Systems Security Analyst

Work Role ID: 461 | Workforce Element: Software Engineering

What does this work role do? Responsible for analysis and development of systems/software security through the product lifecycle to include integration, testing, operations and maintenance.

CORE KSATs

KSAT ID	Description	KSAT
22	* Knowledge of computer networking concepts and protocols, and network security methodologies.	Knowledge
25	Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).	Knowledge
43A	Knowledge of embedded systems.	Knowledge
51	Knowledge of how system components are installed, integrated, and optimized.	Knowledge
63	Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	Knowledge
70	Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).	Knowledge
79	Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).	Knowledge
82A	Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.	Knowledge
90	Knowledge of operating systems.	Knowledge
92	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).	Knowledge
108	* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	Knowledge
109A	Knowledge of configuration management techniques.	Knowledge
110A	Knowledge of security management.	Knowledge
111	Knowledge of security system design tools, methods, and techniques.	Knowledge
119	Knowledge of software engineering.	Knowledge
130A	Knowledge of systems security testing and evaluation methods.	Knowledge
133	Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).	Knowledge
160A	Skill in assessing security systems designs.	Skill
177B	Knowledge of countermeasures for identified security risks.	Knowledge
179A	Skill in assessing security controls based on cybersecurity principles and tenets.	Skill
180	Skill in designing the integration of hardware and software solutions.	Skill
183	Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.	Skill
191	Skill in developing and applying security system access controls.	Skill
199	Skill in evaluating the adequacy of security designs.	Skill
420	Apply security policies to meet security objectives of the system.	Task
525A	Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.	Task
559A	Analyze and report organizational security posture trends.	Task
559B	Analyze and report system security posture trends.	Task
571	Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.	Task
576	Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.	Task
593A	Assess adequate access controls based on principles of least privilege and need-to-know.	Task
661A	Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.	Task
729A	Verify minimum security requirements are in place for all applications.	Task
782	Plan and recommend modifications or adjustments based on exercise results or system environment.	Task
795	Properly document all systems security implementation, operations and maintenance activities and update as necessary.	Task
806A	Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.	Task
876	Verify and update security documentation reflecting the application/system security design features.	Task
922A	Knowledge of how to use network analysis tools to identify vulnerabilities.	Knowledge
1034A	Knowledge of Personally Identifiable Information (PII) data security standards.	Knowledge
1037A	Knowledge of information technology (IT) risk management policies, requirements, and procedures.	Knowledge
1040A	Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.	Knowledge
1141A	Knowledge of an organization’s information classification program and procedures for information compromise.	Knowledge
1157	* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.	Knowledge
1158	* Knowledge of cybersecurity principles.	Knowledge
1159	* Knowledge of cyber threats and vulnerabilities.	Knowledge
2054	Assess the effectiveness of security controls.	Task
3642	Knowledge of various types of computer architectures.	Knowledge
5050	Assess all the configuration management (change configuration/release management) processes.	Task
6900	* Knowledge of specific operational impacts of cybersecurity lapses.	Knowledge
6935	* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).	Knowledge
6938	* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.	Knowledge

ADDITIONAL KSATs

KSAT ID	Description	KSAT
3C	Skill in recognizing vulnerabilities in information and/or data systems.	Skill
21	Knowledge of computer algorithms.	Knowledge
27A	Knowledge of cryptology.	Knowledge
34	Knowledge of database systems.	Knowledge
52	Knowledge of human-computer interaction principles.	Knowledge
58	Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.	Knowledge
75A	Knowledge of mathematics, including logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis.	Knowledge
94	Knowledge of parallel and distributed computing concepts.	Knowledge
144	Knowledge of the systems engineering process.	Knowledge
238A	Skill in writing code in a currently supported programming language (e.g., Java, C++).	Skill
417	Apply coding and testing standards, apply security testing tools including “‘fuzzing” static-analysis code scanning tools, and conduct code reviews.	Task
419	Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.	Task
421	Apply service oriented security architecture principles to meet organization’s confidentiality, integrity, and availability requirements.	Task
572	Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.	Task
602	Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.	Task
653B	Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.	Task
660	Implement specific cybersecurity countermeasures for systems and/or applications.	Task
670A	Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.	Task
671	Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.	Task
710	Monitor and evaluate a system’s compliance with information technology (IT) security, resilience, and dependability requirements.	Task
717A	Assess and monitor cybersecurity related to system implementation and testing practices.	Task
754	Perform cybersecurity testing of developed applications and/or systems.	Task
765	Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.	Task
806	Provide cybersecurity guidance to leadership.	Task
809	Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).	Task
880A	Work with stakeholders to resolve computer security incidents and vulnerability compliance.	Task
936	Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).	Task
938A	Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.	Task
1006	Create auditable evidence of security measures.	Task
1034B	Knowledge of Payment Card Industry (PCI) data security standards.	Knowledge
1039B	Knowledge of how to evaluate the trustworthiness of the supplier and/or product.	Knowledge
1072	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).	Knowledge
1073	Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.	Knowledge
1132A	Knowledge of information technology (IT) service catalogues.	Knowledge
1133	Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).	Knowledge
1135	Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).	Knowledge
1138A	Knowledge of developing and applying user credential management system.	Knowledge
1139A	Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.	Knowledge
1142	Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).	Knowledge
5928	Identify, define, and document system security requirements and recommend solutions to management.	Task
5929	Install software that monitors systems and networks for security breaches and intrusions.	Task
5930	Educate and train staff on information system security best practices.	Task
5931	Select and use appropriate security testing tools.	Task
5932	Select and use appropriate secure coding standards and analyze code for common weaknesses, vulnerabilities, and hardening against common attack patterns.	Task
6140	Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.	Ability
6210	Knowledge of cloud service models and possible limitations for an incident response.	Knowledge
6240	Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).	Knowledge
6910	Ability to determine whether a security incident violates a privacy principle or legal standard requiring specific legal action.	Ability
6918	Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.	Ability
7079	Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.	Knowledge
7080	Knowledge of database security.	Knowledge
7081	Knowledge of vulnerabilities of various encryption systems.	Knowledge
7082	Ability to implement Zero Trust security in DoD Systems/Software.	Ability