnerability Disclosure Program (VDP) by managing intake validation tracking and coordination with remediation stakeholders.
• Ensure vulnerability findings evidence and remediation status are accurately documented and traceable within RMF artifacts (e.g. assessment inputs and POA&M updates).
• Support SCAP/STIG-related validation by correlating scan results to configuration baseline requirements and documenting compliance status.
• Demonstrate the ability to performor a strong willingness to learnsecurity assessment activities across ACAS ESS Burp Suite VDP workflows and SCAP/STIG compliance processes.
• Cloud Security: Configure and manage AWS Security toolsets (CloudTrail GuardDuty Inspector Security Hub).

STIG SCAP & Configuration Compliance

• Execute DISA STIG compliance activities across operating systems applications databases and network devices
• Validate security baselines using SCAP and manual assessment techniques
• Identify deviations document compensating controls and support risk acceptance requests
• Ensure configuration compliance aligns with mission requirements and operational constraints

RMF & Authorization Support

• Maintain and update RMF packages throughout the system lifecycle
• Support ATO IATT and continuous monitoring activities
• Track POA&Ms and remediation actions to completion
• Coordinate with Government System Owners ISSOs ISSEs and Authorizing Officials
• Support cybersecurity assessments inspections and compliance reviews

Security Operations & Technical Support (Skillset-Dependent)

• Support SIEM monitoring and alert analysis
• Assist with ESS deployment configuration and reporting
• Support log analysis threat detection and incident response activities
• Assist with continuous monitoring and cybersecurity metrics reporting

• Masters Degree or Bachelors Degree 3 years of relevant experience
• 36 years of experience in information assurance cybersecurity or compliance-focused roles
• Active Top Secret Clearance Required
• Experience maintaining RMF packages in classified or regulated environments
• Working knowledge of NIST 800-series publications and DoD cybersecurity requirements
• Experience developing and maintaining SOPs policies or technical documentation
• Strong written and verbal communication skills
• Demonstrated willingness to learn new tools/techniques and support cross-functional cybersecurity activities as mission needs evolve

Preferred Requirements

• Extensive knowledge of AWS Security
• Experience supporting DoD or intelligence community customers
• Hands-on experience with eMASS or other GRC tools
• Familiarity with SIEM platforms ESS/Trellix Burp Checkmarx or other vulnerability management solutions
• DoD 8140 / 8570 certifications (e.g. Security CAP)
• Experience working in classified (SCIF) environments

Travel Requirements

This is a remote position; however occasional travel may berequiredbased on project needs client meetings team collaboration events or training is expected to be less than 10% and will be communicated in advance whenever possible.

EEO Statement

Aretum is committed to fostering a workplace rooted in excellence integrity and equal opportunity for all. We adhere to merit-based hiring practices ensuring that all employment decisions are made based on qualifications skills and ability to perform the job without preference or consideration of factors unrelated to job performance.

As an Equal Opportunity Employer Aretumcomplies withall applicable federal state and local employment laws.

We are proud to support our nations veterans and military familiesprovidingcareer opportunities that honor their service and experience.

If you require reasonable accommodation during the hiring process due to a disability please contactforassistance.

Equal Opportunity Employer/Veterans/Disabled

U.S Work Authorization

Applicants must be U.S. citizens and currently authorized to work in the United States on a full-time position supports a federal government contract and therefore requires an activeTop Secret clearanceor the ability to obtain one.

Health Care Plan (Medical Dental & Vision)

Retirement Plan (401k)

Life Insurance (Basic Voluntary & AD&D)

Paid Time Off

Family Leave (Maternity Paternity)

Short Term & Long-Term Disability

Training & Development

Required Experience:

Junior IC