Galapagos Federal Systems

• Maintain and manage the program project schedule and associated task lists to ensure timely completion of all contract requirements • Track and manage weekly application development activities and change requests, including scope, level of effort, estimated timelines, and projected delivery dates • Develop, maintain, and update the Project Management Plan (PMP) to guide overall program execution and performance • Prepare and submit Monthly Status Reports (MSRs) summarizing activities, accomplishments, issues, and progress for the reporting period • Develop and maintain a monthly POA&M Action Plan to identify and track information system security and privacy weaknesses and associated remediation activities • Utilize DTMO-approved issue tracking systems to manage tasks, incidents, and project-related issues • Develop and implement an IT Management Support Plan to ensure effective coordination of program activities and resources • Create and maintain Standard Operating Procedures (SOPs) to support consistent operations and knowledge transfer • Coordinate with DTMO leadership and stakeholders to monitor program performance, address risks, and ensure contract deliverables are met.

• Coordinate with DMDC to administer all aspects of the Risk Management Framework (RMF) to ensure DTMO systems maintain their Authority to Operate (ATO) • Collaborate with the DTMO Information System Security Manager (ISSM) to maintain and update system security authorization packages • Support the Authorizing Official (AO) and Security Control Assessor (SCA) to ensure compliance with DoD cybersecurity policies and security control requirements • Manage and track Plans of Action and Milestones (POA&Ms), ensuring remediation actions are documented, monitored, and closed in coordination with the ISSM • Participate in security audits, assessments, and authorization activities, providing documentation and technical support • Coordinate with DMDC to monitor and report the security posture of DTMO systems using automated and manual reporting tools • Monitor and analyze security event logs, generate reports, and identify potential risks or anomalous activity • Review vulnerability scan results, recommend remediation strategies, and coordinate implementation of security patches and fixes • Validate implementation of security controls and access control mechanisms to ensure proper protection of DTMO systems • Develop and submit Deviation Requests for authorized exceptions to DoD Security Technical Implementation Guide (STIG) requirements when necessary • Develop and maintain cybersecurity documentation including System Security Plans (SSPs), Security Assessment Reports (SARs), and Risk Assessment Reports (RARs) • Support incident response activities, coordinating with DMDC and DTMO stakeholders to investigate and resolve cybersecurity incidents • Provide cybersecurity guidance and recommendations to DTMO leadership and technical teams • Support cloud security compliance and ensure adherence to DoD cloud security and computing policies • Coordinate security assessments and penetration testing efforts to evaluate system security posture • Support continuous monitoring activities and ensure compliance with DoD Information Assurance Vulnerability Management (IAVM) requirements • Stay informed on emerging cybersecurity threats and vulnerabilities, recommending mitigation strategies and security improvements

• Install, configure, test, deploy, update, and patch DTMO Government Off-The-Shelf (GOTS) and Commercial Off-The-Shelf (COTS) applications on Windows platforms • Troubleshoot application issues and respond to user inquiries, ensuring timely resolution and system availability • Perform routine application maintenance, including reviewing error logs, diagnosing issues, and implementing corrective actions • Configure user access controls and monitor application stability, performance, and security throughout the software life cycle • Support logging and monitoring tools that capture security events and integrate with DMDC-approved monitoring systems • Coordinate with DMDC IT System Administrators to resolve infrastructure-related issues affecting application performance and availability • Provide technical support and guidance to DTMO users, system administrators, and IT leadership • Support external system connectivity, including white listing activities, port and protocol configuration, submission requests, and validation processes • Develop and maintain technical documentation, including network diagrams, standard operating procedures (SOPs), and port and protocol inventories • Support Governance Board processes, including preparation of documentation, change request reviews, level-of-effort estimates, impact assessments, and stakeholder coordination • Participate in disaster recovery testing to ensure restoration of DTMO enterprise services, including the DTMO Passport website • Restore normal operations following incidents, conduct root cause analysis, and apply ITIL best practices for incident and problem management • Monitor production systems and respond to outages within established service-level requirements, including notifying the government IT manager within 10 minutes of detection

• Install, test, deploy, debug, update, and patch DTMO GOTS and COTS applications on Linux platforms • Troubleshoot application concerns and respond to inquiries from application users • Support logging software that captures security events and feeds into DMDC-approved software • Configure user access and monitor system stability and security through the software development life cycle • Coordinate with DMDC IT System Administrators to resolve infrastructure-related issues • Perform application maintenance, review error logs, and resolve reported errors • Provide technical support and guidance to DTMO users and IT managers • Support setting up external connections, whitelisting activities, port and protocols, submission requests, and validations • Ensure application and DTMO Passport website monitoring during core hours (0600 to 2200 Eastern Time, Monday through Friday) and on-call basis for mission-critical incidents at all other times • Coordinate with DMDC to develop and maintain technical documents such as network diagrams, standard operating procedures, and ports and protocols lists • Support Governance Board processes including documentation development, change request review, level of effort estimates, impact assessments, and stakeholder coordination • Coordinate with DMDC to support disaster recovery tests to reinstate DTMO Passport website • Restore normal operation after incidents, prepare root cause analysis, and apply ITIL best practices

• Provide database administration support for Oracle (19c or higher) and Microsoft SQL Server (2014 or higher) environments • Design, develop, modify, test, and manage databases supporting DTMO’s multi-tier enterprise architecture • Monitor, maintain, and optimize database performance, including query tuning and operational optimization • Perform SQL performance tuning and code optimization, including rewriting queries as necessary • Administer and maintain database objects including tables, views, indexes, sequences, clusters, packages, procedures, and triggers • Maintain and fine-tune databases using monitoring tools, utilities, and performance management software • Support database clustering, mirroring, and replication to ensure high availability and system resiliency • Implement and manage application deployments, database upgrades, and patching for DTMO enterprise systems • Support and maintain database tools such as SQL Server Integration Services (SSIS) and other ETL or integration technologies • Facilitate data integration with external systems and data sources to enable ingestion into DTMO databases • Perform data purging and retention activities in accordance with Department of Defense policies and DTMO guidelines • Conduct data refresh and data scrubbing activities across designated environments and regions • Monitor disk usage, storage capacity, and database growth trends, providing recommendations for capacity planning • Plan and implement database security controls, including access management and enforcement of database constraints to ensure data integrity • Coordinate with Defense Manpower Data Center (DMDC) to analyze and implement data security standards and storage security requirements • Collaborate with DMDC to analyze database scalability and storage performance • Support backup, recovery, and disaster recovery operations, including quarterly validation of backup processes and documentation in Monthly Status Reports • Assist in the development and maintenance of Information System Contingency Plans (ISCP) and Business Impact Analyses (BIA) for supported systems • Support Continuity of Operations (COOP) exercises annually to ensure operational availability of DTMO enterprise services such as the DTMO Passport website • Conduct semi-annual reviews of Standard Operating Procedures (SOPs) to ensure documentation accuracy and operational compliance • Maintain comprehensive technical documentation, database standards, and operational procedures • Provide operational monitoring during core support hours (0600–2200 ET, Monday–Friday) and participate in on-call support for mission-critical incidents outside of standard hours

• Maintain and enhance existing application components, including 4th generation language (4GL) code such as Oracle Forms, Reports, and JavaScript. • Develop, test, and maintain application functionality during quarterly Agile sprints, supporting bug fixes, emergency priority requirements, and minor system enhancements. • Conduct code reviews at key development milestones (50%, 75%, and 90% completion) to ensure code quality and maintainability. • Apply secure coding best practices, including adherence to OWASP principles and DoD Application Security and Development (ASD) STIG requirements. • Design, maintain, and automate system interfaces and data exchange processes between the core application and internal or external interfacing systems. • Support approximately 300 annual data exchanges using Secure File Transfer Protocol (SFTP) and implement modernized data exchange mechanisms such as API-based integrations. • Develop reusable integration processes to connect with data sources across multiple cloud infrastructures and incorporate them into the enterprise architecture. • Integrate application functionality with DoD and Service-level systems to support enterprise interoperability. • Support the migration and deployment of applications to Cloud Service Providers (CSPs) in compliance with the DoD Cloud Computing Security Requirements Guide (SRG). • Assist with modernizing the existing monolithic application architecture toward micro front end and micro services based solutions. • Develop cloud-native application components and micro services supporting ongoing system modernization initiatives. • Contribute to the development of an enterprise system architecture roadmap supporting modernization efforts through 2030 and beyond. • Implement user interface and user experience improvements as part of application modernization activities. • Develop and execute unit testing and automated test cases, ensuring functionality meets performance and quality requirements. • Integrate automated tests into DevSecOps CI/CD pipelines prior to deployment authorization. • Participate in System Testing, User Acceptance Testing (UAT), interface testing, and regression testing for system releases and updates. • Perform application security scans using tools such as Fortify and Sonatype, and re-mediate vulnerabilities in accordance with Cyber Hardening Policies.

• Design, develop, and maintain ETL data pipelines supporting daily data transfers between the core application and the Enhanced Reporting Capability (ERC) module. • Perform secure data exchanges using SFTP between internal and external interfacing systems, supporting up to 300 data exchanges annually • Develop, maintain, and automate system interfaces and data transfer processes, including implementation of modern API-based data exchanges • Build reusable processes to connect to multiple data sources across cloud environments and integrate them into the enterprise architecture • Provide data management and governance services, including data ingestion, validation, storage, management, and quality assurance in accordance with Government-approved standards • Create data flow diagrams, perform data standardization, and support enterprise data modeling activities • Manage incoming data streams and develop mechanisms that allow users and applications to modify, access, and extract data efficiently • Identify, analyze, and resolve data quality issues, and design and implement automated data quality monitoring and control mechanisms • Conduct ongoing data quality analysis, documentation, and reporting to assess overall data health and integrity • Develop and maintain data quality dashboards and reports, including system metrics and validation checks between system data and interfacing Service systems • Automate data anomaly detection and monitoring to proactively identify inconsistencies or errors • Support database performance optimization, data recovery, and system integrity, including configuration and maintenance of database instances • Modify database structures to support application modernization efforts, including database migrations, conversions, and schema updates • Manage the migration of program updates, database changes, reference data, and configuration changes across the development lifecycle • Generate transaction analysis reports for external interfaces, including data exchange volumes, error rates, and issue tracking • Support enhanced reporting capabilities that enable congressionally mandated reporting, trend analysis, data validation, and ad hoc reporting requests • Develop business intelligence (BI) reports and dashboards as requested by the DHRA Data Governance Board and DMDC Data Stewardship Council • Integrate data from additional DoD environments such as Advana and Oracle Cloud Infrastructure (OCI) to support enterprise reporting initiatives

• Design, plan, and manage comprehensive technology test and exercise events to validate, mature, and transition innovations developed by small businesses • Translate warfighter and mission needs into clear, measurable objectives, success criteria, and evaluation frameworks for technical demonstrations • Lead end-to-end planning and execution of technology demonstrations, exercises, and assessments, ensuring alignment with operational goals, schedules, and program milestones • Oversee exercise logistics, coordination, and risk management to ensure successful execution within time and resource constraints • Serve as the primary liaison among SpaceWERX, small business performers, and external stakeholders, including Space Force program offices, Combatant Commands, and other DoD organizations • Assess small business technical capabilities and technology readiness, identifying alignment with DoD and Space Force mission gaps • Coordinate across government, industry, and commercial partners to secure participation, align objectives, and optimize use of resources • Facilitate collaboration to ensure shared understanding of requirements, expectations, and transition pathways • Analyze and document exercise outcomes to inform technology transition decisions, investment priorities, and acquisition strategies • Develop clear, data-driven reports, briefings, and transition recommendations for senior leaders, program offices, and acquisition authorities • Support alignment of SBIR/STTR investments with SpaceWERX and Space Force strategic priorities to increase the likelihood of transition into programs of record • Identify and recommend pathways to accelerate successful technologies from prototype to operational use • Build and sustain a collaborative innovation ecosystem of small businesses, acquisition professionals, test organizations, and operational end users • Lead initiatives that reduce technical and programmatic risk while enhancing commercial viability and operational relevance • Promote delivery of dual-use technologies that support both national security missions and commercial markets