System Testing and Evaluation Specialist

Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
  • Knowledge of computer networking concepts and protocols, and network security methodologies.
  • Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • Knowledge of cybersecurity and privacy principles.
  • Knowledge of cyber threats and vulnerabilities.
  • Knowledge of specific operational impacts of cybersecurity lapses.
  • Knowledge of organization's enterprise information security architecture.
  • Knowledge of organization's evaluation and validation requirements.
  • Knowledge of Security Assessment and Authorization process.
  • Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Knowledge of network hardware devices and functions.
  • Knowledge of systems administration concepts.
  • Knowledge of systems testing and evaluation methods.
  • Knowledge of the systems engineering process.
  • Knowledge of interpreted and compiled computer languages.
  • Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
  • Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
  • Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Knowledge of cybersecurity-enabled software products.
  • Knowledge of Test & Evaluation processes for learners.
  • Knowledge of Personally Identifiable Information (PII) data security standards.
  • Knowledge of Payment Card Industry (PCI) data security standards.
  • Knowledge of Personal Health Information (PHI) data security standards.
  • Knowledge of an organization's information classification program and procedures for information compromise.
  • Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • Skill in conducting test events.
  • Skill in designing a data analysis structure (i.e., the types of data a test must generate and how to analyze that data).
  • Skill in determining an appropriate level of test rigor for a given system.
  • Skill in developing operations-based testing scenarios.
  • Skill in systems integration testing.
  • Skill in writing code in a currently supported programming language (e.g., Java, C++).
  • Skill in writing test plans.
  • Skill in evaluating test plans for applicability and completeness.
  • Skill in conducting Test Readiness Reviews.
  • Skill in designing and documenting overall program Test & Evaluation strategies.
  • Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
  • Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
  • Skill in preparing Test & Evaluation reports.
  • Skill in providing Test & Evaluation resource estimate.
  • Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Ability to analyze test data.
  • Ability to collect, verify, and validate test data.
  • Ability to translate data and test results into evaluative conclusions.
  • Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • Determine level of assurance of developed capabilities based on test results.
  • Develop test plans to address specifications and requirements.
  • Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
  • Make recommendations based on test results.
  • Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
  • Create auditable evidence of security measures.
  • Validate specifications and requirements for testability.
  • Analyze the results of software, hardware, or interoperability testing.
  • Perform developmental testing on systems under development.
  • Perform interoperability testing on systems exchanging electronic information with other systems.
  • Perform operational testing.
  • Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
  • Record and manage test data.