Cybersecurity Policy and Operations Analyst

About The Position

Requirements

• Active TS/SCI clearance
• Foundational understanding of cybersecurity policy, RMF processes, and defensive cyber operations.
• Ability to analyze technical information and translate it into clear, structured documentation.
• Strong organizational skills (action tracking, document control, multi-stakeholder coordination).
• Experience preparing briefings, summaries, or technical notes for leadership review.
• Ability to work in a fast-paced, policy-driven environment with shifting priorities.
• Ability to work onsite no less than 3 days per week in Arlington, VA (Pentagon area) and/or Alexandria, VA (Mark Center).

Nice To Haves

• Experience supporting a higher headquarters, enterprise governance body, or policy development organization.

Responsibilities

• Assist in reviewing and interpreting DoW cybersecurity assessment and authorization policy aligned to DoDI 8510.01 (RMF) and DoDI 8530.01 (Cybersecurity Defense of the DoDIN), including Evaluator Scoring Metrics (ESM) development/interpretation.
• Draft guidance, reference materials, and issue summaries to clarify policy intent, including for non-standard or emerging systems.
• Research and compile examples mapping policy requirements to atypical architectures and operational environments.
• Support development and maintenance of enterprise ISCM documentation (baselines, monitoring targets, visibility expectations).
• Translate cybersecurity policy into draft technical baselines and monitoring artifacts used by Components and CSSPs.
• Collect and organize monitoring data, assessment findings, and operational insights to refine ISCM guidance.
• Lead action officer–level coordination for the CSSP Community of Interest (COI): agendas, facilitation, issue tracking, and follow-up actions.
• Consolidate community feedback and policy/operational issues for elevation to senior leadership.
• Support the DoW CIO’s participation in the Cyber Defense Steering Group (CDSG) by preparing materials, documenting threat trends, and tracking assessment priorities.
• Contribute to drafting and maintaining incident response program documentation.
• Compile monitoring visibility data, assessment findings, and lessons learned to update procedures and defensive strategies.
• Document workflows, coordination requirements, and reporting expectations for enterprise incident response.
• Assist in drafting, editing, and maintaining enterprise cybersecurity directives (e.g., updates tied to DoDI/DoDM 8530.01, cloud monitoring requirements, CSSP responsibilities, defensive operations policy).
• Prepare briefings and talking points for senior leaders on policy development status and decisions.
• Conduct background research and prepare initial drafts for ISCM guidance and CSSP alignment documents.
• Support Tenant Configuration Guide (TCG) governance activities: collect implementation data, document compliance observations, and prepare summary reports.
• Assist with verification that IL5 DoW M365 tenants implement required baseline configurations.
• Draft communications on configuration expectations, deviations, and recommended corrective actions.
• Prepare briefings, summaries, and technical notes for leadership decision-making.
• Consolidate stakeholder feedback and operational insights into actionable documentation.
• Maintain organized repositories for policy artifacts, monitoring requirements, meeting records, and coordination materials.

Benefits

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.