Cybersecurity, SME

Overview

Job Summary

Galapagos Federal Systems LLC is seeking a qualified and motivated individual to serve as a Cybersecurity Subject Matter Expert (SME) supporting the Defense Travel Management Office (DTMO). This role provides the opportunity to work with a collaborative team supporting mission-critical enterprise systems.

The Cybersecurity SME provides cybersecurity oversight for the DTMO Enterprise Infrastructure in accordance with the Risk Management Framework (RMF), NIST SP 800-37, and DoD cybersecurity requirements. The position is responsible for maintaining the system of Authority to Operate (ATO) by managing RMF activities, supporting security assessments, and coordinating vulnerability remediation.

The SME works closely with DMDC, the DTMO Information System Security Manager (ISSM), Authorizing Official (AO), and Security Control Assessor (SCA) to maintain system security posture, manage Plans of Action and Milestones (POA&Ms), and ensure compliance with DoD cybersecurity policies. Responsibilities also include monitoring security events, supporting incident response, and providing cybersecurity guidance to DTMO leadership and technical teams while ensuring compliance with DoD cloud security requirements.

Key Responsibilities

The Cybersecurity SME will:

• Coordinate with DMDC to administer all aspects of the Risk Management Framework (RMF) to ensure DTMO systems maintain their Authority to Operate (ATO)
• Collaborate with the DTMO Information System Security Manager (ISSM) to maintain and update system security authorization packages
• Support the Authorizing Official (AO) and Security Control Assessor (SCA) to ensure compliance with DoD cybersecurity policies and security control requirements
• Manage and track Plans of Action and Milestones (POA&Ms), ensuring remediation actions are documented, monitored, and closed in coordination with the ISSM
• Participate in security audits, assessments, and authorization activities, providing documentation and technical support
• Coordinate with DMDC to monitor and report the security posture of DTMO systems using automated and manual reporting tools
• Monitor and analyze security event logs, generate reports, and identify potential risks or anomalous activity
• Review vulnerability scan results, recommend remediation strategies, and coordinate implementation of security patches and fixes
• Validate implementation of security controls and access control mechanisms to ensure proper protection of DTMO systems
• Develop and submit Deviation Requests for authorized exceptions to DoD Security Technical Implementation Guide (STIG) requirements when necessary
• Develop and maintain cybersecurity documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessment Reports (RARs)
• Support incident response activities, coordinating with DMDC and DTMO stakeholders to investigate and resolve cybersecurity incidents
• Provide cybersecurity guidance and recommendations to DTMO leadership and technical teams
• Support cloud security compliance and ensure adherence to DoD cloud security and computing policies
• Coordinate security assessments and penetration testing efforts to evaluate system security posture
• Support continuous monitoring activities and ensure compliance with DoD Information Assurance Vulnerability Management (IAVM) requirements
• Stay informed on emerging cybersecurity threats and vulnerabilities, recommending mitigation strategies and security improvements

Responsibilities

Skills and Experience

The Cybersecurity SME must have:

• Experience implementing and supporting the Risk Management Framework (RMF) and NIST SP 800-37 processes
• Knowledge of DoD cybersecurity policies, NIST security controls, and STIG compliance requirements
• Experience managing Plans of Action and Milestones (POA&Ms) and supporting security authorization packages
• Experience conducting security assessments, vulnerability management, and remediation coordination
• Familiarity with security event logging, monitoring tools, and incident response processes
• Experience developing and maintaining security documentation, including SSPs, SARs, and RARs
• Understanding of continuous monitoring programs and Information Assurance Vulnerability Management (IAVM) requirements
• Experience supporting cloud security environments and compliance with DoD cloud security policies
• Strong analytical, risk assessment, and problem-solving skills
• Ability to collaborate effectively with security teams, system administrators, and federal stakeholders
• Strong written and verbal communication skills, including security reporting and technical documentation

Education and Certifications

The Cybersecurity SME must meet the following:

Required

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field or Certified Information Systems Security Professional (CISSP) certification
• Microsoft Certified Solutions Expert (MCSE) Cloud Platform and Infrastructure, AWS Certified Solutions Architect, Red Hat Certified System Administrator in Red Hat OpenStack, or equivalent

Preferred

• Master's degree in a related discipline
• CompTIA Security+

Benefits

• Medical, dental, vision, disability, and life insurance
• Flexible Spending Accounts
• 401(k)
• PTO
• Paid Parental Leave
• Tuition reimbursement
• Paid federal holidays

Security Clearance

A high-level Department of Defense active security clearance is/may be required. Applicants selected will be subject to a security investigation and may need to meet eligibility requirements for access to government information.

Physical Requirements

Work may involve sitting or standing for extended periods of time and typing and reading from a computer screen. The candidate must have enough mobility, including bending, reaching, and kneeling, to complete daily duties in a prompt and efficient manner, and that may include lifting up to thirty pounds, as necessary.

Company Summary

Headquartered in Hawaii, Galapagos Federal Systems, LLC, is an SBA-Certified NHO-owned 8(a) Small Business specializing in global information technology solutions. We deliver professional services in IT Design & Installation, Cybersecurity Engineering & Support, Application Integration & Development, Software & Hardware Engineering, Network & Systems Management, Information Systems Security, and Business Management Services.

Leveraging over 30 years of providing IT services to the federal & commercial market with projects found around the world, our team has innovative expertise in the development of a wide range of technological solutions. Galapagos Federal Systems, LLC is an equal opportunity employer.

Our service commitment is simple - "Quality IT Solutions... On Time & On Budget."

Company Employment Statement

Galapagos Federal Systems, LLC reserves the right to change or modify job duties and assignments at any time. The above job description is not all encompassing as positions, functions, and qualifications may vary depending on business needs. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Galapagos Federal Systems, LLC is an equal opportunity employer and does not discriminate against applicants based on race, color, creed, religion, medical condition, legally protected genetic information, national origin, sex (including pregnancy, childbirth, or related medical condition), sexual orientation, gender identity and expression, age, disability, or Vietnam era, or other eligible veteran status or legally protected characteristics.

Posted Salary Range

USD $135,000.00 - USD $163,000.00 /Yr.