* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to build, implement, and maintain distributed sensor grid.

Ability to characterize network traffic for trends and patterns.

Ability to configure and place distributed sensor grid

Ability to coordinate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decision-making authorities

Ability to create rule sets within an Intrusion Detection System (IDS).

Ability to create rules/alerts for traffic validation.

Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Ability to implement network TAP configuration

Ability to implement sensors according to sensor plan

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process and establishing multiple source

Ability to organize policy standards to insure procedures and guidelines comply with cybersecurity policies.

Ability to setup Serial and Ethernet interfaces.

Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.

Ability to test tools within sensor grid.

Ability to track the location and configuration of networked devices and software across departments, locations, facilities and potentially supporting business functions.

Ability to troubleshoot computer software and hardware issues, make repairs, and schedule updates.

Ability to use and/or integrate a Security Information and Event Management (SIEM) platform.

Knowledge of active directory federated services.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).

Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).

Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

Knowledge of long haul circuits.

Knowledge of Network OSs.

Knowledge of network systems management methods including end-to-end systems performance monitoring.

Knowledge of non-Active Directory domains (e.g. IDM, LDAP).

Knowledge of principles and methods for integrating system and network components.

Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.

Knowledge of routing protocols such as RIPv1/v2, OSPF, IGRP, and EIGRP

Knowledge of Security Technical Implementation Guide (STIG)

Knowledge of stream providers (e.g. KAFKA).

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of transmission capabilities (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)).

Knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN, and routing protocols

Knowledge of web applications and their common attack vectors.

Skill in applying STIG upgrades

Skill in cable management and organization

Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).

Skill in implementing DHCP and DNS

Skill in router IOS backup, recovery, and upgrade.

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Assess exploited systems’ potential to provide additional access, target development information, intelligence and/or covert infrastructure.

Consult with customers about network system design and maintenance.

Design countermeasures and mitigations against potential weaknesses and vulnerabilities in system and elements.

Design, develop, and modify network systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Detect exploits against networks and hosts and react accordingly (Does not apply to Red Team Interactive Operators).

Diagnose network connectivity problems.

Engage customers to understand their expectations and wants.

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Identify optimal locations for network sensor placement to collect on targeted devices.

Implement and enforce DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Maintain Operational, technical, and authoritative situational awareness during effects-based operations

Notify designated mission leadership or applicable team members of any suspected cyber incident.

Provide and maintain documentation for TTPs as inputs to training programs.

Provide feedback for RFI generation.

Repair network connectivity problems.