Assessment and Authorization (A&A) Assessor – Cyber Ops III

• Conduct cybersecurity assessments on commercial and government software, SaaS products, IT hardware, and web-based solutions to determine compliance with applicable DoD, Air Force, and USAFA cybersecurity policies and control requirements.
• Perform evaluations of acquisition requests and technical artifacts in accordance with AFI 17-101 and USAFA local procedures, assessing potential risk to mission systems, data confidentiality, and operational integrity.
• Coordinate with requestors, cybersecurity stakeholders, and acquisition personnel to gather relevant information and provide timely written recommendations for system integration or risk-based rejection.
• Develop, maintain, and annually review a Standard Operating Procedure (SOP) for all assessment types to ensure consistent evaluation standards and alignment with evolving Air Force and DoD policies.
• Complete and document Privacy Impact Assessments (PIAs) (e.g., DD Form 2930) as required, in collaboration with system owners and in compliance with AFI 33-332, Air Force Privacy and Civil Liberties Program.
• Perform security evaluations for blocked URLs and websites requested for mission access, including the analysis of site risk posture, hosting infrastructure, and data collection practices.
• Deliver formal written assessment reports with cybersecurity recommendations for each request, identifying control gaps, FedRAMP status, PII/PHI risk implications, and potential waiver requirements.
• Maintain and update a monthly tracking log of all active and completed assessments, documenting request status, review findings, and final decisions for audit and oversight purposes.
• Collaborate with ISSOs, ISSMs, and procurement officials to ensure that approved tools and services meet security requirements and can be integrated into RMF processes where needed.
• Advise stakeholders on options for conditional approval, mitigation, or waiver submission where products do not fully meet baseline security requirements but offer mission value.
• Support the broader RMF authorization process by contributing assessment inputs to the development of ATO packages when evaluated products are integrated into larger systems.
• Stay current on FedRAMP, NIST SP 800-171, and CUI handling requirements, and apply them consistently across all assessments of externally hosted or cloud-based solutions.

• This is an onsite position that requires work to be performed onsite in Colorado Springs, CO.
• Indoor office working conditions.

• Must be able to sit or stand for prolonged periods.
• Must be able to perform repetitive keyboard tasks and associated motions for prolonged periods.
• Must be able to carry up to 10 pounds.

• $80,000 -- $90,500 (annual) depending on qualifications

• CERTIFICATION: CSSLP or Security+ or GSEC.
• REQUIED EDUCATION: Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution preferred.
• EXPERIENCE: At least three years of relevant experience acting as an A&A assessor for software, SaaS, and hardware. Must have knowledge of NIST SP 800-171, FedRAMP, CUI handling, software/hardware risk assessment, DoDI 8510.01, AFI 17-101, AFI 33-332. Experience with acquisition security reviews, waiver package support, and PIA coordination is preferred.
• SECURITY CLEARANCE: Must hold an active Secret security clearance

• Health insurance
• Dental/Vision insurance
• Paid Time Off
• Short- and Long-Term Disability
• Life insurance
• 401k and match

Aleut Federal