Knowledge of applicable business processes and operations of customer organizations.

Knowledge of capabilities and requirements analysis.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of information security systems engineering principles.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Skill in conducting capabilities and requirements analysis.

Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.

Consult with customers to evaluate functional requirements.

Define project scope and objectives based on customer requirements.

Translate functional requirements into technical solutions.

Ability to interpret and translate customer requirements into operational capabilities.

Develop and document User Experience (UX) requirements including information architecture and user interface requirements.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge of cryptography and cryptographic key management concepts.

Knowledge of fault tolerance.

Knowledge of how system components are installed, integrated, and optimized.

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).

Knowledge of information technology (IT) architectural concepts and frameworks.

Knowledge of microprocessors.

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge of current and emerging cyber technologies.

Knowledge of operating systems.

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of parallel and distributed computing concepts.

Knowledge of Privacy Impact Assessments.

Knowledge of process engineering concepts.

Knowledge of secure configuration management techniques.

Knowledge of key concepts in security management (e.g., Release Management, Patch Management).

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge of systems testing and evaluation methods.

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge of the systems engineering process.

Skill in applying and incorporating information technologies into proposed solutions.

Skill in applying confidentiality, integrity, and availability principles.

Skill in applying organization-specific systems analysis principles and techniques.

Skill in design modeling and building use cases (e.g., unified modeling language).

Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.

Define baseline security requirements in accordance with applicable guidelines.

Develop and document requirements, capabilities, and constraints for design procedures and processes.

Develop cost estimates for new or modified system(s).

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Integrate and align information security and/or cybersecurity policies to ensure system analysis meets security requirements.

Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements.

Oversee and make recommendations regarding configuration management.

Perform needs analysis to determine opportunities for new and improved business process solutions.

Prepare use cases to justify the need for specific information technology (IT) solutions.

Skill in conducting reviews of systems.

Develop and document supply chain risks for critical system elements, as appropriate.

Knowledge of critical information technology (IT) procurement requirements.

Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of an organization’s information classification program and procedures for information compromise.

Design and document quality standards.

Document a system’s purpose and preliminary system security concept of operations.

Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware).