Systems Security Analyst
Responsible for analysis and development of systems/software security through the product lifecycle to include integration, testing, operations and maintenance.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
3C | Skill in recognizing vulnerabilities in information and/or data systems. |
Skill |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
25 | Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]). |
Knowledge |
27A | Knowledge of cryptology. |
Knowledge |
34 | Knowledge of database systems. |
Knowledge |
51 | Knowledge of how system components are installed, integrated, and optimized. |
Knowledge |
58 | Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
70 | Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
82A | Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs. |
Knowledge |
90 | Knowledge of operating systems. |
Knowledge |
92 | Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
109A | Knowledge of configuration management techniques. |
Knowledge |
110A | Knowledge of security management. |
Knowledge |
111 | Knowledge of security system design tools, methods, and techniques. |
Knowledge |
130A | Knowledge of systems security testing and evaluation methods. |
Knowledge |
144 | Knowledge of the systems engineering process. |
Knowledge |
177B | Knowledge of countermeasures for identified security risks. |
Knowledge |
179A | Skill in assessing security controls based on cybersecurity principles and tenets. |
Skill |
183 | Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes. |
Skill |
191 | Skill in developing and applying security system access controls. |
Skill |
199 | Skill in evaluating the adequacy of security designs. |
Skill |
420 | Apply security policies to meet security objectives of the system. |
Task |
421 | Apply service oriented security architecture principles to meet organization’s confidentiality, integrity, and availability requirements. |
Task |
559A | Analyze and report organizational security posture trends. |
Task |
559B | Analyze and report system security posture trends. |
Task |
571 | Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. |
Task |
572 | Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment. |
Task |
576 | Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. |
Task |
593A | Assess adequate access controls based on principles of least privilege and need-to-know. |
Task |
653B | Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk. |
Task |
660 | Implement specific cybersecurity countermeasures for systems and/or applications. |
Task |
661A | Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. |
Task |
671 | Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system. |
Task |
710 | Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements. |
Task |
717A | Assess and monitor cybersecurity related to system implementation and testing practices. |
Task |
729A | Verify minimum security requirements are in place for all applications. |
Task |
754 | Perform cybersecurity testing of developed applications and/or systems. |
Task |
765 | Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. |
Task |
806A | Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. |
Task |
806 | Provide cybersecurity guidance to leadership. |
Task |
809 | Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). |
Task |
876 | Verify and update security documentation reflecting the application/system security design features. |
Task |
880A | Work with stakeholders to resolve computer security incidents and vulnerability compliance. |
Task |
922A | Knowledge of how to use network analysis tools to identify vulnerabilities. |
Knowledge |
936 | Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers). |
Task |
938A | Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. |
Task |
1006 | Create auditable evidence of security measures. |
Task |
1034A | Knowledge of Personally Identifiable Information (PII) data security standards. |
Knowledge |
1037A | Knowledge of information technology (IT) risk management policies, requirements, and procedures. |
Knowledge |
1039B | Knowledge of how to evaluate the trustworthiness of the supplier and/or product. |
Knowledge |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1073 | Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. |
Knowledge |
1135 | Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing). |
Knowledge |
1138A | Knowledge of developing and applying user credential management system. |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
2054 | Assess the effectiveness of security controls. |
Task |
3642 | Knowledge of various types of computer architectures. |
Knowledge |
5050 | Assess all the configuration management (change configuration/release management) processes. |
Task |
5928 | Identify, define, and document system security requirements and recommend solutions to management. |
Task |
5929 | Install software that monitors systems and networks for security breaches and intrusions. |
Task |
5930 | Educate and train staff on information system security best practices. |
Task |
5931 | Select and use appropriate security testing tools. |
Task |
5932 | Select and use appropriate secure coding standards and analyze code for common weaknesses, vulnerabilities, and hardening against common attack patterns. |
Task |
6140 | Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues. |
Ability |
6210 | Knowledge of cloud service models and possible limitations for an incident response. |
Knowledge |
6240 | Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE). |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
6935 | * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). |
Knowledge |
6938 | * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. |
Knowledge |
7079 | Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems. |
Knowledge |
7080 | Knowledge of database security. |
Knowledge |
7081 | Knowledge of vulnerabilities of various encryption systems. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
21 | Knowledge of computer algorithms. |
Knowledge |
43A | Knowledge of embedded systems. |
Knowledge |
52 | Knowledge of human-computer interaction principles. |
Knowledge |
94 | Knowledge of parallel and distributed computing concepts. |
Knowledge |
119 | Knowledge of software engineering. |
Knowledge |
133 | Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers). |
Knowledge |
160A | Skill in assessing security systems designs. |
Skill |
180 | Skill in designing the integration of hardware and software solutions. |
Skill |
238A | Skill in writing code in a currently supported programming language (e.g., Java, C++). |
Skill |
417 | Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews. |
Task |
419 | Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications. |
Task |
525A | Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements. |
Task |
602 | Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration. |
Task |
670A | Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment. |
Task |
782 | Plan and recommend modifications or adjustments based on exercise results or system environment. |
Task |
795 | Properly document all systems security implementation, operations and maintenance activities and update as necessary. |
Task |
1034C | Knowledge of Personal Health Information (PHI) data security standards. |
Knowledge |
1034B | Knowledge of Payment Card Industry (PCI) data security standards. |
Knowledge |
1040A | Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. |
Knowledge |
1132A | Knowledge of information technology (IT) service catalogues. |
Knowledge |
1133 | Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
1139A | Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. |
Knowledge |
1142 | Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
6918 | Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments. |
Ability |
7082 | Ability to implement Zero Trust security in DoD Systems/Software. |
Ability |