Research & Development Specialist

Research & Development Specialist Work Role ID: 661 (NIST: SP-RD-001) Workforce Element: IT (Cyberspace)

Conducts software and systems engineering and software systems research in order to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.


Qualification Matrix

  BasicIntermediateAdvancedNotes
Foundational Qualification OptionsEducation A BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCA BS degree in Information Technology, Cybersecurity, Data Science, Information Systems, or Computer Science, from an ABET accredited or CAE designated institution fulfills the educational requirement for this WRCTBDFor additional information pertaining to ABET: www.abet.org or CAE: www.caecommunity.org
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsDoD/Military TrainingTBDTBDTBDSee TAB C (DCWF Training Repository) below for additional course information.
Foundational Qualification OptionsCommercial TrainingTBDTBDTBD
Foundational Qualification OptionsOR OR OR
Foundational Qualification OptionsPersonnel CertificationSecurity+GCLD or CCE or CASP+ or CEHSee TAB B (Certification Index) below for certification vendor information. Courses at higher proficiency levels qualify lower levels.
Foundational Qualification AlternativeExperienceConditional AlternativeConditional AlternativeConditional AlternativeRefer to Section 3 of the DoD 8140 Manual for more information.
Residential QualificationOn-the-Job QualificationAlways RequiredAlways RequiredAlways RequiredIndividuals must demonstrate capability to perform their duties in their resident environment.
Residential QualificationEnvironment-Specific RequirementsComponent DiscretionComponent DiscretionComponent Discretion
Annual Maintenance Continuous Professional Development Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.Minimum of 20 hours annually or what is required to maintain certification; whichever is greater.

Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
88

Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
144A

Skill in applying the systems engineering process.

Skill
925

Research current technology to understand capabilities of required system or network.

Task
927A

Research and evaluate available technologies and standards to meet customer requirements.

Task
934

Identify cyber capabilities strategies for custom hardware and software development based on mission requirements.

Task
1076

Collaborate with stakeholders to identify and/or develop appropriate solutions technology.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
4

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability
10

Knowledge of application vulnerabilities.

Knowledge
27

Knowledge of cryptography and cryptographic key management concepts.

Knowledge
95A

Knowledge of penetration testing principles, tools, and techniques.

Knowledge
155

Skill in applying and incorporating information technologies into proposed solutions.

Skill
172

Skill in creating and utilizing mathematical or statistical models.

Skill
180A

Skill in designing the integration of technology processes and solutions, including legacy systems and modern programming languages.

Skill
321A

Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.

Knowledge
383

Skill in using scientific rules and methods to solve problems.

Skill
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1038B

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1056

Knowledge of operations security.

Knowledge
1062

Knowledge of software reverse engineering techniques.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1077

Design and develop new tools/technologies as related to cybersecurity.

Task
1078A

Troubleshoot prototype design and process issues throughout the product design, development, and pre-launch phases.

Task
1079A

Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities.

Task
1125

Knowledge of Cloud-based knowledge management technologies and concepts related to security, governance, procurement, and administration.

Knowledge
1135

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Knowledge
1142A

Knowledge of industry standard security models.

Knowledge
1147A

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Task
3068

Ability to prepare and present briefings.

Ability
3069

Ability to produce technical documentation.

Ability
6919

Ability to determine the best cloud deployment model for the appropriate operating environment.

Ability
6942

Skill in designing or implementing cloud computing deployment models.

Skill