Knowledge of application vulnerabilities.

Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Skill in creating policies that reflect system security objectives.

Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.

Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.

Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.

Advise senior management (e.g., CIO) on risk levels and security posture.

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Design/integrate a cyber strategy that outlines the vision, mission, and goals that align with the organization’s strategic plan.

Develop and maintain strategic plans.

Develop mitigation strategies to address cost, schedule, performance, and security risks.

Evaluate contracts to ensure compliance with funding, legal, and program requirements.

Evaluate cost benefit, economic, and risk analysis in decision making process.

Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.

Lead and align information technology (IT) security priorities with the security strategy.

Lead and oversee budget, staffing, and contracting.

Lead and oversee information security budget, staffing, and contracting.

Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.

Perform an information security risk assessment.

Provide advice on project costs, design concepts, or design changes.

Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.

Provide enterprise cybersecurity and supply chain risk management guidance.

Provide input on security requirements to be included in statements of work and other appropriate procurement documents.

Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

Recommend policy and coordinate review and approval.

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

Knowledge of emerging security issues, risks, and vulnerabilities.

Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.

Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Knowledge of supply chain risk management standards, processes, and practices.

Knowledge of information technology (IT) acquisition/procurement requirements.

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Knowledge of the acquisition/procurement life cycle process.

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Ensure supply chain, system, network, performance, and cyber security requirements are included in contract language and delivered.

Develop contract language to ensure supply chain, system, network, and operational security are met.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Collaborate with other internal and external partner organizations on target access and operational issues.

Collaborate with other team members or partner organizations to develop a diverse program of information materials (e.g., web pages, briefings, print materials).

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Serve as a liaison with external partners.

Supervise and assign work to programmers, designers, technologists and technicians and other engineering and scientific personnel.

Collaborate across internal and/or external organizational lines to enhance collection, analysis and dissemination.

Ability to apply critical reading/thinking skills.

Ability to exercise judgment when policies are not well-defined.

Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Ability to tailor technical and planning information to a customer’s level of understanding.

Ability to think critically.

Ability to coordinate, collaborate and disseminate information to subordinate, lateral and higher-level organizations.

Coordinate with organizational manpower stakeholders to ensure appropriate allocation and distribution of human capital assets.

Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization’s mission, vision, and goals.

Collaborate on cyber privacy and security policies and procedures.

Collaborate with cyber security personnel on the security risk assessment process to address privacy compliance and risk mitigation.

Appoint and guide a team of IT security experts.

Collaborate with key stakeholders to establish a cybersecurity risk management program

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

* Knowledge of specific operational impacts of cybersecurity lapses.

Skill in communicating with all levels of management including Board members (e.g., interpersonal skills, approachability, effective listening skills, appropriate use of style and language for the audience).

Ability to ensure information security management processes are integrated with strategic and operational planning processes.

Ability to ensure that senior officials within the organization provide information security for the information and systems that support the operations and assets under their control.

Ability to prioritize and allocate cybersecurity resources correctly and efficiently.

Ability to relate strategy, business, and technology in the context of organizational dynamics.

Ability to understand the basic concepts and issues related to cyber and its organizational impact.

Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list).

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Skill to anticipate new security threats.

Skill to remain aware of evolving technical infrastructures.

Skill to use critical thinking to analyze organizational patterns and relationships.

Ability to understand technology, management, and leadership issues related to organization processes and problem solving.

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Advocate organization’s official position in legal and legislative proceedings.

Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Knowledge of import/export control regulations and responsible agencies for the purposes of reducing supply chain risk.

Review and approve a supply chain security/risk management policy.

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge of critical information technology (IT) procurement requirements.

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Develop, maintain, and assess cyber cooperation security agreements with external partners.

Identify and manage security cooperation priorities with external partners.

Act as, or work with, counsel relating to business partner contracts.

Ability to oversee the development and update of the lifecycle cost estimate.

Knowledge of cyber competitions as a way of developing skills by providing hands-on experience in simulated, real-world situations.