- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of applicable business processes and operations of customer organizations.
- Knowledge of capabilities and requirements analysis.
- Knowledge of encryption algorithms
- Knowledge of cryptography and cryptographic key management concepts
- Knowledge of resiliency and redundancy.
- Knowledge of installation, integration, and optimization of system components.
- Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- Knowledge of industry-standard and organizationally accepted analysis principles and methods.
- Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of information security systems engineering principles (NIST SP 800-160).
- Knowledge of information technology (IT) architectural concepts and frameworks.
- Knowledge of microprocessors.
- Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- Knowledge of new and emerging information technology (IT) and cybersecurity technologies.
- Knowledge of operating systems.
- Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of parallel and distributed computing concepts.
- Knowledge of Privacy Impact Assessments.
- Knowledge of process engineering concepts.
- Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
- Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
- Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
- Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
- Knowledge of system life cycle management principles, including software security and usability.
- Knowledge of systems testing and evaluation methods.
- Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
- Knowledge of the organization’s enterprise information technology (IT) goals and objectives.
- Knowledge of the systems engineering process.
- Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- Knowledge of critical information technology (IT) procurement requirements.
- Knowledge of functionality, quality, and security requirements and how these will apply to specific items of supply (i.e., elements and processes).
- Knowledge of applicable laws, statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures.
- Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
- Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
- Knowledge of an organization's information classification program and procedures for information compromise.
- Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
- Knowledge of controls related to the use, processing, storage, and transmission of data.
Systems Requirements Planner
Consults with customers to evaluate functional requirements and translate functional requirements into technical solutions.
- Conduct risk analysis, feasibility study, and/or trade-off analysis to develop, document, and refine functional requirements and specifications.
- Consult with customers to evaluate functional requirements.
- Coordinate with systems architects and developers, as needed, to provide oversight in the development of design solutions.
- Define project scope and objectives based on customer requirements.
- Develop and document requirements, capabilities, and constraints for design procedures and processes.
- Integrate and align information security and/or cybersecurity policies to ensure that system analysis meets security requirements.
- Oversee and make recommendations regarding configuration management.
- Perform needs analysis to determine opportunities for new and improved business process solutions.
- Prepare use cases to justify the need for specific information technology (IT) solutions.
- Translate functional requirements into technical solutions.
- Develop and document supply chain risks for critical system elements, as appropriate.
- Develop and document User Experience (UX) requirements including information architecture and user interface requirements.
- Design and document quality standards.
- Document a system's purpose and preliminary system security concept of operations.
- Ensure that all systems components can be integrated and aligned (e.g., procedures, databases, policies, software, and hardware).
- Define baseline security requirements in accordance with applicable guidelines.
- Develop cost estimates for new or modified system(s).
- Manage the information technology (IT) planning process to ensure that developed solutions meet customer requirements.