Position: Cybersecurity Subject Matter Expert (SME) — Operational Engineering Lead
Location: On-site 4 days a week — 1401 Constitution Avenue, Washington, D.C. 20230
Terms: Full Time
Clearance: Secret Clearance (Active Top Secret preferred)
Travel: 0–10%
That’s RIVA.
We’re a mission-driven IT services company and systems integrator supporting digital transformation and modernization for Federal government agencies. Since 2009, we’ve partnered with our customers to solve complex challenges through smart, practical innovation to deliver real outcomes where they matter most. Our teams are made up of industry-leading experts who are passionate about doing great work and making a difference. We don’t just develop solutions—we support efforts that strengthen communities and serve the public good.
RIVA’s culture is built on four core values: Results, Innovation, Values, and Accountability (R.I.V.A.). They guide how we work, how we collaborate, and how we measure success. Our employee-first approach is rooted in trust, ownership, and meaningful work. By investing in our people and fostering a flexible, supportive environment, employees have the opportunity to grow their skills, contribute ideas, and make an impact from day one—all while supporting missions that matter.
The Cybersecurity Subject Matter Expert (SME) — Operational Engineering Lead will support Bureau of Industry and Security (BIS) and Department of Commerce (DOC) cybersecurity programs. This position is the third of three Cybersecurity SME roles on the BIS CATTS Task Order 41 team and is specifically designed to provide operational and engineering depth that complements the program's governance and compliance SMEs. The role supports supply chain risk management, system security compliance, and risk mitigation — with particular focus on hands-on security monitoring, incident response, cloud security engineering, and preferred experience working with Zero Trust implementation.
RIVA Solutions is seeking an experienced Cybersecurity SME to serve as the team's operational and engineering practitioner. The ideal candidate combines strong knowledge of cybersecurity frameworks and Federal compliance requirements with hands-on experience leading incident response, operating security monitoring tools, configuring cloud security controls, and implementing Zero Trust architecture. This role requires close collaboration with the program's two senior governance SMEs, the IT Operations team, and BIS OCIO leadership.
- Provide subject matter expertise and technical analysis in support of supply chain risk management and cybersecurity initiatives.
- Apply cybersecurity principles, methods, and knowledge to support complex technical requirements and deliverables.
- Plan, develop, finalize, and review key cybersecurity program deliverables for DOC and BIS environments.
- Support compliance efforts aligned with FISMA, NIST, OMB, and other Federal cybersecurity standards and guidance.
- Identify unique system characteristics and conduct interviews with technical, administrative, and executive personnel.
- Collaborate with OCIO teams to develop and maintain required cybersecurity documentation, including security categorizations, risk assessments, contingency plans, security test and evaluation reports, and vulnerability assessment reports.
- Map technical requirements, system functionality, and operational capabilities to prescribed security controls, policies, and practices.
- Analyze data collected from open-source, high-side, data calls, and other intelligence sources.
- Present cybersecurity findings and recommendations in both detailed and executive-level formats for internal and external stakeholders.
- Lead cybersecurity monitoring operations using SIEM platforms (Splunk, Microsoft Sentinel, or equivalent), IDS/IPS tools, and cloud-native monitoring capabilities to detect, triage, and respond to threats in real time across BIS GCC-H and Azure Government environments.
- Serve as the program's incident response lead — develop and maintain IR runbooks tailored to the Azure FISMA-High environment, lead forensic investigations into anomalies and advanced threats, integrate the MITRE ATT&CK Framework into detection and response workflows, and produce incident reports per Federal guidelines.
- Design, develop, and deliver security awareness and training programs for BIS agency personnel at all levels, including role-specific content for technical staff, administrators, and executive leadership.
- Implement and manage cloud security controls in GCC-H and Azure Government environments, including firewall rules, VPN configurations, network segmentation, DDoS protection, and encryption of data at rest and in transit.
- Configure and manage Identity and Access Management (IAM) systems; enforce MFA, RBAC, and ABAC policies; and ensure endpoint detection and response (EDR) agents are actively deployed and tuned to the BIS environment.
- Support Azure cloud modernization efforts including rehosting, refactoring, and re-platforming of applications to Azure, leveraging Azure App Services, AKS, Azure Functions, and the Microsoft Cloud Adoption Framework.
- Minimum MS/MA degree and related industry certifications.
- Minimum 8 years of experience in a similar position.
- Demonstrated experience supporting Federal cybersecurity programs and risk management initiatives.
- Strong understanding of FISMA, NIST, OMB, and Federal cybersecurity compliance requirements.
- Experience developing cybersecurity documentation, assessments, and security control mappings.
- Knowledge of supply chain risk management principles and cybersecurity best practices.
- Experience conducting vulnerability assessments, risk assessments, and security testing activities.
- Strong analytical and problem-solving skills with the ability to communicate technical findings to diverse audiences.
- Excellent written and verbal communication skills.
- Ability to manage multiple priorities in fast-paced Federal environments.
- Demonstrated hands-on experience operating or leading a cybersecurity monitoring or Security Operations Center (SOC) function using SIEM tools such as Splunk, Microsoft Sentinel, or equivalent platforms.
- Demonstrated experience leading incident response investigations, including forensic analysis of compromised systems, root cause determination, and production of post-incident reports in compliance with Federal guidelines.
- Hands-on experience configuring cloud security controls in Microsoft Azure Government or
GCC-H environments, including firewall rules, VPN, network segmentation, and encryption.
- Knowledge of Zero Trust Architecture design and deployment aligned with NIST SP 800-207.
- Experience developing and delivering security awareness and training programs for Federal agency personnel.
- Relevant cybersecurity certifications such as CISSP, CISM, Security+, or equivalent.
- Experience supporting Department of Commerce (DOC) or Bureau of Industry and Security (BIS) programs.
- Familiarity with CATTS labor categories and Federal contract proposal environments.
- Experience with supply chain cybersecurity assessments and Federal compliance audits.
- GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), or equivalent incident response and forensics certification.
- Microsoft Azure Security Engineer Associate (AZ-500) or equivalent cloud security engineering certification.
- Zero Trust practitioner certification or documented ZT architecture implementation experience in a Federal cloud environment.
- Experience with Azure cloud modernization — including application migration using Azure App Services, Azure Kubernetes Service (AKS), or Azure Functions — aligned with the Microsoft Cloud Adoption Framework.
- Hands-on experience with Splunk or Microsoft Sentinel SIEM administration, including alert tuning, dashboard development, and threat hunting.
- Familiarity with MITRE ATT&CK Framework application in detection engineering and incident response playbooks.
Competitive and commensurate with experience.
The CATTS standardized labor categories in Section J.3., Attachment 02 apply. The Contractor is responsible for appropriately mapping educational, experience, and certification requirements based on Government-defined responsibilities. Deviations from the CATTS IDIQ labor category definitions may be proposed if clearly identified in the task order proposal. The Government is requesting a minimum of three (3) Cybersecurity SMEs for this requirement.
- Paid Time Off / Sick Leave
- Health, Dental, and Vision Coverage
- Life Insurance
- 401(k) Retirement Plan with Company Match
- HSA/FSA Spending Accounts
- Long- and Short-Term Disability
- Pet Insurance
- Wellness Program Initiatives
- RIVA Flex (Flexible Hours and Hybrid Support, where applicable)
- Additional Workplace Benefits
RIVA Solutions is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy and related conditions), sexual orientation, gender identity, national origin, age, disability, genetic information, veteran status, or any protected class. If you need a reasonable accommodation to search for a job opening or to submit an online application, please email
[email protected].