Research & Development Specialist

Research & Development Specialist Work Role ID: 661 (NIST: SP-RD-001) Category/Specialty Area: Securely Provision / Technology R&D Workforce Element: IT (Cyberspace)

Conducts software and systems engineering and software systems research in order to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
88

Knowledge of new and emerging information technology (IT) and cybersecurity technologies.

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
129

Knowledge of system life cycle management principles, including software security and usability.

Knowledge
144A

Skill in applying the systems engineering process.

Skill
925

Research current technology to understand capabilities of required system or network.

Task
927A

Research and evaluate available technologies and standards to meet customer requirements.

Task
934

Identify cyber capabilities strategies for custom hardware and software development based on mission requirements.

Task
1076

Collaborate with stakeholders to identify and/or develop appropriate solutions technology.

Task
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2420

Follow software and systems engineering life cycle standards and processes.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
4

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability
10

Knowledge of application vulnerabilities.

Knowledge
15A

Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.

Knowledge
27

Knowledge of cryptography and cryptographic key management concepts.

Knowledge
42A

Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software.

Knowledge
95A

Knowledge of penetration testing principles, tools, and techniques.

Knowledge
155

Skill in applying and incorporating information technologies into proposed solutions.

Skill
172

Skill in creating and utilizing mathematical or statistical models.

Skill
180A

Skill in designing the integration of technology processes and solutions, including legacy systems and modern programming languages.

Skill
294A

Knowledge of hacking methodologies.

Knowledge
321A

Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.

Knowledge
383

Skill in using scientific rules and methods to solve problems.

Skill
520

Review and validate data mining and data warehousing programs, processes, and requirements.

Task
905A

Skill in applying secure coding techniques.

Skill
1037

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge
1038

Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1044A

Knowledge of forensic footprint identification.

Knowledge
1052A

Knowledge of mobile communications architecture.

Knowledge
1054

Knowledge of hardware reverse engineering techniques.

Knowledge
1055

Knowledge of middleware (e.g., enterprise service bus and message queuing).

Knowledge
1056

Knowledge of operations security.

Knowledge
1059

Knowledge of networking protocols.

Knowledge
1062

Knowledge of software reverse engineering techniques.

Knowledge
1063A

Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).

Knowledge
1064

Knowledge of Extensible Markup Language (XML) schemas.

Knowledge
1067A

Knowledge of network analysis tools used to identify software communications vulnerabilities.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1077

Design and develop new tools/technologies as related to cybersecurity.

Task
1078A

Troubleshoot prototype design and process issues throughout the product design, development, and pre-launch phases.

Task
1079A

Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities.

Task
1080A

Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities.

Task
1135

Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).

Knowledge
1142A

Knowledge of industry standard security models.

Knowledge
1147A

Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.

Task
2388

Evaluate network infrastructure vulnerabilities to enhance capabilities being developed.

Task
3068

Ability to prepare and present briefings.

Ability
3069

Ability to produce technical documentation.

Ability
3192

Knowledge of covert communication techniques.

Knowledge