* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge of human-computer interaction principles.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

Knowledge of operations security.

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Provide input to the analysis, design, development or acquisition of capabilities used for meeting objectives.

Apply expertise in policy and processes to facilitate the development, negotiation, and internal staffing of plans and/or memorandums of agreement.

Assess target vulnerabilities and/or operational capabilities to determine course of action.

Provide input to the identification of cyber-related success criteria.

Develop, review and implement all levels of planning guidance in support of cyber operations.

Contribute to crisis action planning for cyber operations.

Coordinate with intelligence and cyber defense partners to obtain relevant essential information.

Use intelligence estimates to counter potential target actions.

Develop and maintain deliberate and/or crisis plans.

Develop and review specific cyber operations guidance for integration into broader planning activities.

Develop cyber operations plans and guidance to ensure that execution and resource allocation decisions align with organization objectives.

Develop or participate in the development of standards for providing, requesting, and/or obtaining support from external partners to synchronize cyber operations.

Develop potential courses of action.

Develop, implement, and recommend changes to appropriate planning procedures and policies.

Devise, document, and validate cyber operation strategy, and planning documents.

Ensure operational planning efforts are effectively transitioned to current operations.

Facilitate interactions between internal and external partner decision makers to synchronize and integrate courses of action in support of objectives.

Gather and analyze data (e.g., measures of effectiveness) to determine effectiveness, and provide reporting for follow-on activities.

Incorporate cyber operations and communications security support plans into organization objectives.

Integrate cyber planning/targeting efforts with other organizations.

Interpret environment preparations assessments to determine a course of action.

Issue requests for information.

Knowledge and understanding of operational design.

Knowledge of organizational planning concepts.

Maintain situational awareness to determine if changes to the operating environment require review of the plan.

Monitor and evaluate integrated cyber operations to identify opportunities to meet organization objectives.

Provide subject matter expertise to planning efforts with internal and external cyber operations partners.

Prepare for and provide subject matter expertise to exercises.

Provide input for the development and refinement of the cyber operations objectives, priorities, strategies, plans, and programs.

Provide input to the administrative and logistical elements of an operational support plan.

Provide planning support between internal and external partners.

Recommend refinement, adaption, termination, and execution of operational plans as appropriate.

Review, approve, prioritize, and submit operational requirements for research, development, and/or acquisition of cyber capabilities.

Submit or respond to requests for deconfliction of cyber operations.

Document lessons learned that convey the results of events and/or exercises.

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability to adjust to and operate in a diverse, unpredictable, challenging, and fast-paced work environment.

Ability to apply critical reading/thinking skills.

Ability to apply approved planning development and staffing processes.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Ability to coordinate cyber operations with other organization functions or support activities.

Ability to develop or recommend planning solutions to problems and situations for which no precedent exists.

Ability to effectively collaborate via virtual teams.

Ability to exercise judgment when policies are not well-defined.

Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—in order to leverage analytical and technical expertise.

Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Ability to interpret and understand complex and rapidly evolving concepts.

Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.

Ability to tailor technical and planning information to a customer’s level of understanding.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Knowledge of virtualization products (Vmware, Virtual PC).

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of classification and control markings standards, policies and procedures.

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of cyber operations support or enabling processes.

Knowledge of operational effectiveness assessment.

Knowledge of common computer/network infections (virus, Trojan, etc.) and methods of infection (ports, attachments, etc.).

Knowledge of computer networking fundamentals (i.e., basic computer components of a network, types of networks, etc.).

Knowledge of crisis action planning and time sensitive planning procedures.

Knowledge of cyber laws and legal considerations and their effect on cyber planning.

Knowledge of cyber actions (i.e. cyber defense, information gathering, environment preparation, cyber attack) principles, capabilities, limitations, and effects.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of deconfliction processes and procedures.

Knowledge of target and threat organization structures, critical capabilities, and critical vulnerabilities.

Knowledge of evolving/emerging communications technologies.

Knowledge of existing, emerging, and long-range issues related to cyber operations strategy, policy, and organization.

Knowledge of staff management, assignment, and allocation processes.

Knowledge of fundamental cyber operations concepts, terminology/lexicon (i.e., environment preparation, cyber attack, cyber defense), principles, capabilities, limitations, and effects.

Knowledge of fundamental cyber concepts, principles, limitations, and effects.

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of how modern digital and telephony networks impact cyber operations.

Knowledge of information security concepts, facilitating technologies and methods.

Knowledge of organizational hierarchy and cyber decision making processes.

Knowledge of malware.

Knowledge of crisis action planning for cyber operations.

Knowledge of objectives, situation, operational environment, and the status and disposition of internal and external partner collection capabilities available to support planning.

Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.

Knowledge of planning activity initiation.

Knowledge of planning timelines adaptive, crisis action, and time-sensitive planning.

Knowledge of the functions and capabilities of internal teams that emulate threat activities to benefit the organization.

Knowledge of telecommunications fundamentals.

Knowledge of the basic structure, architecture, and design of modern communication networks.

Knowledge of the basics of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of the critical information requirements and how they’re used in planning.

Knowledge of the common networking and routing protocols(e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications.

Knowledge of the organizational structure as it pertains to full spectrum cyber operations, including the functions, responsibilities, and interrelationships among distinct internal elements.

Knowledge of accepted organization planning systems.

Knowledge of organization objectives, leadership priorities, and decision-making risks.

Knowledge of the outputs of course of action and exercise analysis.

Knowledge of the information environment.

Knowledge of the process used to assess the performance and impact of operations.

Knowledge of the range of cyber operations and their underlying intelligence support needs, topics, and focus areas.

Knowledge of the relationships between end states, objectives, effects, lines of operation, etc.

Knowledge of the role of network operations in supporting and facilitating other organization operations.

Knowledge of the structure, architecture, and design of modern digital and telephony networks.

Knowledge of cryptologic capabilities, limitations, and contributions to cyber operations.

Knowledge of the ways in which targets or threats use the Internet.

Knowledge of organization cyber operations programs, strategies, and resources.

Knowledge of what constitutes a “threat” to a network.

Knowledge of wireless technologies (e.g., cellular, satellite, GSM) to include the basic structure, architecture, and design of modern wireless communications systems.

Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures.

Skill in applying analytical methods typically employed to support planning and to justify recommended strategies and courses of action.

Skill in applying crisis planning procedures.

Skill in developing and executing comprehensive cyber operations assessment programs for assessing and validating operational performance characteristics.

Skill in documenting and communicating complex technical and programmatic information.

Skill in evaluating information for reliability, validity, and relevance.

Skill in preparing and presenting briefings.

Skill in preparing plans and related correspondence.

Skill in reviewing and editing plans.

Skill in utilizing feedback in order to improve processes, products, and services.

Skill in utilizing virtual collaborative workspaces and/or tools (e.g., IWS, VTCs, chat rooms, SharePoint).

Skill to anticipate key target or threat activities which are likely to prompt a leadership decision.

Skill to graphically depict decision support materials containing intelligence and partner capability estimates.

* Knowledge of specific operational impacts of cybersecurity lapses.

Assist and advise inter-agency partners in identifying and developing best practices for facilitating operational support to achievement of organization objectives.

Contribute to the development of the organization’s decision support tools if necessary.

Determine indicators (e.g., measures of effectiveness) that are best suited to specific cyber operation objectives.

Ensure that intelligence planning activities are integrated and synchronized with operational planning timelines.

Evaluate intelligence estimates to support the planning cycle.

Identify cyber intelligence gaps and shortfalls.

Maintain relationships with internal and external partners involved in cyber planning or related areas.

Maintain situational awareness of cyber-related intelligence requirements and associated tasking.

Maintain situational awareness of partner capabilities and activities.

Conduct long-range, strategic planning efforts with internal and external partners in cyber activities.

Ability to identify external partners with common cyber operations interests.

Knowledge of all forms of intelligence support needs, topics, and focus areas.

Knowledge of internal and external partner cyber operations capabilities and tools.

Knowledge of how modern wireless communications systems impact cyber operations.

Knowledge of intelligence support to planning, execution, and assessment.

Knowledge of organization policies and planning concepts for partnering with internal and/or external organizations.

Knowledge of organization or partner exploitation of digital networks.

Knowledge of required intelligence planning products associated with cyber operational planning.

Knowledge of organizational structures and associated intelligence capabilities.

Knowledge of the organizational planning and staffing process.

Knowledge of organization decision support tools and/or methods.

Knowledge of the processes to synchronize operational assessment procedures with the critical information requirement process.

Knowledge of the structure and intent of organization specific plans, guidance and authorizations.

Knowledge of organization issues, objectives, and operations in cyber as well as regulations and policy directives governing cyber operations.

Skill to apply the process used to assess the performance and impact of cyber operations.

Skill to craft indicators of operational progress/success.

Skill to distinguish between notional and actual resources and their applicability to the plan under development.

Skill to synchronize operational assessment procedures with the critical information requirement process.

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

Knowledge of intelligence/SIGINT reporting and dissemination procedures.

Develop cyberspace operations TTPs for integration into operational and tactical levels of planning.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to apply tradecraft to minimize risk of detection, mitigate risk, and minimize creation of behavioral signature

Ability to characterize a target admin/user’s technical abilities, habits, and skills.

Ability to communicate operational plans and actions and provide feedback regarding OPSEC and tradecraft during mission pre-brief

Ability to conduct open source research.

Ability to construct a course of action using available exploitation tools and techniques.

Ability to continually research and develop new tools/techniques

Ability to create rules and filters (e.g., Berkeley Packet Filter, Regular Expression).

Ability to ensure collected data is transferred to the appropriate storage locations.

Ability to enumerate a network.

Ability to enumerate user permissions and privileges.

Ability to evade or counter security products or host based defenses.

Ability to exploit vulnerabilities to gain additional access.

Ability to extract credentials from hosts

Ability to identify capability gaps (e.g., insufficient tools, training, or infrastructure)

Ability to identify files containing information critical to operational objectives.

Ability to identify legal, policy, and technical limitations when conducting cyberspace operations.

Ability to identify logging capabilities on host

Ability to identify what tools or Tactics, Techniques, and Procedures (TTPs) are applicable to a given situation

Ability to improve the performance of cyberspace operators by providing constructive (positive and negative) feedback.

Ability to install/modify/uninstall tools on target systems in accordance with current policies and procedures.

Ability to interpret device configurations.

Ability to interpret technical materials such as RFCs and technical manuals.

Ability to maintain situational awareness of target environment.

Ability to model a simulated environment to conduct mission rehearsal and mitigate risk of actions taken during operations.

Ability to operate automated systems to interact with target environment.

Ability to perform masquerade operations.

Ability to perform privilege escalation.

Ability to persist access to a target.

Ability to plan, brief, execute, and debrief a mission.

Ability to promote and enable organizational change.

Ability to provide advice and guidance to various stakeholders regarding technical issues, capabilities, and approaches.

Ability to provide feedback to developers if a tool requires continued development.

Ability to provide technical leadership within an organization.

Ability to read, write, modify, and execute compiled languages (e.g., C).

Ability to recognize and extract salient information from large data set (e.g., critical information, anomalies).

Ability to recognize and report mistakes or poor tradecraft to appropriate leadership in accordance with Standard Operating Procedures (SOPs).

Ability to recognize and respond appropriately to Non-Standard Events.

Ability to redirect and tunnel through target systems.

Ability to remediate indicators of compromise.

Ability to research non-standards within a project.

Ability to retrieve historical operational and open-source data to analyze compatibility with approved capabilities.

Ability to train other cyberspace operators.

Ability to troubleshoot technical problems.

Ability to use core toolset (e.g., implants, remote access tools).

Ability to use dynamic analysis tools (e.g. process monitor, process explorer, and registry analysis)

Ability to use enterprise tools to enumerate target information.

Ability to verify file integrity for both uploads and downloads.

Ability to weaken a target to facilitate/enable future access.

Ability to write and modify markup languages (e.g., HTML, XML).

Ability to write and modify source code (e.g., C).

Knowledge of access control models (Role Based Access Control, Attribute Based Access Control).

Knowledge of advanced redirection techniques.

Knowledge of appropriate/inappropriate information to include in operational documentation (e.g., OPNOTES, technical summaries, action maps, etc.).

Knowledge of basic client software applications and their attack surfaces.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of basic redirection techniques (e.g. IP Tables, SSH Tunneling, netsh)

Knowledge of basic server software applications and their attack surfaces.

Knowledge of code injection and its employment in cyberspace operations.

Knowledge of common network administration best practices and the impact to operations.

Knowledge of credential sources and restrictions related to credential usage.

Knowledge of device reboots, including when they occur and their impact on tool functionality.

Knowledge of evolving technologies.

Knowledge of factors that would suspend or abort an operation.

Knowledge of historical data relating to particular targets and projects, prior to an operation to include reviewing TECHSUMs, previous OPNOTEs, etc.

Knowledge of how computer programs are executed

Knowledge of how host-based security products, logging, and malware may affect tool functionality

Knowledge of how other actors may affect operations

Knowledge of how race conditions occur and can be employed to compromise shared resources

Knowledge of malware triage.

Knowledge of methods and procedures for sending a payload via an existing implant

Knowledge of methods, strategies, and techniques of evading detection while conducting operations, such as noise, stealth, situational awareness, etc.

Knowledge of methods, tools, and procedures for collecting information, including accessing databases and file systems

Knowledge of methods, tools, and procedures for exploiting target systems

Knowledge of methods, tools, and techniques used to determine the path to a target host/network (e.g., identify satellite hops).

Knowledge of models for examining cyber threats (e.g. cyber kill chain, MITRE ATT&CK).

Knowledge of modes of communication used by a target, such as cable, fiber optic, satellite, microwave, VSAT, or combinations of these.

Knowledge of open source tactics that enable initial access (e.g. social engineering, phishing)

Knowledge of operating system command shells, configuration data.

Knowledge of operational infrastructure

Knowledge of operational security, logging, admin concepts, and troubleshooting.

Knowledge of password cracking techniques.

Knowledge of process migration

Knowledge of system administration concepts for distributed or managed operating environments.

Knowledge of system administration concepts for stand alone operating systems.

Knowledge of system calls

Knowledge of the components of an authentication system.

Knowledge of the concept of an advanced persistent threat (APT)

Knowledge of the location and use of tool documentation.

Knowledge of the methods and procedures for communicating with tools/modules, including the use of listening posts.

Knowledge of the methods of persistence.

Knowledge of the Mission Improvement Process

Knowledge of the Plan, Brief, Execute, and Debrief process

Knowledge of the tactics development process

Knowledge of threats to OPSEC when installing, using, modifying, and uninstalling tools.

Knowledge of tool release/testing process

Knowledge of VPNs, their purpose, and how they can be leveraged.

Skill in enumerating a host (e.g. file systems, host meta data host characteristics).

Skill in manipulating firewall/host based security configuration and rulesets.

Skill in retrieving memory resident data.

Skill in transferring files to target devices (e.g., scp, tftp, http, ftp).

Skill in using network enumeration and analysis tools, both active and passive.

Advise leadership on operational tradecraft, emerging technology, and technical health of the force.

Approve remediation actions.

As authorized, train cyberspace operators at one’s certification level or below.

Assess the technical health of the cyberspace operator work role.

Assess, recommend, and evaluate remediation actions.

Conduct cyber activities to deny, degrade, disrupt, destroy, manipulate, (D4M).

Conduct post-mission actions.

Conduct pre-mission actions

Conduct pre-operation research and prep.

Create/normalize/document/evaluate TTPs in cyberspace operations.

Develop and/or inform risk assessments.

Develop Operational Training Solultions.

Develop remediation actions.

Develop risk assessments for non-standard events and ad hoc tradecraft.

Employ collection TTPs in cyberspace operations.

Employ credential access TTPs in cyberspace operations.

Employ discovery TTPs in cyberspace operations.

Employ exfiltration TTPs in cyberspace operations.

Employ lateral movement TTPs in cyberspace operations.

Employ TTPs in categories at one’s certification level or below.

Evaluate cyberspace operator performance at one’s certification level or below.

Identify targets of opportunity in order to influence operational planning.

Identify the appropriate operating authorities and guidance

Maintain operational and technical situational awareness during operations

Produce strategy to inform commander’s decision making process.

Provide input to mission debrief.

Provide input to operational policy.

Provide input to post mission planning.

Provide input to pre-mission planning.

Provide oversight of operations.

Provide quality control of operations and cyberspace operator products at one’s certification level or below.

Recognize and respond to indicators of compromise (IOC).

Recognize and respond to events that change risk.

Record and document activities during cyberspace operations.

Steward the cyberspace operator work role.

Train cyberspace operators at their certified level or below.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of basic reconnaissance activity concepts and techniques (foot printing, scanning and enumeration).

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge of cybersecurity concepts and principles.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge of intelligence sources and their characteristics.

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target.

Knowledge of quality review process and procedures.

Knowledge of SIGINT laws and directives.

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission.

Skill in analyzing endpoint collection data.

Skill in developing and maintaining target profiles.

Skill in geolocating targets.

Skill in operational use of raw collection databases.

Skill in performing data fusion from all-source intelligence for geospatial analysis.

Skill in performing data fusion from all-source intelligence for network analysis and reconstruction (e.g., Single Table Inheritance (STIs), network maps).

Skill in performing data fusion from all-source intelligence.

Skill in providing feedback to enhance future collection and analysis.

Skill in recognizing exploitation opportunities.

Skill in recognizing the value of survey data.

Skill in selector normalization.

Skill in targeting (e.g., selectors).

Apply and/or develop analytic techniques to provide better intelligence.

Apply customer requirements to the analysis process.

Assist planners in the development of courses of action

Develop analytical techniques to gain more target information.

Develop and lead exercises

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Document and disseminate analytic findings.

Enable targeting offices to find new sources of collection.

Evaluate the strengths and weaknesses of the intelligence source.

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Facilitate collaboration with customers, Intelligence and targeting organizations involved in related cyber areas.

Identify and facilitate partner relationships to enhance mission capabilities

Lead work role working groups/planning and development forums

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Mitigate collection gaps

Perform network analysis to support new or continued collection.

Produce digital network intelligence against specific named target sets.

Provide expertise in support of operational effects generated through cyber activities.

Provide intel target recommendations which meet leadership objectives.

Select, build, and develop query strategies against appropriate collection databases.

Understand technologies used by a given target

Understand TTPs and methodologies to enable access ops or access vector opportunities.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge of basic physical computer components and architectures, including the functions of various components and peripherals (e.g., CPUs, Network Interface Cards, data storage).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.

Examine intercept-related metadata and content with an understanding of targeting significance.

Profile network or system administrators and their activities.

Ability to collaborate effectively with others.

Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Knowledge of internet network addressing (IP addresses, classless inter-domain routing, TCP/UDP port numbering).

Ability to identify/describe target vulnerability.

Ability to identify/describe techniques/methods for conducting technical exploitation of the target.

Knowledge of a wide range of basic communications media concepts and terminology (e.g., computer and telephone networks, satellite, cable, wireless).

Knowledge of a wide range of concepts associated with websites (e.g., website types, administration, functions, software systems, etc.).

Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.).

Knowledge of basic malicious activity concepts (e.g., foot printing, scanning and enumeration).

Knowledge of common networking devices and their configurations.

Knowledge of concepts for operating systems (e.g., Linux, Unix).

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how hubs, switches, routers work together in the design of a network.

Knowledge of how internet applications work (SMTP email, web-based email, chat clients, VOIP).

Knowledge of Internet and routing protocols.

Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).

Knowledge of network topology.

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge of the basic structure, architecture, and design of modern communication networks.

Skill in identifying the devices that work at each level of protocol models.

Skill in recognizing technical information that may be used for leads to enable remote operations (data includes users, passwords, email addresses, IP ranges of the target, frequency in DNI behavior, mail servers, domain servers, SMTP header information).

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge of web mail collection, searching/analyzing techniques, tools, and cookies.

Skill in identifying gaps in technical capabilities.

Knowledge of collection management processes, capabilities, and limitations.

Knowledge of front-end collection systems, including traffic collection, filtering, and selection.

Apply and utilize authorized cyber capabilities to enable access to targeted networks.

Apply cyber collection, environment preparation and engagement expertise to enable new exploitation and/or continued collection operations, or in support of customer requirements.

Apply and obey applicable statutes, laws, regulations and policies.

Perform analysis for target infrastructure exploitation activities.

Collaborate with other internal and external partner organizations on target access and operational issues.

Communicate new developments, breakthroughs, challenges and lessons learned to leadership, and internal and external customers.

Conduct analysis of physical and logical digital technologies (e.g., wireless, SCADA, telecom) to identify potential avenues of access.

Conduct independent in-depth target and technical analysis including target-specific information (e.g., cultural, organizational, political) that results in access.

Collaborate with developers, conveying target and technical knowledge in tool requirements submissions, to enhance tool development.

Identify gaps in our understanding of target technology and developing innovative collection approaches.

Identify, locate, and track targets via geospatial analysis techniques.

Lead or enable exploitation operations in support of organization objectives and target requirements.

Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.

Monitor target networks to provide indications and warning of target communications changes or processing failures.

Produce network reconstructions.

Ability to accurately and completely source all data used in intelligence, assessment and/or planning products.

Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Knowledge of basic implants.

Ability to select the appropriate implant to achieve operational goals.

Ability to expand network access by conducting target analysis and collection in order to identify targets of interest.

Knowledge of target intelligence gathering and operational preparation techniques and life cycles.

Knowledge of basic principles of the collection development processes (e.g., Dialed Number Recognition, Social Network Analysis).

Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of client organizations, including information needs, objectives, structure, capabilities, etc.

Knowledge of collection searching/analyzing techniques and tools for chat/buddy list, emerging technologies, VOIP, Media Over IP, VPN, VSAT/wireless, web mail and cookies.

Knowledge of common reporting databases and tools.

Knowledge of all relevant reporting and dissemination procedures.

Knowledge of data flow process for terminal or environment collection.

Knowledge of terminal or environmental collection (process, objectives, organization, targets, etc.).

Knowledge of evasion strategies and techniques.

Knowledge of how to collect, view, and identify essential information on targets of interest from metadata (e.g., email, http).

Knowledge of intrusion sets.

Knowledge of all applicable statutes, laws, regulations and policies governing cyber targeting and exploitation.

Knowledge of midpoint collection (process, objectives, organization, targets, etc.).

Knowledge of identification and reporting processes.

Knowledge of products and nomenclature of major vendors (e.g., security suites – Trend Micro, Symantec, McAfee, Outpost, Panda, Kaspersky) and how differences affect exploitation/vulnerabilities.

Knowledge of scripting

Knowledge of strategies and tools for target research.

Knowledge of organizational and partner policies, tools, capabilities, and procedures.

Knowledge of the basic structure, architecture, and design of converged applications.

Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.

Knowledge of Unix/Linux and Windows operating systems structures and internals (e.g., process management, directory structure, installed applications).

Skill in analyzing traffic to identify network devices.

Skill in creating and extracting important information from packet captures.

Skill in creating collection requirements in support of data acquisition activities.

Skill in creating plans in support of remote operations.

Skill in depicting source or collateral data on a network map.

Skill in determining the effect of various router and firewall configurations on traffic patterns and network performance in both LAN and WAN environments.

Skill in evaluating accesses for intelligence value.

Skill in identifying, locating, and tracking targets via geospatial analysis techniques

Skill in interpreting compiled and interpretive programming languages.

Skill in interpreting metadata and content as applied by collection systems.

Skill in using trace route tools and interpreting the results as they apply to network analysis and reconstruction.

Skill in generating operation plans in support of mission and target requirements.

Skill in navigating network visualization software.

Skill in performing data fusion from existing intelligence for enabling new and continued collection.

Skill in recognizing and interpreting malicious network activity in traffic.

Skill in recognizing midpoint opportunities and essential information.

Skill in researching vulnerabilities and exploits utilized in traffic.

Skill in target development in direct support of collection operations.

Skill in using databases to identify target-relevant information.

Skill in using non-attributable networks.

Skill in writing (and submitting) requirements to meet gaps in technical capabilities.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to analyze a finding of a compromise and develop a custom signature(s) and/or rule(s) to identify it throughout the network

Ability to analyze adversarial avenues of approach on a mission-critical system

Ability to analyze Data at Rest and Data in Transit encryption methodologies and assess Data at Rest and Data in Transit policies in support of identifying outliers to delineate possible avenues of approach.

Ability to analyze how the tools operate to enumerate the system

Ability to analyze multiple memory captures, determine anomalous behavior and developed a detailed report that includes timeline of compromise

Ability to analyze organizational policies and documentation for appropriate use and user privileges to determine current user access rights policies

Ability to analyze potentially malicious processes, libraries and modules on a system

Ability to analyze process lists within Windows, Unix, or Linux operating systems

Ability to analyze software installed and in use on a system, and on a host machine and compare it to the authorized software list provided by the network owner

Ability to analyze tools/hardware used to extract/analyze/capture memory and disk images

Ability to analyze user-mode/kernel mode rootkits and how they function and differ

Ability to analyze vulnerabilities and misconfiguration without Information Assurance artifacts.

Ability to build a baseline of configuration/state for host machines

Ability to capture a memory image from a host workstation

Ability to capture forensically sound memory and disk images with regard to timeline analysis

Ability to compare active user accounts on a network to appropriate Standard Operating Procedure (SOP), gather active user accounts on a network and compare to authorized user list

Ability to compare current state against baselines

Ability to compile group policies and access control lists from mission partner networks.

Ability to compile host-based firewall configurations and host intrusion prevention system through group policy modifications

Ability to conduct disk forensics on multiple images

Ability to configure log aggregation

Ability to configure, forward and statistically analyze logs

Ability to correlate indicators of compromise

Ability to de-obfuscate (e.g. command line execution, string substitution, clandestine side channel, Base64).

Ability to develop a risk defense plan (e.g. behavioral development, etc.) and put active measures in place in defense of a network, endpoint, and/or host.

Ability to develop dashboards to better visualize data

Ability to develop host-based IDS/IPS signatures and settings

Ability to develop the reporting and recording of discovered potentially malicious processes, libraries, and modules on a compromised system

Ability to enumerate domain security groups.

Ability to enumerate knowledge management applications (e.g. SharePoint) and their service accounts/security groups.

Ability to enumerate network shares and identify ACLs/security permissions and analyze for vulnerabilities/misconfigurations (e.g. SMB, NFS, ISCSI).

Ability to evaluate common Tactics, Techniques and Procedures (TTP) used in malware and open-source and Intelligence Community (IC) resources available to identify emerging TTPs

Ability to evaluate compliance with Security Technical Implementation Guides (STIGs) on host machines by utilizing a compliance scanner in support of identifying outliers in order to delineate possible avenues of approach

Ability to evaluate if patches are up to date for all hosts, determine current process for updating patches and determine current patch level for all hosts on a network according to NIST Special Publications 800-40 in support of identifying outliers in order to delineate possible avenues of approach.

Ability to evaluate rogue/unauthorized systems on a network

Ability to evaluate security posture shortcomings in group policy

Ability to evaluate steps taken after host-based IDS/IPS alerts, verify the finding and ensure its volatility

Ability to evaluate systems resiliency in adverse conditions

Ability to export/enumerate information (e.g., users, groups) from a Domain Controller.

Ability to identify activity context in log entries to correlate indicators of compromise.

Ability to identify anomalous network traffic on a host machine.

Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Ability to identify new indicators of compromise through anomalous behavior in log entries.

Ability to identify security posture shortcomings

Ability to identify tools and techniques available for analyzing binary applications and interpreted scripts.

Ability to identify/select the most appropriate tools and solutions for the specific environment (e.g. disk/memory forensics/capture, host enumeration, application whitelisting, log aggregation and analysis, HIPS/HIDS solutions, etc.).

Ability to implement and configure host-based firewalls and host intrusion prevention systems

Ability to implement Data at Rest and Data in Transit encryption methodologies, Assess Data at Rest and Data in Transit polices.

Ability to measure known vulnerabilities against known vectors of approach.

Ability to monitor Active Directory (AD) for creation of unauthorized/potentially malicious accounts.

Ability to operate specified tools to enumerate a system.

Ability to organize Active Directories (AD) hierarchy structure.

Ability to organize logging and auditing procedures including server-based logging.

Ability to organize order of the volatility when capturing artifacts.

Ability to perform and analyze situational awareness commands within Windows, Unix, and Linux operating systems (e.g. system info, net stat, ipconfig, task list, ls, ifconfig, etc…)

Ability to perform and analyze vulnerability scans on host machines in support of identifying outliers in order to delineate possible avenues of approach.

Ability to perform complex root-cause analysis and recommend mitigations to determine root cause of an intrusion.

Ability to perform dynamic analysis.

Ability to perform static analysis.

Ability to prioritize how Operating System (OS) and application patches are distributed in different systems.

Ability to prioritize Operating Systems (OS) default processes, library, and modules based on boot order, dependencies, or key operations.

Ability to provide host analysis for Risk Mitigation Plan (RMP) to improve customer security overall posture.

Ability to provide mitigations to recover from a full network compromise.

Ability to select the best tools to enumerate a given set of host machines in order to validate whether they match known baselines.

Ability to use and integrate a Security Information and Event Management (SIEM) platform.

Ability to use host volatile data to compare active processes, libraries and modules against databases of known good/bad.

Ability to utilize Defense Information Systems Agency (DISA)/ Department of Defense (DoD) system configuration guidelines.

Knowledge of active directory federated services.

Knowledge of common information network malware (e.g., viruses, trojans, etc.) and vectors of attack (e.g., ports, attachments, etc.).

Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).

Knowledge of common persistence locations within Windows, Unix, or Linux operating systems.

Knowledge of cybersecurity and cybersecurity-enabled software products.

Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).

Knowledge of cybersecurity Risk Management Framework (RMF) process.

Knowledge of DCO capabilities, including open-source tools, and their capabilities.

Knowledge of Defense-In-Depth principles.

Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).

Knowledge of evasion strategies and TTPs (e.g., noise, stealth, situational awareness, bandwidth throttling).

Knowledge of existing cybersecurity principles, policies, and procedures

Knowledge of full-spectrum of cyberspace operations in an intelligence-driven DCO environment.

Knowledge of non-Active Directory domains (e.g. IDM, LDAP).

Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.

Knowledge of stream providers (e.g. KAFKA).

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of the U.S. Security System authorities, responsibilities, and contributions to the cyberspace operations mission.

Knowledge of the Windows registry hive keys and the information contained within each one.

Knowledge of typical system processes within Windows, Unix, or Linux operating systems

Knowledge of web applications and their common attack vectors.

Skill in analyzing endpoint collection data.

Skill in providing support to intelligence analysts to understand the operational environment and how it ties to intelligence reporting.

Skill in refining research (e.g., vulnerabilities, TTPs) to assist intelligence analysts’ preparation of products.

Skill in run level configurations in a Linux or UNIX environment

Skill in using various online tools for open-source research (e.g., online trade, DNS, mail, etc.).

Conduct open source research via various online tools.

Confer with systems analysts, engineers, programmers, and others to design application and to obtain information on project limitations and capabilities, performance requirements, and interfaces.

Identify potential points of strength and vulnerability among segments of a network map.

Identify tools/hardware used to extract/analyze/capture memory and disk images.

Perform security reviews and identify gaps in security architecture that can be used in the development of a security risk management plan.

Provide and maintain documentation for TTPs as inputs to training programs.

Validate intrusion detection system (IDS) alerts.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to collaborate with the IC to leverage analytical and technical expertise.

Ability to communicate effectively when writing and speaking.

Ability to create products to meet decision making needs.

Ability to support the joint targeting cycle in a dynamic environment.

Ability to understand US Code Titles as they apply to targeting in support of operations in cyberspace.

Ability to utilize analytical constructs.

Ability to utilize and synthesize multiple intelligence sources to create products.

Knowledge of Collateral Damage Estimate (CDE) methodology

Knowledge of combat assessment.

Knowledge of Command Structure (mission, C2).

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

Knowledge of IC, to include members, structure, and associated missions.

Knowledge of ISR capabilities and repositories (e.g., Geospatial Intelligence Information Management Services (GIMS), National SIGINT Requirements Process (NSRP), etc.).

Knowledge of metadata.

Knowledge of Mission Packages.

Knowledge of Political, Military, Economic, Social, PMESII and Counter-Terrorism Analytical Framework analytical constructs and their use in assessing the operational environment.

Knowledge of state and non-state target systems.

Knowledge of the development of Intelligence Needs (INs), Intelligence Requirements (IRs), and Essential Elements of Information (EEI).

Knowledge of the five target entity types.

Knowledge of the Joint Tactical Cyber Request (JTCR).

Knowledge of the National SIGINT system.

Knowledge of the Request for Support (RFS) process.

Knowledge of the review and approval process for cyberspace operations Review and Approval Process of Cyber Operations (RAP-CO) process.

Knowledge of the sensitive target and review (STAR) process.

Knowledge of what a Tasking Order is and the information contained in it (e.g., ATO, CTO, and MTO).

Skill in creating and maintaining target materials.

Skill in developing TSA products.

Skill in identifying intelligence gaps to generate RFIs.

Skill in providing input into Mission Packages.

Skill in utilizing Microsoft Office applications (e.g., Word, PowerPoint, Excel, etc.).

Skill in writing phased BDA reports.

Attend or provide input for targeting community meetings (e.g., Targeting Issues Working Group (TIWG), Military Targeting Committee (MTC), etc.).

Build and maintain target materials.

Develop, or assist in the development, of a Collateral Effects Estimation (CEE) methodology for cyberspace.

Maintain situational awareness of the common intelligence picture and/or common operational picture as applicable

Participate in Boards, Bureaus, Cells, Centers, and Working Groups (B2C2WGs).

Participate in the Joint Planning Process and other commander and staff planning processes.

Provide analysis and support for combat assessments.

Provide targeting support to TST planning and operations.

Support target list management (i.e. Restricted Target List (RTL), Joint Target List (JTL), Candidate Target List (CTL), etc.).

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to accurately document results

Ability to analyze a finding of a compromise and develop a custom signature(s) and/or rule(s) to identify it throughout the network

Ability to analyze Data at Rest and Data in Transit encryption methodologies and assess Data at Rest and Data in Transit polices

Ability to analyze device/protocol discovery tool output

Ability to analyze interior and exterior routing protocols (e.g. RIP, EIGRP, OSPF, IS-IS, etc…)

Ability to analyze mitigations to recover from a full network compromise

Ability to analyze network infrastructure to identify and recommend key terrain or critical infrastructure.

Ability to analyze organizational policies and documentation for appropriate use and user privileges as they apply to networking devices.

Ability to analyze potential adversarial attack vectors on a mission-critical system.

Ability to assess Data in Transit encryption policies.

Ability to characterize network traffic for trends and patterns.

Ability to communicate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decisionmaking authorities.

Ability to compile access control lists and firewall configurations.

Ability to Conduct flow data analysis

Ability to conduct research on vulnerabilites found and correlate current versions to known vulnerable releases

Ability to configure, forward and statistically analyze logs

Ability to configure, place, and maintain a distributed sensor grid.

Ability to construct accurate maps of the network devices

Ability to construct log aggregation solutions and analysis platforms

Ability to correlate indicators of compromise

Ability to create baselines/PPS documents and to compare current state against documentation.

Ability to create rules/alerts for traffic validation.

Ability to define caching and analyze the information contained within

Ability to detect mismatched port-application traffic

Ability to develop a risk defense plan to put active measure in place in defense of a network

Ability to develop dashboards to better visualize data

Ability to dissect and analyze a packet header

Ability to document findings of any anomalous connections

Ability to evaluate common Tactics, Techniques and Procedures (TTP) used in malware and open-source and Intelligence Community (IC) resources available to identify emerging TTPs

Ability to evaluate information (e.g. trust relationships and security policies) from a domain to identify vulnerabilities/misconfiguration

Ability to evaluate mitigations to recover from a full-network compromise.

Ability to evaluate network diagram

Ability to evaluate rogue/unauthorized systems on a network

Ability to evaluate systems resiliency in adverse conditions

Ability to identify activity in log entries to correlate indicators of compromise.

Ability to identify anomalous activity based off of known trends and patterns.

Ability to identify C2 Beaconing in normal network traffic.

Ability to identify complex root-cause analysis and recommend mitigations

Ability to identify Data in Transit encryption methodologies.

Ability to identify exfiltration of data in normal network traffic

Ability to identify IPv6 and differentiate between Link Local, Multicast, Unicast, and Anycast.

Ability to identify wireless encryption and differentiate between WEP, WPA (all versions) and WAPI

Ability to implement network TAP configuration

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, and ensuring a robust software quality control process.

Ability to measure application whitelisting/blacklisting solutions.

Ability to measure principle of vulnerability exploitation.

Ability to measure the effectiveness of white/blacklisting solutions on network devices.

Ability to monitor network data and perform triage on triggered events.

Ability to operate the tools to enumerate a system.

Ability to organize a list of mission infrastructure to identify which dependent systems are key terrain.

Ability to organize Network System Architecture and the dependencies formed from relationships between systems.

Ability to perform conversation calculations across Hexadecimal, Octal, Decimal, and binary.

Ability to perform device discovery.

Ability to research protocol utilization and determine anomalous use.

Ability to test tools within sensor grid.

Ability to use and integrate Security Information and Event Management (SIEM) capabilities in the analysis process.

Ability to utilize Defense Information Systems Agency (DISA)/ Department of Defense (DoD) system configuration guidelines.

Knowledge of anomaly-based detection and threat hunting.

Knowledge of attack principles, tools, and techniques.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of cybersecurity and cybersecurity-enabled software products.

Knowledge of DOD Component-level cybersecurity architecture.

Knowledge of encryption algorithms and their implementation.

Knowledge of Friendly Network Forces (FNF) reporting procedures (i.e. deconfliction) to include external organization interaction.

Knowledge of hardware components and architecture including functions and limitations.

Knowledge of hashing algorithms.

Knowledge of Hexadecimal, Octal, Decimal, and binary

Knowledge of HTML source code and the intelligence that can be derived from it.

Knowledge of IPv6

Knowledge of Network OSs.

Knowledge of security implications of device and software configurations.

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of TCP flags

Knowledge of the differences between distance vector and link-state routing protocols

Knowledge of the different DNS resource records

Knowledge of the U.S. Security System authorities, responsibilities, and contributions to the cyberspace operations mission.

Knowledge of User Agent Strings and the intelligence that can be derived from them

Skill in analyzing PCAP data

Skill in conducting system planning, management, and maintenance.

Skill in discerning the protection requirements (i.e. security controls) of IS and networks.

Skill in implementing encryption algorithms.

Skill in intrusion detection methodologies and techniques for detecting host and network-based intrusions for utilizing intrusion detection systems and signature development.

Skill in network operating system administration.

Skill in providing an understanding of the adversary through the identification and link analysis of physical, functional, or behavioral relationships within an operational environment.

Skill in regular expressions

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Skill in using Berkeley Packet filters.

Skill in using network mapping tools to analyze identify and enumerate a network.

Skill in utilizing a network traffic packet analyzer in order to detect anomalies in protocol utilization.

Adhere to DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Assess exploited systems’ potential to provide additional access, target development information, intelligence and/or covert infrastructure.

Determine and document software patches or the extent of releases that would harden vulnerable software.

Determine location of tool(s) deployment and utilize them once deployed (e.g., monitor agent, sensor).

Develop and review cyberspace operations TTPs for integration into strategic, operational and tactical levels of planning.

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Manage threat or target analysis of DCO information and production of threat information for networks and enclave environments.

Provide and maintain documentation for TTPs as inputs to training programs.

Provide input to the analysis, design, development or acquisition of capabilities used for meeting mission objectives.

Read, write, and interpret simple scripts to collect remote data and automation tasks.

Read, write, and interpret simple scripts to parse large data files.

Recommend Patch network vulnerabilities to ensure information is safeguarded against outside parties via Risk Mitigation Plans.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to build, implement, and maintain distributed sensor grid.

Ability to characterize network traffic for trends and patterns.

Ability to configure and place distributed sensor grid

Ability to coordinate with Sr Leaders of an Org. to ensure shared responsibility for supporting Org. mission/business functions using external providers of systems, services and apps receives visibility and is elevated to the appropriate decision-making authorities

Ability to create rule sets within an Intrusion Detection System (IDS).

Ability to create rules/alerts for traffic validation.

Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

Ability to implement network TAP configuration

Ability to implement sensors according to sensor plan

Ability to integrate information security requirements into the acquisition process, using applicable baseline security controls as one of the sources for security requirements, ensuring a robust software quality control process and establishing multiple source

Ability to organize policy standards to insure procedures and guidelines comply with cybersecurity policies.

Ability to setup Serial and Ethernet interfaces.

Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.

Ability to test tools within sensor grid.

Ability to track the location and configuration of networked devices and software across departments, locations, facilities and potentially supporting business functions.

Ability to troubleshoot computer software and hardware issues, make repairs, and schedule updates.

Ability to use and/or integrate a Security Information and Event Management (SIEM) platform.

Knowledge of active directory federated services.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of basic Cyber Threat Emulation concepts.

Knowledge of basic Embedded Systems concepts.

Knowledge of common obfuscation techniques (e.g. command line execution, string substitution, clandestine side channel, Base64).

Knowledge of cybersecurity controls and design principles and methods (e.g., firewalls, DMZ, and encryption).

Knowledge of different types of log subscriptions (e.g. push vs pull, MS Windows event forwarding, winlogbeat, syslog).

Knowledge of full-spectrum cyberspace operational missions (e.g., DODIN Operations, DCO, OCO, cyberspace ISR, and Operational Preparation of the Environment (OPE)), principles, capabilities, limitations, and effects.

Knowledge of long haul circuits.

Knowledge of Network OSs.

Knowledge of network systems management methods including end-to-end systems performance monitoring.

Knowledge of non-Active Directory domains (e.g. IDM, LDAP).

Knowledge of principles and methods for integrating system and network components.

Knowledge of public key infrastructure (PKI) libraries, certificate authorities, certificate management, and encryption functionalities.

Knowledge of routing protocols such as RIPv1/v2, OSPF, IGRP, and EIGRP

Knowledge of Security Technical Implementation Guide (STIG)

Knowledge of stream providers (e.g. KAFKA).

Knowledge of structured response frameworks (e.g. MITRE ATT&CK, Lockheed Martin Kill Chain, Diamond Model).

Knowledge of transmission capabilities (e.g., Bluetooth, Radio Frequency Identification (RFID), Infrared Networking (IR), Wireless Fidelity (Wi-Fi). paging, cellular, satellite dishes, Voice over Internet Protocol (VoIP)).

Knowledge of WAN technologies such as PPP, Frame-relay, dedicated T1s, ISDN, and routing protocols

Knowledge of web applications and their common attack vectors.

Skill in applying STIG upgrades

Skill in cable management and organization

Skill in configuring and utilizing software-based computer protection tools (e.g., software firewalls, anti-virus software, anti-spyware).

Skill in implementing DHCP and DNS

Skill in router IOS backup, recovery, and upgrade.

Skill in understanding cybersecurity architecture, its implementation, and its expected behaviors and how changes in conditions affect outcomes.

Assess exploited systems’ potential to provide additional access, target development information, intelligence and/or covert infrastructure.

Consult with customers about network system design and maintenance.

Design countermeasures and mitigations against potential weaknesses and vulnerabilities in system and elements.

Design, develop, and modify network systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.

Detect exploits against networks and hosts and react accordingly (Does not apply to Red Team Interactive Operators).

Diagnose network connectivity problems.

Engage customers to understand their expectations and wants.

Evaluate security architecture and its design against cyberspace threats as identified in operational and acquisition documents.

Identify optimal locations for network sensor placement to collect on targeted devices.

Implement and enforce DCO policies and procedures reflecting applicable laws, policies, procedures, and regulations (such as United States Code Titles 10 and 50).

Maintain Operational, technical, and authoritative situational awareness during effects-based operations

Notify designated mission leadership or applicable team members of any suspected cyber incident.

Provide and maintain documentation for TTPs as inputs to training programs.

Provide feedback for RFI generation.

Repair network connectivity problems.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge of basic cloud-based technologies and concepts.

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge of intelligence sources and their characteristics.

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize information pertaining to target.

Knowledge of quality review process and procedures.

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission.

Skill in conducting derivative classification IAW organization standards/Policy

Skill in conducting quality review of serialized reports and reporting for time-sensitive USCYBERCOM operations.

Skill in developing and maintaining target profiles.

Skill in drafting serialized reports to support time-sensitive USCYBERCOM operations.

Skill in drafting serialized reports to the quality level meeting release standards.

Skill in executing post publication processes IAW organization standards/Policy

Skill in providing feedback to enhance future collection and analysis.

Skill in recognizing exploitation opportunities.

Skill in recognizing targeting opportunities and essential information.

Skill in releasing serialized and time-sensitive reports.

Apply analytic techniques to validate information or data in reporting.

Apply and/or develop analytic techniques to provide better intelligence.

Apply customer requirements to the analysis process.

Assist in the mitigation of collection gaps.

Assist planners in the development of courses of action

Conduct pre and post publication actions

Develop analytical techniques to gain more target information.

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Document and disseminate analytic findings.

Enable targeting offices to find new sources of collection.

Evaluate the strengths and weaknesses of the intelligence source.

Evaluate threat critical capabilities, requirements, and vulnerabilities.

Identify and facilitate partner relationships to enhance mission capabilities

Lead work role working groups/planning and development forums

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Mitigate collection gaps

Perform network analysis to support new or continued collection.

Perform quality review and provide feedback on the materials delivered on which analysis and reporting is conducted.

Prioritize reporting based on SIGINT reporting instructions or other mission reporting priorities.

Produce digital network intelligence against specific named target sets.

Provide intel target recommendations which meet leadership objectives.

Provide SME support for the development and implementation of exercises.

Select, build, and develop query strategies against appropriate collection databases.

Understand hacker TTPs and methodologies.

Understand network components and their functionality to enable analysis and target development.

Understand technologies used by a given target

Verify and validate that network graphics are accurate and comply with reporting policy.

* Knowledge of computer networking concepts and protocols, and network security methodologies.

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

* Knowledge of cybersecurity principles.

* Knowledge of cyber threats and vulnerabilities.

* Knowledge of specific operational impacts of cybersecurity lapses.

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Ability to contribute to the collection management process

Knowledge of Critical Intelligence Communication (CRITIC) identification and reporting process.

Knowledge of cryptologic and SIGINT reporting and dissemination procedures.

Knowledge of cybersecurity concepts and principles.

Knowledge of data communications terminology (e.g., networking protocols, Ethernet, IP, encryption, optical devices, removable media).

Knowledge of how and when to request assistance from the Cryptanalysis and Signals Analysis and/or CNO.

Knowledge of intelligence sources and their characteristics.

Knowledge of methods, tools, sources, and techniques used to research, integrate and summarize all-source information pertaining to target.

Knowledge of quality review process and procedures.

Knowledge of SIGINT laws and directives.

Knowledge of the overall mission of the Cyber Mission Forces (CMF).

Knowledge of the specific missions for CMF (i.e., Cyber Mission Teams (CMT), National Mission Teams (NMT), Combat Support Team (CST), National Support Team (NST), Cyber Protection Team (CPT).

Knowledge of the U.S. Cryptologic Systems authorities, responsibilities, and contributions to the cyberspace operations mission.

Skill in geolocating targets.

Skill in operational use of raw collection databases.

Skill in performing data fusion from all-source intelligence for geospatial analysis.

Skill in providing feedback to enhance future collection and analysis.

Skill in recognizing exploitation opportunities.

Skill in recognizing the value of survey data.

Skill in selector normalization.

Skill in targeting (e.g., selectors).

Apply and/or develop analytic techniques to provide better intelligence.

Apply customer requirements to the analysis process.

Assist planners in the development of courses of action

Be aware of hacker TTPs and methodologies.

Develop analytical techniques to gain more target information.

Develop and lead exercises

Develop and maintain target profiles using appropriate corporate tools and databases (e.g. Target associations, activities, communication infrastructures, etc.).

Document and disseminate analytic findings.

Enable targeting offices to find new sources of collection.

Evaluate the strengths and weaknesses of the intelligence source.

Identify and facilitate partner relationships to enhance mission capabilities

Lead work role working groups/planning and development forums

Manipulate information in mission relevant databases (e.g., converting data, generating reports).

Mitigate collection gaps

Perform network analysis to support new or continued collection.

Produce digital network intelligence against specific named target sets.

Provide input to training and mitigation plan based on advancements in hardware and software technologies (e.g. attend training or conferences, reading) and their potential implications.

Provide intel target recommendations which meet leadership objectives.

Provide time sensitive support to operations.

Select, build, and develop query strategies against appropriate collection databases.

Understand technologies used by a given target