Cybersecurity Policy and Operations Analyst

Information Technology --> CyberWashington, DCID: 1234-383Full-Time/RegularThe Cybersecurity Policy and Operations Analyst provides technical, analytical, and coordination support to enterprise cybersecurity policy development, information security continuous monitoring (ISCM), defensive cyber operations governance, and incident response program documentation. This action officer–level role supports policy interpretation, monitoring requirements, Cybersecurity Service Provider (CSSP) community coordination, and preparation of materials for senior cybersecurity leadership within the Department of Work (DoW).ResponsibilitiesPolicy Interpretation & Assessment SupportAssist in reviewing and interpreting DoW cybersecurity assessment and authorization policy aligned to DoDI 8510.01 (RMF) and DoDI 8530.01 (Cybersecurity Defense of the DoDIN), including Evaluator Scoring Metrics (ESM) development/interpretation.Draft guidance, reference materials, and issue summaries to clarify policy intent, including for non-standard or emerging systems.Research and compile examples mapping policy requirements to atypical architectures and operational environments.Continuous Monitoring (ISCM) SupportSupport development and maintenance of enterprise ISCM documentation (baselines, monitoring targets, visibility expectations).Translate cybersecurity policy into draft technical baselines and monitoring artifacts used by Components and CSSPs.Collect and organize monitoring data, assessment findings, and operational insights to refine ISCM guidance.CSSP Community Coordination & CDSG SupportLead action officer–level coordination for the CSSP Community of Interest (COI): agendas, facilitation, issue tracking, and follow-up actions.Consolidate community feedback and policy/operational issues for elevation to senior leadership.Support the DoW CIO’s participation in the Cyber Defense Steering Group (CDSG) by preparing materials, documenting threat trends, and tracking assessment priorities.Incident Response Program SupportContribute to drafting and maintaining incident response program documentation.Compile monitoring visibility data, assessment findings, and lessons learned to update procedures and defensive strategies.Document workflows, coordination requirements, and reporting expectations for enterprise incident response.Enterprise Cybersecurity Policy DevelopmentAssist in drafting, editing, and maintaining enterprise cybersecurity directives (e.g., updates tied to DoDI/DoDM 8530.01, cloud monitoring requirements, CSSP responsibilities, defensive operations policy).Prepare briefings and talking points for senior leaders on policy development status and decisions.Conduct background research and prepare initial drafts for ISCM guidance and CSSP alignment documents.Governance & Compliance SupportSupport Tenant Configuration Guide (TCG) governance activities: collect implementation data, document compliance observations, and prepare summary reports.Assist with verification that IL5 DoW M365 tenants implement required baseline configurations.Draft communications on configuration expectations, deviations, and recommended corrective actions.Documentation & Decision SupportPrepare briefings, summaries, and technical notes for leadership decision-making.Consolidate stakeholder feedback and operational insights into actionable documentation.Maintain organized repositories for policy artifacts, monitoring requirements, meeting records, and coordination materials.This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.Required QualificationsActive TS/SCI clearanceFoundational understanding of cybersecurity policy, RMF processes, and defensive cyber operations.Ability to analyze technical information and translate it into clear, structured documentation.Strong organizational skills (action tracking, document control, multi-stakeholder coordination).Experience preparing briefings, summaries, or technical notes for leadership review.Ability to work in a fast-paced, policy-driven environment with shifting priorities.Ability to work onsite no less than 3 days per week in Arlington, VA (Pentagon area) and/or Alexandria, VA (Mark Center).Preferred QualificationsExperience supporting a higher headquarters, enterprise governance body, or policy development organization.Why Work for Us?Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.We Offer401(k) with 100% company match on the first 6% deferred, with immediate vestingComprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ceUnlimited access to training and certifications, with no pre-set cap on eligible professional developmentTuition assistance for job-related degrees and coursesPaid parental leave, PTO that grows with tenure, and generous holiday schedulesGot a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.Join us to build a career that matters—supported by a company that invests in you.All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.