Title: Aisso III Location: Kearneysville, West Virginia, 25430, United States Department: Information Technology Job Description: Job Title: AISSO III Clearance Required: Secret; US Citizen. Work Location: Hybrid; Portsmouth, VA or Kearneysville, WV (onsite as needed to maintain SIPR access) Alpha Omega is looking for a focused, driven self-starter to work in a highly dynamic, cross-functional, complex IT environment. The Alternate Information System Security Officer (AISSO) will represent the ISSO as the IA liaison to assigned Information Systems (IS), Cloud Systems, Platform Information Technology (PIT), and Platform Information Technology Systems (PITS); the candidate will interface with the ISSO, system stakeholders, and upstream and downstream assessment stakeholders to perform security duties. The AISSO is responsible for helping assigned systems achieve and maintain their Authority to Operate (ATO) or Platform Information Technology Approval (PITA). All supported system missions include supporting national security and search and rescue missions. These systems operate across various technology platforms and environments, including DevSecOps, Cloud, and traditional data centers. The AISSO reports directly to Team Leads and the Project Manager, while independently engaging in enterprise and system-level cybersecurity-related engineering tasks. The successful candidate should have: experience performing assessment-related tasks; expert verbal and written communication skills; ability to interpret NIST and DoD guidance; and experience with industry tools, such as STIG viewer, ACAS, and eMASS. Key Responsibilities: Conduct focused compliance assessments for information systems according to guidance from NIST, OMB, DoD, DHS, FISMA, and internal policies. Identify common and inheritable security control applicability across a variety of platforms and applications. Analyze DoD Security Technical Implementation Guides (STIGs) implementation compliance and associate checklists to NIST SP 800-53 security controls. Conduct comprehensive manual security control testing, document examination, and staff interviews for security controls not covered by STIGs or inheritance. Analyze scan results from scanning tools (Nessus, SIEM, ACAS, and so forth) to identify additional information system vulnerabilities; verify scans against approved hardware/software and server lists to identify where gaps exist. Plan, develop, finalize, and review key deliverables at each stage of the Assessment & Authorization (A&A) project using applicable DoD and DHS tools and guidance. Prepare and track POA&Ms in eMASS for items that are out of compliance; identify risks and remediation recommendations. Manage project expectations to ensure requirements are understood and agreed upon by stakeholders. Assess proposed changes to information systems; identify risks of the proposed change and whether the proposed change affects the system ATO or FIPS categorization level. Develop, review, and reconcile IA security policies, standards, guidelines, procedures, and other technical documentation. Perform research to ensure knowledge proficiency remains aligned to technologies and industry’s best practices. Identify and recommend process improvements relating to the A&A process and/or established guidelines. Work closely with stakeholders to ensure information system A&A efforts are completed within stated deadlines. Engage constructively within the team to identify and resolve challenges or exploit opportunities. MUST possess excellent verbal and written communication skills. MUST be comfortable discussing (both verbally and in writing) status and risks/project impacts with all levels of management and project stakeholders. Ability to interpret NIST and DoD guidance. Possess familiarity with FedRAMP inheritable controls and cloud-based security principles. Required Qualifications: Experience/Skills: Five (5) years of related experience Fully qualified, by qualification standards and requirements in accordance with DoDD 8140.01 and DoDM 8140.03, DCWF Reference 511, 622, 722, Level II/Level III Experience implementing or assessing DISA STIGs Experience with RMF workflow Experience with industry tools, such as STIG viewer, ACAS, and eMASS Preferred Qualifications: Fully qualified, by qualification standards and requirements in accordance with DoDD 8140.01 and DoDM 8140.03, DCWF Reference 511, 622, 722, Level III; CISSP or CISM certification in good standing Bachelor’s degree or higher in Cybersecurity/IT Familiarity with overlays, including CFO, Privacy, Facility, and NSS Experience and familiarity with DevSecOps principles especially in terms of secure coding best practices Experience with Cloud-based (FedRAMP) system authorization Salary and Benefit Information: The likely salary range for this position is $86,000 - $113,000. This is not, however, a guarantee of compensation or salary. There are multiple factors that are considered in determining fina