* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to accurately document results

Ability to analyze a finding of a compromise and develop a custom signature(s) and/or rule(s) to identify it throughout the network

Ability to analyze Data at Rest and Data in Transit encryption methodologies and assess Data at Rest and Data in Transit polices

Ability to analyze device/protocol discovery tool output

Ability to analyze interior and exterior routing protocols (e.g. RIP, EIGRP, OSPF, IS-IS, etc…)

Ability to analyze mitigations to recover from a full network compromise

Ability to analyze network infrastructure to identify and recommend key terrain or critical infrastructure.

Ability to analyze organizational policies and documentation for appropriate use and user privileges as they apply to networking devices.

Ability to analyze potential adversarial attack vectors on a mission-critical system.

Ability to assess Data in Transit encryption policies.

Ability to characterize network traffic for trends and patterns.

Ability to communicate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decisionmaking authorities.

Ability to compile access control lists and firewall configurations.

Ability to Conduct flow data analysis

Ability to conduct research on vulnerabilites found and correlate current versions to known vulnerable releases

Ability to configure, forward and statistically analyze logs

Ability to configure, place, and maintain a distributed sensor grid.

Ability to construct accurate maps of the network devices

Ability to construct log aggregation solutions and analysis platforms

Ability to correlate indicators of compromise

Ability to create baselines/PPS documents and to compare current state against documentation.

Ability to create rules/alerts for traffic validation.

Ability to define caching and analyze the information contained within

Ability to detect mismatched port-application traffic

Ability to develop a risk defense plan to put active measure in place in defense of a network

Ability to develop dashboards to better visualize data

Ability to dissect and analyze a packet header

Ability to document findings of any anomalous connections

Ability to evaluate common Tactics, Techniques and Procedures (TTP) used in malware and open-source and Intelligence Community (IC) resources available to identify emerging TTPs

Ability to evaluate information (e.g. trust relationships and security policies) from a domain to identify vulnerabilities/misconfiguration

Ability to evaluate mitigations to recover from a full-network compromise.

Ability to evaluate network diagram

Ability to evaluate rogue/unauthorized systems on a network

Ability to evaluate systems resiliency in adverse conditions

Ability to identify activity in log entries to correlate indicators of compromise.

Ability to identify anomalous activity based off of known trends and patterns.

Ability to identify C2 Beaconing in normal network traffic.

Ability to identify complex root-cause analysis and recommend mitigations

Ability to identify Data in Transit encryption methodologies.

Ability to identify exfiltration of data in normal network traffic

Ability to identify IPv6 and differentiate between Link Local, Multicast, Unicast, and Anycast.

Ability to identify wireless encryption and differentiate between WEP, WPA (all versions) and WAPI

Ability to implement network TAP configuration

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, and ensuring a robust software quality control process.

Ability to measure application whitelisting/blacklisting solutions.

Ability to measure principle of vulnerability exploitation.

Ability to measure the effectiveness of white/blacklisting solutions on network devices.

Ability to monitor network data and perform triage on triggered events.

Ability to operate the tools to enumerate a system.

Ability to organize a list of mission infrastructure to identify which dependent systems are key terrain.

Ability to organize Network System Architecture and the dependencies formed from relationships between systems.

Ability to perform conversation calculations across Hexadecimal, Octal, Decimal, and binary.

Ability to perform device discovery.

Ability to research protocol utilization and determine anomalous use.

Ability to test tools within sensor grid.

Ability to use and integrate Security Information and Event Management (SIEM) capabilities in the analysis process.

Ability to utilize Defense Information Systems Agency (DISA)/ Department of Defense (DoD) system configuration guidelines.

Knowledge of anomaly-based detection and threat hunting.

Knowledge of attack principles, tools, and techniques.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of cybersecurity and cybersecurity-enabled software products.

Knowledge of DOD Component-level cybersecurity architecture.

Knowledge of encryption algorithms and their implementation.

Knowledge of Friendly Network Forces (FNF) reporting procedures (i.e. deconfliction) to include external organization interaction.

Knowledge of hardware components and architecture including functions and limitations.

Knowledge of hashing algorithms.

Knowledge of Hexadecimal, Octal, Decimal, and binary

Knowledge of HTML source code and the intelligence that can be derived from it.

Knowledge of IPv6

Knowledge of Network OSs.

Knowledge of security implications of device and software configurations.

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of TCP flags

Knowledge of the differences between distance vector and link-state routing protocols

Knowledge of the different DNS resource records

Knowledge of the U.S. Security System authorities, responsibilities, and contributions to the cyberspace operations mission.

Knowledge of User Agent Strings and the intelligence that can be derived from them

Skill in analyzing PCAP data

Skill in conducting system planning, management, and maintenance.

Skill in discerning the protection requirements (i.e. security controls) of IS and networks.

Skill in implementing encryption algorithms.

Skill in intrusion detection methodologies and techniques for detecting host and network-based intrusions for utilizing intrusion detection systems and signature development.

Skill in network operating system administration.

Skill in providing an understanding of the adversary through the identification and link analysis of physical, functional, or behavioral relationships within an operational environment.

Skill in regular expressions

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Skill in using Berkeley Packet filters.

Skill in using network mapping tools to analyze identify and enumerate a network.

Skill in utilizing a network traffic packet analyzer in order to detect anomalies in protocol utilization.

Adhere to DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Assess exploited systems’ potential to provide additional access, target development information, intelligence and/or covert infrastructure.

Determine and document software patches or the extent of releases that would harden vulnerable software.

Determine location of tool(s) deployment and utilize them once deployed (e.g., monitor agent, sensor).

Develop and review cyberspace operations TTPs for integration into strategic, operational and tactical levels of planning.

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Manage threat or target analysis of DCO information and production of threat information for networks and enclave environments.

Provide and maintain documentation for TTPs as inputs to training programs.

Provide input to the analysis, design, development or acquisition of capabilities used for meeting mission objectives.

Read, write, and interpret simple scripts to collect remote data and automation tasks.

Read, write, and interpret simple scripts to parse large data files.

Recommend Patch network vulnerabilities to ensure information is safeguarded against outside parties via Risk Mitigation Plans.