Credera is a global consulting firm that combines transformational consulting capabilities, deep industry knowledge, AI and technology expertise to deliver valuable customer experiences and accelerated growth across various industries. We continuously evolve our services to meet the needs of future organizations and reflect modern best practices. Our unique global approach provides tailored solutions, transforming the most influential brands and organizations worldwide.
Our employees, the lifeblood of our company, are passionate about making an extraordinary impact on our clients, colleagues, and communities. This passion drives how we spend our time, resources, and talents. Our commitment to our people and work has been recognized globally. Please visit our employer awards page: https://www.credera.com/awards-and-recognition.
The Security Analyst supports a Department of Defense (DoD) cloud-based system operating at Impact Level 4 (IL4) in AWS GovCloud, with an active Authority to Operate (ATO) under the Risk Management Framework (RMF). The analyst ensures ongoing compliance and security through continuous monitoring, vulnerability management, and by supporting secure development and change management practices.
This role works closely with a Security Architect and other technical and program management leaders to ensure the security posture of the system throughout its lifecycle.
Key Responsibilities:
- Perform continuous monitoring of system security controls as required by RMF, including regular review of logs, alerts, and security events in AWS GovCloud IL4 environments.
- Conduct and analyze vulnerability assessments using automated tools (e.g., Evaluate-STIG), interpret scan results, and coordinate remediation with technical teams.
- Manage and update RMF documentation (SSP, SAR, POA&M), ensuring it accurately reflects current system status, vulnerabilities, and remediation actions to support ATO renewals and audits.
- Participate in change management and secure development processes, reviewing new features and modifications for security impacts.
- Support and document threat modeling activities for new or updated system features, identifying risks and recommending mitigations.
- Operate within GRC tools (e.g., eMASS) to maintain assessment evidence, track findings, and manage compliance activities.
- Collaborate with and support the Security Architect, system owners, ISSOs, engineers, developers, and program management stakeholders to gather evidence, resolve findings, and ensure secure implementation of system changes.
- Prepare and deliver clear, concise security reports and briefings to technical and non-technical stakeholders.
- Remain current on evolving DoD cybersecurity requirements, NIST guidance, AWS GovCloud best practices, and emerging threats.
Required Skills and Experience:
- Experience supporting RMF processes and maintaining compliance documentation (NIST 800-53 rev4, ATO lifecycle).
- Hands-on experience with GRC tools (eMASS), vulnerability assessment tools (Evaluate-STIG), and AWS GovCloud services.
- Strong analytical, problem-solving, organizational, and technical writing skills.
- Familiarity with vulnerability management, continuous monitoring, and secure change management in cloud environments.
- Demonstrated ability to communicate and collaborate effectively with both technical and program management teams.
- Experience working in or with consulting organizations and/or public sector clients is highly valued.
- At least one of the following baseline certifications is required to qualify for this role, in accordance with DoD 8140/8570 requirements for cybersecurity workforce positions (IAT Level II/III, IAM Level I/II, or CSSP Analyst/Auditor, as appropriate to assignment):
- CompTIA Security+
- CompTIA Cybersecurity Analyst (CySA+)
- CAP (Certified Authorization Professional)
- CISA (Certified Information Systems Auditor)
- GSLC (GIAC Security Leadership Certification)
- CISSP (Associate or full, preferred for some assignments)
- Other DoD 8140/8570-approved certifications appropriate to the position and level
- Candidates must maintain active certification status throughout employment. Additional or higher-level certifications may be required for advancement or based on project needs but are not necessary to apply for this role.
NICE Framework Alignment:
This position is closely aligned with the Cyber Defense Analyst (PR-CDA-001) and Vulnerability Assessment Analyst (PR-VAM-001) roles, with a strong emphasis on RMF-driven continuous monitoring, vulnerability management, and secure support for ongoing system changes in a DoD cloud environment.
For individuals hired to work in Colorado, Credera is required by law to include a reasonable estimate of the compensation range for this role. This compensation range is specific to the State of Colorado and includes the range of factors considered in making compensation decisions including but not limited to skill sets; experience and training; certifications; etc. We would not anticipate that the individual hired into this role would be near the top end of the compensation range, but that decision will be dependent on the facts associated with each specific individual’s relevant experience for the role.
Learn More: Credera is part of the Omnicom Precision Marketing Group (OPMG), a division of Omnicom Group Inc. OPMG is a global network of agencies that leverage data, technology, and CRM to create personalized and impactful customer experiences. OPMG offers a range of services, such as data-driven product / service design, technology strategy and implementation, CRM / loyalty strategy and activation, econometric and attribution modelling, technical and business consulting, and digital experience design and development.
Compensation: The salary range listed is provided for informational purposes only. Credera treats all applicants as individuals, considering, but not limited to, their professional and academic experience, specialized training, certifications, and associated responsibilities as they relate to our specific industry. The salary range listed is just one component of our total compensation package for each unique employee.
We believe in recognizing and rewarding contributions at every level. While senior-level employees are eligible for a variable component as part of their compensation package, we are committed to supporting the growth and development of all team members. As employees progress in their careers, everyone will have opportunities to take on new responsibilities and become eligible for additional rewards. We strive to create an environment where everyone is empowered to succeed and advance.
Benefits: Credera provides a competitive salary and comprehensive benefits plan. Benefits include health, mental health, vision, dental, and life insurance, prescriptions, fertility and adoption benefits, community service days, paid parental leave, PTO, 14 paid holidays, matching 401(k), Healthcare & Dependent Flexible Spending Accounts, and disability benefits. For more information regarding Omnicom benefits, please visit www.omnicombenefits.com.
Hybrid Working Model: Our employees have the flexibility to work remotely two days a week. We expect team members to spend three days in person, with the freedom to choose the days and times that best suit them, their project, and their teams. You'll collaborate with your project team to balance flexibility with the benefits of in-person connection, delivering outstanding results for our clients. The Why: In-person engagement is essential for building strong relationships with clients and colleagues. It fosters trust, encourages learning, and helps us grow as consultants and professionals.
Travel: For our consulting roles, our goal is to minimize travel, and most projects do not require extensive travel. While some projects may involve up to 80% travel for a period, the annual average for team members is typically 10%–30%. We take a personal approach to travel by considering your submitted preferences when assigning roles.
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender identity, sexual orientation, national origin, age, genetic information, veteran status, or disability.
Credera will never ask for money up front and will not use apps such as Facebook Messenger, WhatsApp or Google Hangouts for communicating with you. You should be very wary of, and carefully scrutinize, any job opportunity that asks for money prior to starting and/or one where all communications take place exclusively via chat.
Top Skills
Credera Denver, Colorado, USA Office
4600 South Syracuse Street, Denver, CO, United States
Similar Jobs
_0.png)
What you need to know about the Colorado Tech Scene
Key Facts About Colorado Tech
- Number of Tech Workers: 260,000; 8.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lockheed Martin, Century Link, Comcast, BAE Systems, Level 3
- Key Industries: Software, artificial intelligence, aerospace, e-commerce, fintech, healthtech
- Funding Landscape: $4.9 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Access Venture Partners, Ridgeline Ventures, Techstars, Blackhorn Ventures
- Research Centers and Universities: Colorado School of Mines, University of Colorado Boulder, University of Denver, Colorado State University, Mesa Laboratory, Space Science Institute, National Center for Atmospheric Research, National Renewable Energy Laboratory, Gottlieb Institute
