Cybersecurity, SME - 2790_8-4953

This job was posted by : For moreinformation, please see:OverviewJob SummaryGalapagos Federal Systems LLC is seeking a qualified and motivatedindividual to serve as a Cybersecurity Subject Matter Expert (SME)supporting the Defense Travel Management Office (DTMO). This roleprovides the opportunity to work with a collaborative team supportingmission-critical enterprise systems.The Cybersecurity SME provides cybersecurity oversight for the DTMOEnterprise Infrastructure in accordance with the Risk ManagementFramework (RMF), NIST SP 800-37, and DoD cybersecurity requirements. Theposition is responsible for maintaining the system of Authority toOperate (ATO) by managing RMF activities, supporting securityassessments, and coordinating vulnerability remediation.The SME works closely with DMDC, the DTMO Information System SecurityManager (ISSM), Authorizing Official (AO), and Security Control Assessor(SCA) to maintain system security posture, manage Plans of Action andMilestones (POA&Ms), and ensure compliance with DoD cybersecuritypolicies. Responsibilities also include monitoring security events,supporting incident response, and providing cybersecurity guidance toDTMO leadership and technical teams while ensuring compliance with DoDcloud security requirements.Key ResponsibilitiesThe Cybersecurity SME will:- Coordinate with DMDC to administer all aspects of the Risk Management Framework (RMF) to ensure DTMO systems maintain their Authority to Operate (ATO)- Collaborate with the DTMO Information System Security Manager (ISSM) to maintain and update system security authorization packages- Support the Authorizing Official (AO) and Security Control Assessor (SCA) to ensure compliance with DoD cybersecurity policies and security control requirements- Manage and track Plans of Action and Milestones (POA&Ms), ensuring remediation actions are documented, monitored, and closed in coordination with the ISSM- Participate in security audits, assessments, and authorization activities, providing documentation and technical support- Coordinate with DMDC to monitor and report the security posture of DTMO systems using automated and manual reporting tools- Monitor and analyze security event logs, generate reports, and identify potential risks or anomalous activity- Review vulnerability scan results, recommend remediation strategies, and coordinate implementation of security patches and fixes- Validate implementation of security controls and access control mechanisms to ensure proper protection of DTMO systems- Develop and submit Deviation Requests for authorized exceptions to DoD Security Technical Implementation Guide (STIG) requirements when necessary- Develop and maintain cybersecurity documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessment Reports (RARs)- Support incident response activities, coordinating with DMDC and DTMO stakeholders to investigate and resolve cybersecurity incidents- Provide cybersecurity guidance and recommendations to DTMO leadership and technical teams- Support cloud security compliance and ensure adherence to DoD cloud security and computing policies- Coordinate security assessments and penetration testing efforts to evaluate system security posture- Support continuous monitoring activities and ensure compliance with DoD Information Assurance Vulnerability Management (IAVM) requirements- Stay informed on emerging cybersecurity threats and vulnerabilities, recommending mitigation strategies and security improvementsResponsibilitiesSkills and ExperienceThe Cybersecurity SME must have:- Must obtain and maint in a Tier 3 (T3) or higher investigation- 5+ years experience in cybersecurity- Experience implementing and supporting the Risk Management Framework (RMF) and NIST SP 800-37 processes- Knowledge of DoD cybersecurity policies, NIST security controls, and STIG compliance requirements- Experience managing Plans of Action and Milestones (POA&Ms) and supporting security authorization packages- Experience conducting security assessments, vulnerability management, and remediation coordination- Familiarity with security event logging, monitoring tools, and incident response processes- Experience developing and maintaining security documentation, including SSPs, SARs, and RARs- Understanding of continuous monitoring programs and Information Assurance Vulnerability Management (IAVM) requirements- Experience supporting cloud security environments and compliance with DoD cloud security policies- Strong analytical, risk assessment, and problem-solving skills- Ability to collaborate effectively with security teams, system administrators, and federal stakeholders- Strong written and verbal communication skills, including security reporting and technical documentationEducation and CertificationsThe Cybersecurity SME must meet the

Created: 2026-03-25