Security / RMF Engineer at Aretum

• Job Location McLean, VA
• Seniority Mid-Senior Level
• Type Full-time

Share on:

Description

Public Trust Eligibility Required About Aretum Aretum is a mission-driven organization committed to delivering innovative, technology-enabled solutions to our customers across defense, civilian, and homeland security sectors.

Our teams work at the intersection of strategy, technology, and transformation, helping agencies solve their most critical challenges.

We believe in investing in our people and creating a culture where collaboration, inclusion, and professional growth are at the forefront.

Job Summary Aretum is seeking a skilled and highly motivated Security / RMF Engineer.

As a Security / RMF Engineer, you will ensure compliance with VA security requirements and manage the ATO lifecycle.

Due to the nature of our work as a federal consulting organization, employees may be expected to handle Controlled Unclassified Information (CUI) and must adhere to applicable safeguarding and compliance requirements.

Responsibilities Develop and maintain RMF documentation (SSP, POA&M, SAR inputs) Map and implement security controls across system layers Coordinate with VA security stakeholders Support vulnerability scanning and remediation Enable continuous monitoring and compliance Requirements RMF Framework{{:}} NIST 800-53, control families, tailoring ATO Process{{:}} SSP development, POA&M management, authorization workflows ServiceNow GRC (or similar){{:}} Documentation and tracking Cloud Security{{:}} AWS security controls, shared responsibility model Identity & Access Management{{:}} RBAC, least privilege, federation concepts Encryption{{:}} TLS, data-at-rest encryption, key management (KMS) Vulnerability Management{{:}} Scanning tools, remediation workflows Logging & Monitoring{{:}} SIEM integration (Splunk, Datadog concepts) Network Security{{:}} Segmentation, ingress/egress control, TIC awareness Compliance Standards{{:}} HIPAA awareness, FISMA/FEDRAMP basics DevSecOps Integration{{:}} Security in CI/CD pipelines Risk Assessment{{:}} Identifying and documenting system risks and mitigations Travel Requirements This is a remote position; however, occasional travel may be required based on project needs, client meetings, team collaboration events, or training sessions.

Travel is expected to be less than 10% and will be communicated in advance whenever possible.