Knowledge of access authentication methods.

Knowledge of computer algorithms.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge of cryptology.

Knowledge of database systems.

Knowledge of organization’s enterprise information security architecture system.

Knowledge of embedded systems.

Knowledge of fault tolerance.

Knowledge of how system components are installed, integrated, and optimized.

Knowledge of human-computer interaction principles.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of information security systems engineering principles.

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge of local area and wide area networking principles and concepts including bandwidth management.

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge of operating systems.

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of parallel and distributed computing concepts.

Knowledge of policy-based and risk adaptive access controls.

Knowledge of process engineering concepts.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of secure configuration management techniques.

Knowledge of security management.

Knowledge of software development models (e.g., Waterfall Model, Spiral Model).

Knowledge of software engineering.

Knowledge of structured analysis principles and methods.

Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of systems testing and evaluation methods.

Knowledge of the systems engineering process.

Skill in designing countermeasures to identified security risks.

Skill in designing security controls based on cybersecurity principles and tenets.

Skill in discerning the protection needs (i.e., security controls) of information systems and networks.

Skill in evaluating the adequacy of security designs.

Analyze design constraints, analyze trade-offs and detailed system and security design, and consider lifecycle support.

Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.

Assess the effectiveness of cybersecurity measures utilized by system(s).

Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.

Build, test, and modify product prototypes using working models or theoretical models.

Conduct Privacy Impact Assessments (PIA) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).

Design and develop cybersecurity or cybersecurity-enabled products.

Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.

Design or integrate appropriate data backup capabilities into overall system designs, and ensure appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.

Design to security requirements to ensure requirements are met for all systems and/or applications.

Develop and direct system testing and validation procedures and documentation.

Develop detailed security design documentation for component and interface specifications to support system design and development.

Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.

Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).

Implement security designs for new or existing system(s).

Incorporate cybersecurity vulnerability solutions into system designs (e.g., Cybersecurity Vulnerability Alerts).

Perform an information security risk assessment.

Perform security reviews and identify security gaps in architecture.

Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Store, retrieve, and manipulate data for analysis of system capabilities and requirements.

Provide support to security/certification test and evaluation activities.

Design and develop key management functions (as related to cybersecurity).

Analyze user needs and requirements to plan and conduct system security development.

Ensure security design and cybersecurity development activities are properly documented (providing a functional description of security implementation) and updated as necessary.

Skill in conducting audits or reviews of technical systems.

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Employ configuration management processes.

Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Knowledge of organization’s evaluation and validation requirements.

Knowledge of electrical engineering as applied to computer architecture, including circuit boards, processors, chips, and associated computer hardware.

Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).

Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, and statistics.

Knowledge of microprocessors.

Knowledge of Privacy Impact Assessments.

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Skill in integrating and applying policies that meet system security objectives.

Knowledge of countermeasure design for identified security risks.

Skill in designing the integration of hardware and software solutions.

Skill in developing and applying security system access controls.

Skill in the use of design modeling (e.g., unified modeling language).

Develop risk mitigation strategies and cybersecurity countermeasures to address cost, performance, and security risks and to resolve vulnerabilities and recommend security changes to system or system components as needed.

Develop mitigation strategies to address cost, schedule, performance, and security risks.

Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements.

Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.

Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure recommended products are in compliance with organization’s evaluation and validation requirements.

Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements.

Provide guidelines for implementing developed systems to customers or installation teams.

Provide input to implementation plans and standard operating procedures as they relate to information systems security.

Trace system requirements to design components and perform gap analysis.

Utilize models and simulations to analyze or predict system performance under different operating conditions.

Verify stability, interoperability, portability, and/or scalability of system architecture.

Knowledge of interpreted and compiled computer languages.

Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).

Develop cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

Knowledge of an organization’s information classification program and procedures for information compromise.

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability to determine the best cloud deployment model for the appropriate operating environment.