Skill in recognizing vulnerabilities in information and/or data systems.

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of database systems.

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of systems testing and evaluation methods.

Knowledge of systems security testing and evaluation methods.

Knowledge of the operations and processes for incident, problem, and event management.

Knowledge of the systems engineering process.

Skill in developing operations-based testing scenarios.

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Analyze the results of software, hardware, or interoperability testing.

Apply security policies to meet security objectives of the system.

Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Conduct functional and connectivity testing to ensure continuing operability.

Analyze and report system security posture trends.

Employ secure configuration management processes.

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Oversee and make recommendations regarding configuration management.

Verify minimum security requirements are in place for all applications.

Perform cybersecurity testing of developed applications and/or systems.

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Assess the effectiveness of security controls.

Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Work with designers and developers thru out the design, development and testing process.

Choose and deploy the appropriate automated application security testing tools.

Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats.

Work with Security Engineers to ensure that all security threats are dealt with during the development phase.

Work with Automation tools are used to identify the vulnerabilities.

Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline.

Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc.

Develop code within a CI/CD Pipeline.

Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework.

Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing.

Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes.

Provide DevSecOps guidance to leadership.

Work closely with development teams to provide and support the environment needed to deliver an organization’s services.

Ability to develop curriculum for use within a virtual environment.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of programming languages.

Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools.

Knowledge of portable, extensible, open source platform for managing containerized workloads and services.

Knowledge of cloud hosting providers.

Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats.

Knowledge of how security impacts each development phase and the services.

Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes.

Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility.

Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance.

Knowledge of computer algorithms.

Knowledge of encryption algorithms.

Knowledge of cryptology.

Knowledge of statistics.

Knowledge of parallel and distributed computing concepts.

Skill in systems integration testing.

Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Assess and monitor cybersecurity related to system implementation and testing practices.

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Verify and update security documentation reflecting the application/system security design features.

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge of various types of computer architectures.

Assess all the configuration management (change configuration/release management) processes.

Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment.

Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution.

Build test interfaces and perform complex integration.

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Knowledge of capabilities and requirements analysis.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of programming language structures and logic.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Skill in applying and incorporating information technologies into proposed solutions.

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Research and evaluate available technologies and standards to meet customer requirements.

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Design and prototype user interfaces.

Create prototypes, wireframes, and storyboards based on customer requirements.

Ensure proper integration of the user interface with back-end functionality.

Create style guides and unified approach (libraries, visual languages, etc) to the product.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of end to end product development processes.

Skill in using industry-standard design and prototyping tools.

Knowledge of design thinking processes.

Knowledge of digital rights management.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of operating systems.

Knowledge of technology integration processes.

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Provide advice on project costs, design concepts, or design changes.

Research and evaluate available technologies and standards to meet customer requirements.

Lead integrated design team to achieve a finished product.

Create style guides and unified approach (libraries, visual languages, etc) to the product.

Knowledge of capabilities and requirements analysis.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of systems testing and evaluation methods.

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Define project scope and objectives based on customer requirements.

Provide advice on project costs, design concepts, or design changes.

Provide ongoing optimization and problem solving support.

Manage the translation of functional requirements into technical solutions.

Ability to interpret and translate customer requirements into operational capabilities.

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Coordinate and manage the overall service provided to a customer end-to-end.

Orchestrate the various activities associated with ensuring that a product is delivered that meets users’ needs.

Create integrated vision, roadmaps, and strategies to enable product delivery.

Manage product releases.

Manage dependencies and risks.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Skill in conducting strategy development and implementation.

Skill in leading and managing multiple teams simultaneously.

Knowledge of end to end product development processes.

Knowledge of applicable business processes and operations of customer organizations.

Knowledge of digital rights management.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge of operating systems.

Knowledge of systems security testing and evaluation methods.

Skill in determining an appropriate level of test rigor for a given system.

Skill in developing operations-based testing scenarios.

Skill in systems integration testing.

Knowledge of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Develop and maintain strategic plans.

Develop cost estimates for new or modified system(s).

Lead and oversee budget, staffing, and contracting.

Perform needs analysis to determine opportunities for new and improved business process solutions.

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge of current and emerging threats/threat vectors.

Skill in performing root cause analysis.

Participate in the acquisition process as necessary.

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge of staff management, assignment, and allocation processes.

Gather feedback on customer satisfaction and internal service performance to foster continual improvement.

Work with other service managers and product owners to balance and prioritize services to meet overall customer requirements, constraints, and objectives.

Skill in conducting market and user research.

Knowledge of capabilities and requirements analysis.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Consult with customers to evaluate functional requirements.

Provide advice on project costs, design concepts, or design changes.

Provide recommendations for possible improvements and upgrades.

Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

Research and evaluate available technologies and standards to meet customer requirements.

Develop and document User Experience (UX) requirements including information architecture and user interface requirements.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Coordinate and manage the overall service provided to a customer end-to-end.

Plan and conduct user research and competitor analysis.

Determine information architecture and create sitemaps.

Conduct usability testing.

Conduct qualitative and quantitative research and analysis.

Work with users as a human factors liaison to determine user needs/requirements, manage user expectations, perform analysis, and demonstrate commitment to delivering quality results.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Skill in using industry-standard design and prototyping tools.

Skill in interpreting data and feedback.

Skill in operating UX tools and methods.

Knowledge of developing user-centered conceptual and logical designs.

Knowledge of usability standards and application of usability standards.

Knowledge of user centered design principles.

Knowledge of usability testing.

Knowledge of digital rights management.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of complex data structures.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of computer programming principles such as object-oriented design.

Knowledge of cybersecurity principles and methods that apply to software development.

Knowledge of operating systems.

Knowledge of penetration testing principles, tools, and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Knowledge of programming language structures and logic.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of software debugging principles.

Knowledge of software design tools, methods, and techniques.

Knowledge of software development models, methodologies, and practices (Waterfall Model, Spiral, Agile, DevSecOps).

Knowledge of software engineering.

Knowledge of structured analysis principles and methods.

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.

Knowledge of web services, including service-oriented architecture, Simple Object Access Protocol, and web service description language.

Skill in conducting software debugging.

Skill in creating programs that validate and process multiple inputs including command line arguments, environmental variables, and input streams.

Skill in developing applications that can log and handle errors, exceptions, and application faults and logging.

Knowledge of development and application of security system access controls.

Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.

Apply secure code documentation.

Capture security controls used during the requirements phase to integrate security within the process, to identify key security objectives, and to maximize software security while minimizing disruption to plans and schedules.

Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program.

Conduct trial runs of programs and software applications to ensure the desired information is produced and instructions and security levels are correct.

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Consult with engineering staff to evaluate interface between hardware and software.

Correct errors by making appropriate changes and rechecking the program to ensure desired results are produced.

Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Develop software system testing and validation procedures, programming, and documentation.

Develop secure code and error handling.

Identify basic common coding flaws at a high level.

Modify and maintain existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance.

Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.

Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language.

Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.

Knowledge of interpreted and compiled computer languages.

Skill in applying secure coding techniques.

Knowledge of secure coding techniques.

Knowledge of software related information technology (IT) security principles and methods (e.g., modularization, layering, abstraction, data hiding, simplicity/minimization).

Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.

Skill in using code analysis tools.

Ability to develop secure software according to secure software deployment methodologies, tools, and practices.

Identify and leverage the enterprise-wide version control system while designing and developing secure applications.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Direct software programming and development of documentation.

Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Knowledge of organization’s enterprise information security architecture system.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of embedded systems.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of local area and wide area networking principles and concepts including bandwidth management.

Knowledge of low-level computer languages (e.g., assembly languages).

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of Privacy Impact Assessments.

Knowledge of secure configuration management techniques.

Skill in creating and utilizing mathematical or statistical models.

Skill in designing countermeasures to identified security risks.

Skill in discerning the protection needs (i.e., security controls) of information systems and networks.

Develop software system testing and validation procedures, programming, and documentation.

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Identify security implications and apply methodologies within centralized and decentralized environments across the enterprises computer systems in software development.

Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.

Perform integrated quality assurance testing for security functionality and resiliency attack.

Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Determine and document software patches or the extent of releases that would leave software vulnerable.

Knowledge of software quality assurance process.

Knowledge of root cause analysis techniques.

Knowledge of supply chain risk management standards, processes, and practices.

Skill in performing root cause analysis.

Skill in secure test plan design (e. g. unit, integration, system, acceptance).

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

Enable applications with public keying by leveraging existing public key infrastructure (PKI) libraries and incorporating certificate management and encryption functionalities when appropriate.

Identify and leverage the enterprise-wide security services while designing and developing secure applications (e.g., Enterprise PKI, Federated Identity server, Enterprise AV solution) when appropriate.

Consult with customers about software system design and maintenance.

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Ability to use and understand complex mathematical concepts (e.g., discrete math).

Skill in managing user relationships, including determining user needs/requirements, managing user expectations, and demonstrating commitment to delivering quality results.

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability to determine the best cloud deployment model for the appropriate operating environment.

Skill in designing or implementing cloud computing deployment models.

Skill in migrating workloads to, from, and among the different cloud computing service models.

Knowledge of planning for long-term maintainability using architectural structures, viewpoints, styles, design decisions and frameworks, and the underlying data structures.

Knowledge of capabilities and requirements analysis.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of systems testing and evaluation methods.

Knowledge of systems security testing and evaluation methods.

Knowledge of the systems engineering process.

Skill in conducting test events.

Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).

Skill in determining an appropriate level of test rigor for a given system.

Skill in developing operations-based testing scenarios.

Skill in systems integration testing.

Skill in writing test plans.

Analyze the results of software, hardware, or interoperability testing.

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Conduct functional and connectivity testing to ensure continuing operability.

Determine level of assurance of developed capabilities based on test results.

Develop software system testing and validation procedures, programming, and documentation.

Develop test plans to address specifications and requirements.

Make recommendations based on test results.

Perform developmental testing on systems under development.

Perform interoperability testing on systems exchanging electronic information with other systems.

Perform operational testing.

Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Record and manage test data.

Skill in evaluating test plans for applicability and completeness.

Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.

Knowledge of root cause analysis techniques.

Skill in secure test plan design (e. g. unit, integration, system, acceptance).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Validate specifications and requirements for testability.

Create or customize existing Test and Evaluation Master Plans (TEMPs) for systems.

Develop possible solutions for technical risks and limitations of planned tests.

Report test and evaluation deficiencies and possible solutions to appropriate personnel.

Test components to ensure they work as intended in a variety of scenarios for all aspects of the application.

Conduct automated testing for acceptance testing, functional testing, integration testing, interoperability testing, load/stress testing, performance testing, regression testing, and unit testing.

Develop and maintain a tool framework for automated test and evaluation.

Evaluate reliability, availability, and maintainability data.

Assess the system’s effectiveness and suitability for meeting user need and based on test and evaluation results.

Ability to analyze test data.

Ability to collect, verify, and validate test data.

Ability to translate data and test results into evaluative conclusions.

Knowledge of Test & Evaluation processes.

Skill in designing and documenting overall program Test & Evaluation strategies.

Skill in preparing Test & Evaluation reports.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of security risks, threats, and vulnerabilities and potential risk mitigation solutions.

Knowledge of Test & Evaluation frameworks.

Knowledge of best practices from industry and academia in test design activities for verification and validation of systems.

Knowledge of how software solutions integrate with cloud or other IT infrastructure.

Knowledge of testing, evaluation, validation, and verification (T&E V&V) tools and procedures to ensure systems are working as intended.

Skill in translating operation requirements for systems into testing requirements.

Knowledge of software environments (e.g., development, testing, integration, production, etc.) and appropriate T&E application in those environments.

Ability to construct, maintain, and conduct testing in various test environments.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of the Security Assessment and Authorization process.

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of network hardware devices and functions.

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Administer test bed(s), and test and evaluate applications, hardware infrastructure, rules/signatures, access controls, and configurations of platforms managed by service provider(s).

Build, assess, and modify product prototypes using working models or theoretical models.

Utilize models and simulations to analyze or predict system performance under different operating conditions.

Knowledge of interpreted and compiled computer languages.

Knowledge of organization’s risk tolerance and/or risk management approach.

Skill in performing root cause analysis.

Provide quality assurance of software products throughout their lifecycle.

Perform usability surveys on operators/users of the system.

Integrate digital engineering models and data into test designs.

Skill in conducting Test Readiness Reviews.

Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.

Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.

Skill in providing Test & Evaluation resource estimate.

Knowledge of coding and scripting in languages that support software development and use.

Knowledge of current test standards and safety standards that are applicable to software development.

Knowledge of how to automate development, testing, security, and deployment of software to the DoD.

Knowledge of interactions and integration of DataOps, MLOps, and DevSecOps solution.

Knowledge of laws, regulations, and policies related to software development, cybersecurity, data security/privacy, and use of publicly procured data for government.

Skill in integrating software Test & Evaluation frameworks into test strategies for specific projects.

Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

Ability to evaluate user training and documentation update processes.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software.

Knowledge of cybersecurity principles and methods that apply to software development.

Ability to build architectures and frameworks.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of software debugging principles.

Knowledge of software design tools, methods, and techniques.

Knowledge of software development models, methodologies, and practices (Waterfall Model, Spiral, Agile, DevSecOps).

Knowledge of software engineering.

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.

Skill in configuring and optimizing software.

Skill in designing the integration of hardware and software solutions.

Analyze user needs and requirements to plan architecture.

Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.

Consult with engineering staff to evaluate interface between hardware and software.

Develop enterprise architecture or system components required to meet user needs.

Document and update as necessary all definition and architecture activities.

Prepare detailed workflow charts, models, and diagrams that describe input, output, and logical operation.

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Leverage enterprise-wide version control system while designing and developing secure applications.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Consult with customers about software system design and maintenance.

Direct software programming and development of documentation.

Provide Cloud and Cloud Security guidance to leadership.

Develop a company’s cloud computing strategy.

Develop and implements cloud strategies.

Convert the technical requirements of a project into the architecture and design that will guide the final product.

Knowledge of cloud service models and possible limitations for an incident response.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of both cloud computing and how it is applied in a variety of industries.

Knowledge of organization’s enterprise information security architecture system.

Knowledge of enterprise messaging systems and associated software.

Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, and statistics.

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge of integrating the organization’s goals and objectives into the architecture.

Analyze the results of software, hardware, or interoperability testing.

Analyze security needs and software requirements to determine feasibility of design within time and cost constraints and security mandates.

Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Knowledge of use cases related to collaboration and content synchronization across platforms (e.g., Mobile, PC, Cloud).

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Ability to use and understand complex mathematical concepts (e.g., discrete math).

Skill in recognizing vulnerabilities in information and/or data systems.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge of cryptology.

Knowledge of database systems.

Knowledge of embedded systems.

Knowledge of how system components are installed, integrated, and optimized.

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge of operating systems.

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of configuration management techniques.

Knowledge of security management.

Knowledge of security system design tools, methods, and techniques.

Knowledge of software engineering.

Knowledge of systems security testing and evaluation methods.

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge of the systems engineering process.

Skill in assessing security systems designs.

Knowledge of countermeasures for identified security risks.

Skill in assessing security controls based on cybersecurity principles and tenets.

Skill in designing the integration of hardware and software solutions.

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill in developing and applying security system access controls.

Skill in evaluating the adequacy of security designs.

Apply security policies to meet security objectives of the system.

Apply service oriented security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.

Analyze and report system security posture trends.

Analyze and report organizational security posture trends.

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Assess adequate access controls based on principles of least privilege and need-to-know.

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Implement specific cybersecurity countermeasures for systems and/or applications.

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.

Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements.

Assess and monitor cybersecurity related to system implementation and testing practices.

Verify minimum security requirements are in place for all applications.

Perform cybersecurity testing of developed applications and/or systems.

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Plan and recommend modifications or adjustments based on exercise results or system environment.

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Provide cybersecurity guidance to leadership.

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Verify and update security documentation reflecting the application/system security design features.

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Knowledge of how to use network analysis tools to identify vulnerabilities.

Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Create auditable evidence of security measures.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge of how to evaluate the trustworthiness of the supplier and/or product.

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Knowledge of developing and applying user credential management system.

Knowledge of an organization’s information classification program and procedures for information compromise.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Assess the effectiveness of security controls.

Knowledge of various types of computer architectures.

Assess all the configuration management (change configuration/release management) processes.

Install software that monitors systems and networks for security breaches and intrusions.

Educate and train staff on information system security best practices.

Select and use appropriate security testing tools.

Select and use appropriate secure coding standards and analyze code for common weaknesses, vulnerabilities, and hardening against common attack patterns.

Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.

Knowledge of database security.

Knowledge of vulnerabilities of various encryption systems.

Knowledge of computer algorithms.

Knowledge of human-computer interaction principles.

Knowledge of parallel and distributed computing concepts.

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.

Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Create auditable evidence of security measures.

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge of information technology (IT) service catalogues.

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability to implement Zero Trust security in DoD Systems/Software.