* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of communication methods, principles, and concepts (e.g., crypto, dual hubs, time multiplexers) that support the network infrastructure.

Knowledge of capabilities and applications of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.

Ability to operate the organization’s LAN/WAN pathways.

Knowledge of how system components are installed, integrated, and optimized.

Ability to build architectures and frameworks.

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge of local area and wide area networking principles and concepts including bandwidth management.

Knowledge of measures or indicators of system performance and availability.

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of operating systems.

Knowledge of performance tuning tools and techniques.

Knowledge of remote access technology concepts.

Knowledge of systems engineering theories, concepts, and methods.

Knowledge of server and client operating systems.

Knowledge of system/server diagnostic tools and fault identification techniques.

Knowledge of systems administration concepts.

Knowledge of the enterprise information technology (IT) architecture.

Knowledge of the enterprise information technology (IT) architectural concepts and patterns to include baseline and target architectures.

Knowledge of the type and frequency of routine maintenance needed to keep equipment functioning properly.

Knowledge of Virtual Private Network (VPN) security.

Skill in analyzing network traffic capacity and performance characteristics.

Skill in conducting system/server planning, management, and maintenance.

Skill in configuring and optimizing software.

Skill in correcting physical and technical problems that impact system/server performance.

Skill in designing the integration of hardware and software solutions.

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill in developing and applying security system access controls.

Skill in developing, testing, and implementing network infrastructure contingency and recovery plans.

Skill in diagnosing connectivity problems.

Skill in troubleshooting failed system components (i.e., servers)

Skill in identifying and anticipating system/server performance, availability, capacity, or configuration problems.

Skill in installing system and component upgrades.

Skill in installing, configuring, and troubleshooting LAN and WAN components such as routers, hubs, and switches.

Skill in maintaining directory services.

Skill in monitoring and optimizing system/server performance.

Knowledge of network mapping and recreating network topologies.

Skill in recovering failed systems/servers.

Skill in operating system administration.

Skill in using network management tools to analyze network traffic patterns (e.g., simple network management protocol).

Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).

Knowledge of file system implementations (e.g., New Technology File System [NTFS], File Allocation Table [FAT], File Extension [EXT]).

Knowledge of operating system command line/prompt.

Knowledge of virtualization technologies and virtual machine development and maintenance.

Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources.

Check system hardware availability, functionality, integrity, and efficiency.

Conduct functional and connectivity testing to ensure continuing operability.

Conduct periodic system maintenance including cleaning (both physically and electronically), disk checks, routine reboots, data dumps, and testing.

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Configure and optimize network hubs, routers, and switches (e.g., higher-level protocols, tunneling).

Consult with engineering staff to evaluate interface between hardware and software.

Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs.

Develop and document systems administration standard operating procedures.

Comply with organization systems administration standard operating procedures.

Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.

Install or replace network hubs, routers, and switches.

Maintain baseline system security according to organizational policies.

Manage accounts, network rights, and access to systems and equipment.

Manage system/server resources including performance, capacity, availability, serviceability, and recoverability.

Oversee installation, implementation, configuration, and support of system components.

Patch network vulnerabilities to ensure information is safeguarded against outside parties.

Diagnose faulty system/server hardware.

Perform repairs on faulty system/server hardware.

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Plan, execute, and verify data redundancy and system recovery procedures.

Plan and recommend modifications or adjustments based on exercise results or system environment.

Provide feedback on network requirements, including network architecture and infrastructure.

Provide ongoing optimization and problem solving support.

Troubleshoot hardware/software interface and interoperability problems.

Knowledge of the range of existing networks (e.g., PBX, LANs, WANs, WIFI, SCADA).

Knowledge of organizational information technology (IT) user security policies (e.g., account creation, password rules, access control).

Knowledge of the common attack vectors on the network layer.

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).

Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Examine network topologies to understand data flows through the network.

Validate intrusion detection system (IDS) alerts against network traffic using packet analysis tools.

Install, update, and troubleshoot systems/servers.

Assist in the construction of signatures which can be implemented on cyber defense network tools in response to new or observed threats within the NE or enclave.

Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.

Conduct network scouting and vulnerability analyses of systems within a network.

Determine course of action for addressing changes to objectives, guidance, and operational environment.

Identify threats to Blue Force vulnerabilities.

Identify potential points of strength and vulnerability within a network.

Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event’s history, status, and potential impact for further action in accordance with the organization’s cyber incident response plan.

Ability to monitor system operations and react to events in response to triggers and/or observation of trends or unusual activity.

Ability to tailor technical and planning information to a customer’s level of understanding.

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge of confidentiality, integrity, and availability requirements.

Knowledge of general SCADA system components.

Knowledge of the Risk Management Framework Assessment Methodology.

Knowledge of network construction and topology.

Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

Knowledge of telecommunications fundamentals.

Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.

Skill in remote command line and Graphic User Interface (GUI) tool usage.

Ability to build, implement, and maintain distributed sensor grid.

Ability to characterize network traffic for trends and patterns.

Ability to configure and place distributed sensor grid

Ability to coordinate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decision-making authorities

Ability to create rule sets within an Intrusion Detection System (IDS).

Ability to create rules/alerts for traffic validation.

Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Ability to implement network TAP configuration

Ability to implement sensors according to sensor plan

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process and establishing multiple source

Ability to organize policy standards to insure procedures and guidelines comply with cybersecurity policies.

Ability to setup Serial and Ethernet interfaces.

Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.

Ability to test tools within sensor grid.

Ability to track the location and configuration of networked devices and software across departments, locations, facilities and potentially supporting business functions.

Ability to troubleshoot computer software and hardware issues, make repairs, and schedule updates.

Ability to use and/or integrate a Security Information and Event Management (SIEM) platform.

Knowledge of active directory federated services.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).

Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).

Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).

Knowledge of the full-spectrum of cyberspace operational missions (e.g., DODIN Operations, DCO, OCO), principles, capabilities, limitations, and effects.

Knowledge of long haul circuits.

Knowledge of Network OSs.

Knowledge of network systems management methods including end-to-end systems performance monitoring.

Knowledge of non-Active Directory domains (e.g. IDM, LDAP).

Knowledge of principles and methods for integrating system and network components.

Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.

Knowledge of routing protocols such as RIPv1/v2, OSPF, IGRP, and EIGRP

Knowledge of Security Technical Implementation Guide (STIG)

Knowledge of stream providers (e.g. KAFKA).

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of transmission capabilities (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)).

Knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN, and routing protocols

Knowledge of web applications and their common attack vectors.

Skill in applying STIG upgrades

Skill in cable management and organization

Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).

Skill in implementing DHCP and DNS

Skill in router IOS backup, recovery, and upgrade.

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Ability to develop policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Skill in interfacing with customers.

Consult with customers about network system design and maintenance.

Design countermeasures and mitigations against potential weaknesses and vulnerabilities in system and elements.

Design, develop, and modify network systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Diagnose network connectivity problems.

Engage customers to understand their expectations and wants.

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Identify optimal locations for network sensor placement to collect on targeted devices.

Implement and enforce DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Maintain Operational, technical, and authoritative situational awareness during effects-based operations

Notify designated mission leadership or applicable team members of any suspected cyber incident.

Provide and maintain documentation for TTPs as inputs to training programs.

Provide feedback for RFI generation.

Repair network connectivity problems.