Sr. Cyber Security Policy Analyst

Clearance Level
Information Security
Germantown, Maryland

REQ#: RQ122923

Travel Required: Less than 10%
Public Trust: Other
Requisition Type: Regular

We are GDIT. The people supporting and securing some of the most complex government, defense, and intelligence projects across the country.

GDIT is seeking a Senior Cyber Security Policy Analyst to join our team supporting the U.S. Department of Energy’s (DOE's) Office of Corporate Information Systems to provide Operations and Maintenance (O&M) Support Services of their Corporate Business Systems (CBSOM).

Duties and responsibilities:

  • Supports the implementation and documentation of information assurance/security standards and procedures.
  • Provides Risk Mgmt. Framework Support and Data Call support
  • Provides Cyber policy and NIST 800 series security control analysis and research
  • Stays abreast of new and upcoming federal cyber policies and interprets their requirements
  • Drafts and updates existing Cyber policies documents in support of CISA Binding Operational Directives, and Cyber Executive Order 14028
  • Supports FISMA metrics development, collection, and analysis
  • Collaborates with system stakeholders to interpret and map Cyber policy changes to updated business processes
  • Provides FISMA system vulnerability testing and coordination, privacy, and risk analysis support
  • Supports translation federal cyber mandates and technical policy requirements to business objectives for briefings to CF Senior Management
  • Evaluates policies to perform gap/impact analysis in current operation processes.  Develops and documents corrective-actions necessary align processes with policy compliance.
  • Supports the federal ISSM with the development of the overarching cyber roadmap compliant with Cyber Executive Order requirements
  • Supports the federal ISSM with the development and implementation of a Zero-Trust architecture roadmap
  • Following solution implementation, assists in developing security/IA policies, procedures and standards that govern digital identity management. 
  • Responsibilities include working with the customer to minimize risks and assess and secure networks.
  • Leverage experience in cloud platforms and technologies including cyber security, information assurance, network security, computer information systems, computer science, or management information systems.
  • Collaborate with database and application teams to manage and support Plans of Actions and Milestones (POAM) remediation

Minimum Requirements:

  • Bachelor’s degree in Computer Science, Information Systems, Software Engineering, Business, or other related discipline with 8 years of increasingly responsible and relevant experience in defining security requirements.  Without a degree at least 12 years of relevant experience is required.
  • 3+ years of hands-on cybersecurity experience, cyber policy research and analysis, federal data call support, including application security, database security, encryption, security monitoring, policy research
  • Demonstrated experience with the NIST 800-53Rev 4/5 - “Security and Privacy Controls for Federal Information Systems and Organizations” and a deep understanding of how to evaluate potential control implementations for organizational conformance
  •  Deep understanding of the Cyber Executive Order 14028 and FISMA system security management
  • Understanding of common hacking techniques (e.g., malware, etc.) and effective counter measures.
  • Experience in Microsoft and Linux including Red Hat web server platforms
  • Experience with Oracle and Microsoft SQL Server databases and their security configurations
  • Must be able to obtain and maintain a DOE Clearance and successfully pass a thorough Government background screening process requiring the completion of detailed forms and fingerprinting
  • US Citizenship

Desired Qualifications:

  • Experience with Anti-Virus, Intrusion Detection/Protection Systems, Firewalls, Active Directory, Application Vulnerability Management, Database Security, Vulnerability Assessment tools and other security tools found in large network environments.
  • Cybersecurity certifications (e.g. CISSP, CISA, CISM, CCSP, GCIH, GCIA, GSEC, OSCP, CHFI, CEH)
  • Experience with technologies, including Active Directory, Windows Administration, scripting, and Windows configuration techniques
  • Azure or AWS cloud application experience
  • Previous Department of Energy experience.


  • Full-flex work week
  • 401K with company match
  • Internal mobility team dedicated to helping you own your career
  • Collaborative teams of highly motivated critical thinkers and innovators
  • Ability to make a real impact on the world around you

Not sure this job’s the one for you? Check out our other openings at

Do you have a friend or colleague this posting describes? Let them know about the opportunity by clicking “Share.”

The likely salary range for this position is $104,000 - $156,000, this is not, however, a guarantee of compensation or salary; rather, salary will be set based on experience, geographic location and possibly contractual requirements and could fall outside of this range.

View information about benefits and our total rewards program.

About Our Work

We are GDIT. The people supporting some of the most complex government, defense, and intelligence projects across the country. We deliver. Bringing the expertise needed to understand and advance critical missions. We transform. Shifting the ways clients invest in, integrate, and innovate technology solutions. We ensure today is safe and tomorrow is smarter. We are there. On the ground, beside our clients, in the lab, and everywhere in between. Offering the technology transformations, strategy, and mission services needed to get the job done.

COVID-19 Vaccination

GDIT does not have a vaccination mandate applicable to all employees. To protect the health and safety of its employees and to comply with customer requirements, however, GDIT may require employees in certain positions to be fully vaccinated against COVID-19. Vaccination requirements will depend on the status of the federal contractor mandate and customer site requirements.

GDIT is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.