Security Assessor

Information Technology Washington, District Of Columbia

Apply

Description

Title: Security Assessor
Location: Washington, DC – Onsite
Terms: Full-time
Clearance: Active Secret or Top-Secret clearance required (U.S. Citizenship required)
Travel: Minimal; <10% anticipated

RESULTS. INNOVATION. VALUES. ACCOUNTABILITY.

That’s RIVA. Our employee-first approach has manifested a culture that attracts the best and brightest. By investing in people first and providing a flexible work environment, our employees have higher morale, higher productivity rates, and lower turnover. At RIVA, people are our #1 priority.

Program Overview

RIVA Solutions is supporting the National Telecommunications and Information Administration (NTIA) under the ISCOM Division to deliver mission-critical IT modernization and cybersecurity services. This effort focuses on enhancing the security, reliability, and efficiency of NTIA’s infrastructure, driving forward their mission of advancing broadband access, data-driven policymaking, and secure communications through modern digital tools and compliance with federal standards.

Position Overview

RIVA Solutions is seeking a Security Assessor to provide expert-level support in performing security control assessments, risk analysis, and authorization support under the NTIA ISCOM contract. The individual will evaluate the effectiveness of technical, management, and operational security controls, ensuring compliance with federal cybersecurity requirements. This role is critical in supporting NTIA’s Assessment and Authorization (A&A) process, continuous monitoring, and overall system security posture.

Core Responsibilities

  • Conduct comprehensive Security Control Assessments (SCAs) for systems and applications in accordance with NIST Risk Management Framework (RMF) guidelines.
  • Review and evaluate security documentation, including System Security Plans (SSPs), Security Assessment Plans (SAPs), Security Assessment Reports (SARs), and Plans of Action and Milestones (POA&Ms).
  • Validate the implementation and effectiveness of NIST 800-53 controls through testing, analysis, and evidence collection.
  • Perform interviews with system owners, ISSOs, and administrators to assess compliance and control maturity.
  • Document and communicate assessment results, identifying findings, risks, and recommended mitigations.
  • Support the preparation and submission of authorization packages to the Authorizing Official (AO).
  • Track remediation and risk mitigation activities; verify closure of POA&M items.
  • Provide expert recommendations for improving system security and risk posture.
  • Contribute to the development and improvement of A&A processes, templates, and procedures.
  • Collaborate with cybersecurity, engineering, and operations teams to ensure risk-based decision-making aligns with NTIA policies.
  • Support ongoing Continuous Monitoring (ConMon) activities by assessing control changes and reviewing security artifacts.
  • Stay current with federal cybersecurity policy, guidance, and compliance requirements, including FISMA, NIST, and FedRAMP.

Minimum Qualifications

  • Master’s degree (MS/MA) in Cybersecurity, Computer Science, Information Systems, or a related field.
  • Minimum of 8 years of cybersecurity experience.
  • U.S. Citizenship required.
  • Active Secret or Top-Secret clearance.
  • In-depth understanding of NIST Risk Management Framework (RMF), FISMA, and federal cybersecurity assessment processes.
  • Experience conducting or supporting Security Control Assessments (SCA) and/or Assessment & Authorization (A&A) activities.
  • Familiarity with enterprise IT systems, configurations, and common security technologies.
  • Strong written and verbal communication skills, with the ability to produce high-quality documentation and present technical findings.

Preferred Qualifications

  • Industry certifications such as CISSP, CISA, CAP, or GSCA.
  • Prior experience supporting the Department of Commerce, NTIA, or other federal civilian agencies.
  • Experience authoring and reviewing security documentation (SSP, SAR, SAP, POA&M).
  • Knowledge of FedRAMP, Continuous Monitoring (ConMon) processes, and control inheritance models.
  • Understanding of vulnerability management, penetration testing results interpretation, and system hardening best practices.

Salary

Up to $155,000 depending on experience.

RIVA Benefits

  • Paid Time Off / Sick Leave
  • Health, Dental, and Vision Coverage
  • Life Insurance
  • 401K Retirement Plan with Company Match
  • HSA/FSA Spending Accounts
  • Long- and Short-term Disability
  • Pet Insurance
  • Wellness Program Initiatives
  • RIVA Flex (Flex Hours and Hybrid Work Support)
  • Additional Perks & Workplace Benefits

Equal Opportunity Statement

RIVA Solutions is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any protected class. If you need a reasonable accommodation to search for a job opening or to submit an online application, please email [email protected]. Only messages left for this purpose will be returned.

 

Apply Apply Later
← Back to Current Openings

Share

Similar Jobs

{{ job.title }}