Systems Security Analyst

Systems Security Analyst Work Role ID: 461 (NIST: OM-AN-001) Category/Specialty Area: Operate & Maintain / Systems Analysis Workforce Element: Cybersecurity

Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.


Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role.

Core KSATs

KSAT ID Description KSAT
3A

Skill in recognizing vulnerabilities in security systems.

Skill
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
25

Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).

Knowledge
43A

Knowledge of embedded systems.

Knowledge
51

Knowledge of how system components are installed, integrated, and optimized.

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
70

Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
82A

Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.

Knowledge
90

Knowledge of operating systems.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
109A

Knowledge of configuration management techniques.

Knowledge
110A

Knowledge of security management.

Knowledge
111

Knowledge of security system design tools, methods, and techniques.

Knowledge
119

Knowledge of software engineering.

Knowledge
130A

Knowledge of systems security testing and evaluation methods.

Knowledge
133

Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).

Knowledge
160A

Skill in assessing security systems designs.

Skill
177B

Knowledge of countermeasures for identified security risks.

Knowledge
179A

Skill in assessing security controls based on cybersecurity principles and tenets.

Skill
180

Skill in designing the integration of hardware and software solutions.

Skill
183

Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.

Skill
191

Skill in developing and applying security system access controls.

Skill
199

Skill in evaluating the adequacy of security designs.

Skill
420

Apply security policies to meet security objectives of the system.

Task
525A

Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.

Task
559A

Analyze and report organizational security posture trends.

Task
559B

Analyze and report system security posture trends.

Task
571

Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.

Task
576

Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.

Task
593A

Assess adequate access controls based on principles of least privilege and need-to-know.

Task
653A

Implement security measures to resolve vulnerabilities, mitigate risks and recommend security changes to system or system components as needed.

Task
661A

Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.

Task
708A

Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.

Task
729A

Verify minimum security requirements are in place for all applications.

Task
782

Plan and recommend modifications or adjustments based on exercise results or system environment.

Task
795

Properly document all systems security implementation, operations and maintenance activities and update as necessary.

Task
806A

Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.

Task
876

Verify and update security documentation reflecting the application/system security design features.

Task
922A

Knowledge of how to use network analysis tools to identify vulnerabilities.

Knowledge
1034A

Knowledge of Personally Identifiable Information (PII) data security standards.

Knowledge
1034C

Knowledge of Personal Health Information (PHI) data security standards.

Knowledge
1037A

Knowledge of information technology (IT) risk management policies, requirements, and procedures.

Knowledge
1040A

Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
2054

Assess the effectiveness of security controls.

Task
3642

Knowledge of various types of computer architectures.

Knowledge
5050

Assess all the configuration management (change configuration/release management) processes.

Task
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge

Additional KSATs

KSAT ID Description KSAT
21

Knowledge of computer algorithms.

Knowledge
27A

Knowledge of cryptology.

Knowledge
34

Knowledge of database systems.

Knowledge
52

Knowledge of human-computer interaction principles.

Knowledge
58

Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

Knowledge
75B

Knowledge of statistics.

Knowledge
94

Knowledge of parallel and distributed computing concepts.

Knowledge
144

Knowledge of the systems engineering process.

Knowledge
238A

Skill in writing code in a currently supported programming language (e.g., Java, C++).

Skill
419

Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.

Task
421

Apply service oriented security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.

Task
572

Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.

Task
616A

Ensure the execution of disaster recovery and continuity of operations.

Task
660

Implement specific cybersecurity countermeasures for systems and/or applications.

Task
670A

Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.

Task
671

Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.

Task
717A

Assess and monitor cybersecurity related to system implementation and testing practices.

Task
754

Perform cybersecurity testing of developed applications and/or systems.

Task
765

Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.

Task
806

Provide cybersecurity guidance to leadership.

Task
809

Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).

Task
880A

Work with stakeholders to resolve computer security incidents and vulnerability compliance.

Task
938A

Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Task
1034B

Knowledge of Payment Card Industry (PCI) data security standards.

Knowledge
1039B

Knowledge of how to evaluate the trustworthiness of the supplier and/or product.

Knowledge
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1073

Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.

Knowledge
1132A

Knowledge of information technology (IT) service catalogues.

Knowledge
1133

Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
1138A

Knowledge of developing and applying user credential management system.

Knowledge
1139A

Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
3030

Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.

Ability
6240

Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).

Knowledge