Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.

Knowledge of application vulnerabilities.

Skill in conducting application vulnerability assessments.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge of penetration testing principles, tools, and techniques.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Skill in the use of penetration testing tools and techniques.

Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.

Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.

Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.

Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.

Skill in using network analysis tools to identify vulnerabilities.

Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Knowledge of cryptography and cryptographic key management concepts.

Skill in assessing the application of cryptographic standards.

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Ability to apply programming language structures (e.g., source code review) and logic.

Knowledge of programming language structures and logic.

Skill in assessing the robustness of security systems and designs.

Skill in detecting host and network based intrusions via intrusion detection technologies.

Skill in mimicking threat behaviors.

Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

Skill in the use of social engineering techniques.

Conduct and/or support authorized penetration testing on enterprise network assets.

Skill in performing impact/risk assessments.

Knowledge of interpreted and compiled computer languages.

Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).

Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

Knowledge of threat environments.

Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge of ethical hacking principles and techniques.

Knowledge of data backup and restoration concepts.

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Skill in reviewing logs to identify evidence of past intrusions.