Skill in recognizing vulnerabilities in information and/or data systems.

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of database systems.

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of systems testing and evaluation methods.

Knowledge of systems security testing and evaluation methods.

Knowledge of the operations and processes for incident, problem, and event management.

Knowledge of the systems engineering process.

Skill in developing operations-based testing scenarios.

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Analyze the results of software, hardware, or interoperability testing.

Apply security policies to meet security objectives of the system.

Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Conduct functional and connectivity testing to ensure continuing operability.

Analyze and report system security posture trends.

Employ secure configuration management processes.

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Oversee and make recommendations regarding configuration management.

Verify minimum security requirements are in place for all applications.

Perform cybersecurity testing of developed applications and/or systems.

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Assess the effectiveness of security controls.

Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results.

Work with designers and developers thru out the design, development and testing process.

Choose and deploy the appropriate automated application security testing tools.

Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats.

Work with Security Engineers to ensure that all security threats are dealt with during the development phase.

Work with Automation tools are used to identify the vulnerabilities.

Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline.

Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc.

Develop code within a CI/CD Pipeline.

Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework.

Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing.

Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes.

Provide DevSecOps guidance to leadership.

Work closely with development teams to provide and support the environment needed to deliver an organization’s services.

Ability to develop curriculum for use within a virtual environment.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of programming languages.

Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools.

Knowledge of portable, extensible, open source platform for managing containerized workloads and services.

Knowledge of cloud hosting providers.

Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats.

Knowledge of how security impacts each development phase and the services.

Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes.

Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility.

Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance.

Knowledge of computer algorithms.

Knowledge of encryption algorithms.

Knowledge of cryptology.

Knowledge of statistics.

Knowledge of parallel and distributed computing concepts.

Skill in systems integration testing.

Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Assess and monitor cybersecurity related to system implementation and testing practices.

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Verify and update security documentation reflecting the application/system security design features.

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge of various types of computer architectures.

Assess all the configuration management (change configuration/release management) processes.

Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment.

Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution.

Build test interfaces and perform complex integration.

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).