Senior Security Policy Analyst / CISSP

  • Washington, DC, USA
  • Full-time

Company Description

Our Company:

NetCraftsmen is a consulting and managed services firm dedicated to delivering quality work and continuous improvement.  Our vision is to be nationally recognized as the most trusted adviser for the full life cycle of collaborative network solutions. Through the Craftsmen Assurance process, our customers Rest Assured ℠ we will achieve sustainable success through integrity, innovation, and teamwork. 


We are a diverse team of recognized subject matter experts, one-third of which are CCIE's, as well as up and coming subject matter experts.  The team has multi-vendor consulting expertise in network security, high-end routing, network design, switching, Unified Communications, cloud/virtualization, QoS, MPLS, video, network management, IP multicast, educational courseware development, and other areas.  We are committed to continued training and certification and our outstanding culture and commitment to employee success have led us to be finalists in the Baltimore Business Journal's "Best Places to Work" for the past 3 years (our only ones in the competition) - Come see why!


Why become a NetCraftsmen?

  • We are a company of high achievers who learn from each other and support each other's growth and success
  • We offer a competitive salary plus an excellent benefits package including self-directed PTO and a matching 401(k) with the employer component IMMEDIATELY vested
  • We offer a minimum of 2 weeks and $8000 per engineer per year (pro-rated) for professional development/certification AND the time necessary to hit your training/cert goals
  • We are NOT a body shop. We hire full-time direct hire specialists with a driving thirst to learn and improve.
  • See our reviews on Indeed and GlassDoor for validation.

Job Description

Supporting a well-known Washington DC client, you will be responsible for working with the CISO to form security and risk assessments and rolling out those assessments into the engineering team for design and implementation.

The key challenge here is that, unlike highly regulated industries or government where there is a clear mandate to comply with a specific security standard, there is no "top-down" mandate. The critical screen is now that we are looking for someone who ideally has worked with one or more governance frameworks, but at least once has collaboratively rolled-out policy into an organization that was embracing security governance not because they had to, but because they were convinced to. 

    Additionally, you will:

    • Identify efficiencies in work process and innovative approaches to completing scope of work
    • Participate in team problem-solving efforts and offer ideas to solve client issues
    • Conduct relevant research, data analysis, and create reports
    • Actively expand consulting skills and professional development through training courses, mentoring, and daily interaction with clients
    • Provide security support for information systems throughout the Risk Management Framework
    • Work with other NetCraftsmen clients to identify and mitigate cyber risk and threats


    In order to be considered for this role, you must have:

    • Experience collaboratively driving security governance and policy without a mandate, while educating and working across organizaations to do so in at least one services or non-regulated corporate environment.
    • Strong experience with security policy creation and management
    • CISSP or CISM certification
    • Solid technical underpinning in network security and/or network engineering
    • While this role is policy-oriented, we strongly prefer someone who brings prior networking and security engineering skillsets to the table.

    Additional Information

    All qualified applicants to NetCraftsmen career opportunities will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, or national origin.

    Privacy Policy