* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge of disaster recovery continuity of operations plans.

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge of cybersecurity principles used to manage risks related to the use, processing, storage, and transmission of information or data.

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge of incident response and handling methodologies.

Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of server administration and systems engineering theories, concepts, and methods.

Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.

Knowledge of system life cycle management principles, including software security and usability.

Knowledge of the organization’s enterprise information technology (IT) goals and objectives.

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Skill in creating policies that reflect system security objectives.

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Knowledge of information security program management and project management principles and techniques.

Acquire and manage the necessary resources, including leadership support, financial resources, and key security personnel, to support information technology (IT) security goals and objectives and reduce overall organizational risk.

Advise senior management (e.g., CIO) on risk levels and security posture.

Advise appropriate senior leadership or Authorizing Official of changes affecting the organization’s cybersecurity posture.

Collect and maintain data needed to meet system cybersecurity reporting.

Communicate the value of information technology (IT) security throughout all levels of the organization stakeholders.

Ensure security improvement actions are evaluated, validated, and implemented as required.

Ensure that cybersecurity inspections, tests, and reviews are coordinated for the network environment.

Ensure that cybersecurity requirements are integrated into the continuity planning for that system and/or organization(s).

Identify alternative information security strategies to address organizational security objective.

Identify information technology (IT) security program implications of new technologies or technology upgrades.

Interpret patterns of non compliance to determine their impact on levels of risk and/or overall effectiveness of the enterprise’s cybersecurity program.

Manage the monitoring of information security data sources to maintain organizational situational awareness.

Oversee the information security training and awareness program.

Participate in the development or modification of the computer environment cybersecurity program plans and requirements.

Prepare, distribute, and maintain plans, instructions, guidance, and standard operating procedures concerning the security of network system(s) operations.

Provide system related input on cybersecurity requirements to be included in statements of work and other appropriate procurement documents.

Recognize a possible security violation and take appropriate action to report the incident, as required.

Recommend resource allocations required to securely operate and maintain an organization’s cybersecurity requirements.

Supervise or manage protective or corrective measures when an cybersecurity incident or vulnerability is discovered.

Track audit findings and recommendations to ensure appropriate mitigation actions are taken.

Promote awareness of security issues among management and ensure sound security principles are reflected in the organization’s vision and goals.

Oversee policy standards and implementation strategies to ensure procedures and guidelines comply with cybersecurity policies.

Identify security requirements specific to an information technology (IT) system in all phases of the System Life Cycle.

Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.

Assure successful implementation and functionality of security requirements and appropriate information technology (IT) policies and procedures that are consistent with the organization’s mission and goals.

Knowledge of organization’s risk tolerance and/or risk management approach.

Knowledge of enterprise incident response program, roles, and responsibilities.

Knowledge of current and emerging threats/threat vectors.

Support necessary compliance activities (e.g., ensure system security configuration guidelines are followed, compliance monitoring occurs).

Continuously validate the organization against policies/guidelines/procedures/regulations/laws to ensure compliance.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of an organization’s information classification program and procedures for information compromise.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of applicable business processes and operations of customer organizations.

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge of industry-standard and organizationally accepted analysis principles and methods.

Knowledge of risk management processes and requirements per the Risk Management Framework (RMF).

Knowledge of measures or indicators of system performance and availability.

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of network traffic analysis methods.

Knowledge of current and emerging cyber technologies.

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of penetration testing principles, tools, and techniques.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge of resource management principles and techniques.

Knowledge of server and client operating systems.

Knowledge of technology integration processes.

Knowledge of secure acquisitions (e.g., relevant Contracting Officer’s Technical Representative [COTR] duties, secure procurement, supply chain risk management).

Acquire necessary resources, including financial resources, to conduct an effective enterprise continuity of operations program.

Advise senior management (e.g., CIO) on cost/benefit analysis of information security programs, policies, processes, and systems, and elements.

Collaborate with stakeholders to establish the enterprise continuity of operations program, strategy, and mission assurance.

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Ensure that protection and detection capabilities are acquired or developed using the IS security engineering approach and are consistent with organization-level cybersecurity architecture.

Establish overall enterprise information security architecture (EISA) with the organization’s overall security strategy.

Evaluate and approve development efforts to ensure that baseline security safeguards controls/measures are appropriately installed.​

Evaluate cost benefit, economic, and risk analysis in decision making process.

Interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other Computer Network Defense information.

Interpret and/or approve security requirements relative to the capabilities of new information technologies.

Lead and align information technology (IT) security priorities with the security strategy.

Lead and oversee information security budget, staffing, and contracting.

Manage the publishing of Computer Network Defense guidance (e.g., TCNOs, Concept of Operations, Net Analyst Reports, NTSM, MTOs) for the enterprise constituency.

Manage threat or target analysis of cyber defense information and production of threat information within the enterprise.

Monitor and evaluate the effectiveness of the enterprise’s cybersecurity safeguards to ensure they provide the intended level of protection.

Participate in risk assessment and authorization per Risk Management Framework processes.

Provide enterprise cybersecurity and supply chain risk management guidance for development of the Continuity of Operations Plans.

Provide leadership and direction to information technology (IT) personnel by ensuring that cybersecurity awareness, basics, literacy, and training are provided to operations personnel commensurate with their responsibilities.

Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters.

Recommend policy and coordinate review and approval.

Use federal and organization-specific published documents to manage operations of their computing environment system(s).

Participate in Risk Governance process to provide security risks, mitigations, and input on other technical risk.

Evaluate the effectiveness of procurement function in addressing information security requirements and supply chain risks through procurement activities and recommend improvements.

Knowledge of critical information technology (IT) procurement requirements.

Participate in the acquisition process as necessary, following appropriate supply chain risk management practices.

Ensure all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organization goals.

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of Payment Card Industry (PCI) data security standards.

Forecast ongoing service demands and ensure security assumptions are reviewed as necessary.

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Skill in evaluating the trustworthiness of the supplier and/or product.

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Define and/or implement policies and procedures to ensure protection of critical infrastructure as appropriate.

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.