* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.

Examine intercept-related metadata and content with an understanding of targeting significance.

Profile network or system administrators and their activities.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Ability to identify/describe target vulnerability.

Ability to identify/describe techniques/methods for conducting technical exploitation of the target.

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge of common networking devices and their configurations.

Knowledge of concepts for operating systems (e.g., Linux, Unix).

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how hubs, switches, routers work together in the design of a network.

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of Internet and routing protocols.

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of network topology.

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge of the basic structure, architecture, and design of modern communication networks.

Skill in identifying the devices that work at each level of protocol models.

Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge of programming language structures and logic.

Skill in using knowledge management technologies.

Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.

Skill in identifying gaps in technical capabilities.

Knowledge of collection management processes, capabilities, and limitations.

Knowledge of front-end collection systems, including traffic collection, filtering, and selection.

Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.

Apply and utilize authorized cyber capabilities to enable access to targeted networks.

Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements.

Apply and obey applicable statutes, laws, regulations and policies.

Assist in the coordination, validation, and management of all-source collection requirements, plans, and/or activities.

Perform analysis for target infrastructure exploitation activities.

Collaborate with intelligence analysts/targeting organizations involved in related areas.

Collaborate with other internal and external partner organizations on target access and operational issues.

Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.

Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.

Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access.

Conduct target research and analysis.

Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.

Examine intercept-related metadata and content with an understanding of targeting significance.

Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.

Identify and evaluate threat critical capabilities, requirements, and vulnerabilities.

Identify gaps in our understanding of target technology and developing innovative collection approaches.

Identify, locate, and track targets via geospatial analysis techniques.

Lead or enable exploitation operations in support of organization objectives and target requirements.

Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.

Monitor target networks to provide indications and warning of target communications changes or processing failures.

Produce network reconstructions.

Profile network or system administrators and their activities.

Tip critical or time-sensitive information to appropriate customers.

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability to communicate effectively when writing.

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Ability to function effectively in a dynamic, fast-paced environment.

Ability to select the appropriate implant to achieve operational goals.

Knowledge of basic implants.

Ability to interpret and translate customer requirements into operational action.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Ability to expand network access by conducting target analysis and collection in order to identify targets of interest.

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge of target intelligence gathering and operational preparation techniques and life cycles.

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge of basic principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis).

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.

Knowledge of common networking devices and their configurations.

Knowledge of common reporting databases and tools.

Knowledge of concepts for operating systems (e.g., Linux, Unix).

Knowledge of all relevant reporting and dissemination procedures.

Knowledge of current software and methodologies for active defense and system hardening.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of data flow process for terminal or environment collection.

Knowledge of deconfliction processes and procedures.

Knowledge of encryption algorithms and cyber capabilities/tools (e.g., SSL, PGP).

Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.).

Knowledge of evasion strategies and techniques.

Knowledge of how hubs, switches, routers work together in the design of a network.

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).

Knowledge of how to establish priorities for resources.

Knowledge of implementing Unix and Windows systems that provide radius authentication and logging, DNS, mail, web service, FTP server, DHCP, firewall, and SNMP.

Knowledge of Internet and routing protocols.

Knowledge of intrusion sets.

Knowledge of all applicable statutes, laws, regulations and policies governing cyber targeting and exploitation.

Knowledge of methods and techniques used to detect various exploitation activities.

Knowledge of midpoint collection (process, objectives, organization, targets, etc.).

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of network topology.

Knowledge of identification and reporting processes.

Knowledge of products and nomenclature of major vendors (e.g., security suites – Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky) and how differences affect exploitation/vulnerabilities.

Knowledge of scripting

Knowledge of security hardware and software options, including the network artifacts they induce and their effects on exploitation.

Knowledge of security implications of software configurations.

Knowledge of strategies and tools for target research.

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge of organizational and partner policies, tools, capabilities, and procedures.

Knowledge of the basic structure, architecture, and design of converged applications.

Knowledge of the data flow from collection origin to repositories and tools.

Knowledge of targeting cycles.

Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.

Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Knowledge of network collection procedures to include decryption capabilities/tools, techniques, and procedures.

Skill in analyzing traffic to identify network devices.

Skill in creating and extracting important information from packet captures.

Skill in creating collection requirements in support of data acquisition activities.

Skill in creating plans in support of remote operations.

Skill in data mining techniques (e.g., searching file systems) and analysis.

Skill in depicting source or collateral data on a network map.

Skill in determining installed patches on various operating systems and identifying patch signatures.

Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.

Skill in evaluating accesses for intelligence value.

Skill in exploiting/querying organizational and/or partner collection databases.

Skill in identifying the devices that work at each level of protocol models.

Skill in identifying, locating, and tracking targets via geospatial analysis techniques

Skill in interpreting compiled and interpretive programming languages.

Skill in interpreting metadata and content as applied by collection systems.

Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction.

Skill in interpreting vulnerability scanner results to identify vulnerabilities.

Skill in generating operation plans in support of mission and target requirements.

Skill in navigating network visualization software.

Skill in performing data fusion from existing intelligence for enabling new and continued collection.

Skill in reading, interpreting, writing, modifying, and executing simple scripts (e.g., PERL, VBS) on Windows and Unix systems (e.g., those that perform tasks like parsing large data files, automating manual tasks, and fetching/processing remote data).

Skill in recognizing and interpreting malicious network activity in traffic.

Skill in recognizing midpoint opportunities and essential information.

Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).

Skill in researching vulnerabilities and exploits utilized in traffic.

Skill in target development in direct support of collection operations.

Skill in using databases to identify target-relevant information.

Skill in using non-attributable networks.

Skill in verifying the integrity of all files.

Skill in writing (and submitting) requirements to meet gaps in technical capabilities.

Determine the extent of threats and recommend courses of action and countermeasures to mitigate risks.