* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of organization’s evaluation and validation requirements.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Skill in conducting test events.

Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).

Skill in determining an appropriate level of test rigor for a given system.

Skill in developing operations-based testing scenarios.

Skill in systems integration testing.

Skill in writing test plans.

Analyze the results of software, hardware, or interoperability testing.

Determine level of assurance of developed capabilities based on test results.

Develop test plans to address specifications and requirements.

Make recommendations based on test results.

Perform developmental testing on systems under development.

Perform interoperability testing on systems exchanging electronic information with other systems.

Perform operational testing.

Record and manage test data.

Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.

Skill in evaluating test plans for applicability and completeness.

Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.

Create auditable evidence of security measures.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Validate specifications and requirements for testability.

Ability to analyze test data.

Ability to collect, verify, and validate test data.

Ability to translate data and test results into evaluative conclusions.

Knowledge of Test & Evaluation processes.

Skill in conducting Test Readiness Reviews.

Skill in designing and documenting overall program Test & Evaluation strategies.

Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.

Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.

Skill in preparing Test & Evaluation reports.

Skill in providing Test & Evaluation resource estimate.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of organization’s enterprise information security architecture system.

Knowledge of security risk assessments and authorization per Risk Management Framework processes.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge of network hardware devices and functions.

Knowledge of systems administration concepts.

Knowledge of the systems engineering process.

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.

Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.

Knowledge of interpreted and compiled computer languages.

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.

Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge of cybersecurity-enabled software products.