Cybersecurity Policy and Operations Analyst

The Cybersecurity Policy and Operations Analyst provides technical, analytical, and coordination support to enterprise cybersecurity policy development, information security continuous monitoring (ISCM), defensive cyber operations governance, and incident response program documentation. This action officer-level role supports policy interpretation, monitoring requirements, Cybersecurity Service Provider (CSSP) community coordination, and preparation of materials for senior cybersecurity leadership within the Department of Work (DoW).

Responsibilities:

Policy Interpretation & Assessment Support

• Assist in reviewing and interpreting DoW cybersecurity assessment and authorization policy aligned to DoDI 8510.01 (RMF) and DoDI 8530.01 (Cybersecurity Defense of the DoDIN), including Evaluator Scoring Metrics (ESM) development/interpretation.
• Draft guidance, reference materials, and issue summaries to clarify policy intent, including for non-standard or emerging systems.
• Research and compile examples mapping policy requirements to atypical architectures and operational environments.

Continuous Monitoring (ISCM) Support

• Support development and maintenance of enterprise ISCM documentation (baselines, monitoring targets, visibility expectations).
• Translate cybersecurity policy into draft technical baselines and monitoring artifacts used by Components and CSSPs.
• Collect and organize monitoring data, assessment findings, and operational insights to refine ISCM guidance.

CSSP Community Coordination & CDSG Support

• Lead action officer-level coordination for the CSSP Community of Interest (COI): agendas, facilitation, issue tracking, and follow-up actions.
• Consolidate community feedback and policy/operational issues for elevation to senior leadership.
• Support the DoW CIO's participation in the Cyber Defense Steering Group (CDSG) by preparing materials, documenting threat trends, and tracking assessment priorities.

Incident Response Program Support

• Contribute to drafting and maintaining incident response program documentation.
• Compile monitoring visibility data, assessment findings, and lessons learned to update procedures and defensive strategies.
• Document workflows, coordination requirements, and reporting expectations for enterprise incident response.

Enterprise Cybersecurity Policy Development

• Assist in drafting, editing, and maintaining enterprise cybersecurity directives (e.g., updates tied to DoDI/DoDM 8530.01, cloud monitoring requirements, CSSP responsibilities, defensive operations policy).
• Prepare briefings and talking points for senior leaders on policy development status and decisions.
• Conduct background research and prepare initial drafts for ISCM guidance and CSSP alignment documents.

Governance & Compliance Support

• Support Tenant Configuration Guide (TCG) governance activities: collect implementation data, document compliance observations, and prepare summary reports.
• Assist with verification that IL5 DoW M365 tenants implement required baseline configurations.
• Draft communications on configuration expectations, deviations, and recommended corrective actions.

Documentation & Decision Support

• Prepare briefings, summaries, and technical notes for leadership decision-making.
• Consolidate stakeholder feedback and operational insights into actionable documentation.
• Maintain organized repositories for policy artifacts, monitoring requirements, meeting records, and coordination materials.

*This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.

Required Qualifications:

• Active TS/SCI clearance
• Foundational understanding of cybersecurity policy, RMF processes, and defensive cyber operations.
• Ability to analyze technical information and translate it into clear, structured documentation.
• Strong organizational skills (action tracking, document control, multi-stakeholder coordination).
• Experience preparing briefings, summaries, or technical notes for leadership review.
• Ability to work in a fast-paced, policy-driven environment with shifting priorities.
• Ability to work onsite no less than 3 days per week in Arlington, VA (Pentagon area) and/or Alexandria, VA (Mark Center).

Preferred Qualifications:

• Experience supporting a higher headquarters, enterprise governance body, or policy development organization.

Why Work for Us?

Core4ce is a team of innovators, self-starters, and critical thinkers-driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage-employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters-supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.