- Knowledge of computer networking concepts and protocols, and network security methodologies.
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- Knowledge of cybersecurity and privacy principles.
- Knowledge of cyber threats and vulnerabilities.
- Knowledge of specific operational impacts of cybersecurity lapses.
- Knowledge of organization's enterprise information security architecture.
- Knowledge of organization's evaluation and validation requirements.
- Knowledge of Security Assessment and Authorization process.
- Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of network hardware devices and functions.
- Knowledge of systems administration concepts.
- Knowledge of systems testing and evaluation methods.
- Knowledge of the systems engineering process.
- Knowledge of interpreted and compiled computer languages.
- Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zachman, Federal Enterprise Architecture [FEA]).
- Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
- Knowledge of cybersecurity-enabled software products.
- Knowledge of Test & Evaluation processes for learners.
- Knowledge of Personally Identifiable Information (PII) data security standards.
- Knowledge of Payment Card Industry (PCI) data security standards.
- Knowledge of Personal Health Information (PHI) data security standards.
- Knowledge of an organization's information classification program and procedures for information compromise.
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
System Testing and Evaluation Specialist
Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.
- Skill in conducting test events.
- Skill in designing a data analysis structure (i.e., the types of data a test must generate and how to analyze that data).
- Skill in determining an appropriate level of test rigor for a given system.
- Skill in developing operations-based testing scenarios.
- Skill in systems integration testing.
- Skill in writing code in a currently supported programming language (e.g., Java, C++).
- Skill in writing test plans.
- Skill in evaluating test plans for applicability and completeness.
- Skill in conducting Test Readiness Reviews.
- Skill in designing and documenting overall program Test & Evaluation strategies.
- Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
- Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
- Skill in preparing Test & Evaluation reports.
- Skill in providing Test & Evaluation resource estimate.
- Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Ability to analyze test data.
- Ability to collect, verify, and validate test data.
- Ability to translate data and test results into evaluative conclusions.
- Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Determine level of assurance of developed capabilities based on test results.
- Develop test plans to address specifications and requirements.
- Install and maintain network infrastructure device operating system software (e.g., IOS, firmware).
- Make recommendations based on test results.
- Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.
- Create auditable evidence of security measures.
- Validate specifications and requirements for testability.
- Analyze the results of software, hardware, or interoperability testing.
- Perform developmental testing on systems under development.
- Perform interoperability testing on systems exchanging electronic information with other systems.
- Perform operational testing.
- Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
- Record and manage test data.