Assessment and Authorization (A&A) Assessor - Cyber Ops III

At Aleut Federal, we believe the company and its mission is just as important as the job you are applying for. Aleut Federal is an Alaskan Native-owned enterprise whose purpose is to support our "Shareholders," the Unangax, the indigenous people of the Aleutian Islands of Alaska. People are at the core of everything we do. We support our Shareholders by providing excellent service and quality results to our clients and the various branches of the federal government. We engage in local markets, so community service is embedded in our process.

Our culture nurtures the strength of our workforce through mentorship and coaching, providing opportunities for growth and competitive benefits. We support and encourage diversity, inclusion, and accountability at every level.

The Aleut Federal motto is "We are One" because we truly believe that with one heart, one mind, and one purpose, we can accomplish our mission and be an organization anyone would be proud to be a part of.

POSITION SUMMARY

Aleut is seeking an Assessment and Authorization (A&A) Assessor for Software/SaaS/Hardware to work with the United States Air Force Academy (USAFA) RMF team. This position requires personnel to work on-site at USAFA in Colorado Springs, CO.

*** POSITION HIRING CONTINGENT ON CONTRACT AWARD ***

ESSENTIAL JOB FUNCTIONS

• Conduct cybersecurity assessments on commercial and government software, SaaS products, IT hardware, and web-based solutions to determine compliance with applicable DoD, Air Force, and USAFA cybersecurity policies and control requirements.
• Perform evaluations of acquisition requests and technical artifacts in accordance with AFI 17-101 and USAFA local procedures, assessing potential risk to mission systems, data confidentiality, and operational integrity.
• Coordinate with requestors, cybersecurity stakeholders, and acquisition personnel to gather relevant information and provide timely written recommendations for system integration or risk-based rejection.
• Develop, maintain, and annually review a Standard Operating Procedure (SOP) for all assessment types to ensure consistent evaluation standards and alignment with evolving Air Force and DoD policies.
• Complete and document Privacy Impact Assessments (PIAs) (e.g., DD Form 2930) as required, in collaboration with system owners and in compliance with AFI 33-332, Air Force Privacy and Civil Liberties Program.
• Perform security evaluations for blocked URLs and websites requested for mission access, including the analysis of site risk posture, hosting infrastructure, and data collection practices.
• Deliver formal written assessment reports with cybersecurity recommendations for each request, identifying control gaps, FedRAMP status, PII/PHI risk implications, and potential waiver requirements.
• Maintain and update a monthly tracking log of all active and completed assessments, documenting request status, review findings, and final decisions for audit and oversight purposes.
• Collaborate with ISSOs, ISSMs, and procurement officials to ensure that approved tools and services meet security requirements and can be integrated into RMF processes where needed.
• Advise stakeholders on options for conditional approval, mitigation, or waiver submission where products do not fully meet baseline security requirements but offer mission value.
• Support the broader RMF authorization process by contributing assessment inputs to the development of ATO packages when evaluated products are integrated into larger systems.
• Stay current on FedRAMP, NIST SP 800-171, and CUI handling requirements, and apply them consistently across all assessments of externally hosted or cloud-based solutions.

WORK ENVIRONMENT

• This is an onsite position that requires work to be performed onsite in Colorado Springs, CO.
• Indoor office working conditions.

PHYSICAL DEMANDS

• Must be able to sit or stand for prolonged periods.
• Must be able to perform repetitive keyboard tasks and associated motions for prolonged periods.
• Must be able to carry up to 10 pounds.

SALARY RANGE

• $80,000 -- $90,500 (annual) depending on qualifications

*We will be accepting applications for this position until 09/26/2025 at 11:59 PM EST*

REQUIERMENTS:

• CERTIFICATION: CSSLP or Security+ or GSEC.
• REQUIED EDUCATION: Bachelor of Science degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an Accreditation Board for Engineering and Technology (ABET) accredited or Certified Association Executive (CAE) designated institution preferred.
• EXPERIENCE: At least three years of relevant experience acting as an A&A assessor for software, SaaS, and hardware. Must have knowledge of NIST SP 800-171, FedRAMP, CUI handling, software/hardware risk assessment, DoDI 8510.01, AFI 17-101, AFI 33-332. Experience with acquisition security reviews, waiver package support, and PIA coordination is preferred.
• SECURITY CLEARANCE: Must hold an active Secret security clearance

Aleut offers the following benefits to eligible employees:

• Health insurance
• Dental/Vision insurance
• Paid Time Off
• Short- and Long-Term Disability
• Life insurance
• 401k and match

At Aleut, our culture thrives on diversity, inclusion, and collaboration. Integrating diverse perspectives opens up new possibilities, fosters innovation, and fully harnesses our team's potential. We are committed to creating an environment where every employee feels valued, included, and inspired to grow and find purpose. Join us and be part of a culture that celebrates differences and belonging for everyone, without regard to race, color, religion or belief, national, social, or ethnic origin, sex, pregnancy, marital status, age, physical, mental, or sensory disability, sexual orientation, gender identity and/or expression, or past or present military service. We welcome everyone as they are!

#CJ

#AMS