Cybersecurity Policy and Compliance Analyst

Key Role:

Support the Cybersecurity risk assessment team in conducting assessments of Cybersecurity risk by evaluating DoD systems and assist with drafting Cybersecurity risk reports to highlight current architecture, mitigations, and Cybersecurity risk posture. Analyze, review, and critique assessment and authorization (A&A) documentation in compliance with DoD Cybersecurity policy and agency guidance, including DoD 8500 series, CNSS 1253, and National Institute of Standards and Technology (NIST) special publications. Assess program security compliance, support program briefs, and coordinate and compile program security documentation for various programs. Provide A&A and Cybersecurity support, including Risk Management Framework (RMF) for DoD IT, assess compliance with security technical implementation guides (STIGs), review automated scans, conduct security test and evaluation (ST&E), vulnerability assessments, and computer security responses, and create and manage RMF packages using the Enterprise Mission Assurance Support Service (eMASS). Provide results of unresolved discrepancies to the client for inclusion in that system’s IA Plan of Action and Milestones (POA&M). Interact with clients to perform policy and technical audits. Brief client leadership on vulnerabilities in support of the government client and prepare brief slides and summary of findings analyses.

Basic Qualifications:

-3 years of experience with IT in a DoD environment

-3 years of experience with NIST RMF policies, including continuous monitoring and information system security policies, standards, and procedures

-Experience with preparing A&A packages using RMF and DoD A&A processes and standards

-Experience with using eMASS
-Knowledge of IA or information security (INFOSEC) concepts and requirements
-TS/SCI clearance

-HS diploma or GED

-DoD 8140 IAM or IAT Certification, including Security+ CE, CISM, CISSP, or CASP


Additional Qualifications:

-3+ years of experience with supporting DoD organizations in the implementation or assessment of Cybersecurity controls or legacy DIACAP implementation
-3 years of experience with system and network vulnerability analysis, risk assessment and risk mitigation analysis, ST&E, contingency planning, and firewall policy, ports, and protocols

-Experience with Retina, Nessus, SCAP Compliance Checker, STIGs, hardening systems, and applying IA controls

-Experience with Nesses, ACAS, SCAP, and HBSS

-Possession of excellent oral and written communication skills



Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to classified information; TS/SCI clearance is required.

We’re an EOE that empowers our people—no matter their race, color, religion, sex, gender identity, sexual orientation, national origin, disability, veteran status, or other protected characteristic—to fearlessly drive change.

Not ready to apply? Join our talent community and sign up for job alerts.