• Develops system concepts and works on the capabilities phases of the systems development lifecycle.
• Translates technology and environmental conditions (e.g., laws, regulations, policies and technical standards) into system and security designs and processes.
• Provides recommendations for investment standards and policies that drive how controls will be applied across the organization.

• Systems Requirements Analysis
• Secure Network Design
• Secure Software Design
• Secure Systems Development
• Systems Testing and Evaluation
• Regulatory Advisory

• Examines data with the goal of providing new insight for the purposes of cybersecurity.
• Designs and implements custom algorithms, flow processes and layouts for complex, enterprise-scale data sets used for modeling, data analytics, and research purposes.
• Applies understanding of cybersecurity field to inform analytical methodologies and algorithms selected for implementation.
• Designs, builds, implements, integrates, and maintains systems and tools for data trend and pattern analysis of cyber data.
• Applies knowledge of statistics and mathematical theory to develop and integrate new and emerging technologies, such as machine learning and deep learning concepts and techniques.
• Communicates insights gained to mission user.

• Data Collection and Ingestion
• Data Management
• Statistical Modeling
• Data Visualization

• Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations.
• Plans and executes end-to-end cybersecurity operations to defend protected assets.
• Plans collection operations, retrieves and analyzes key intelligence data.
• Understands where to focus surveillance.
• Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.

• Intelligence Collection
• Intelligence Analysis

Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations – Intelligence Collection and Analysis focuses on the underlying competencies above.

• Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations.
• Plans and executes end-to-end cybersecurity operations to defend protected assets.
• Plans collection operations, retrieves and analyzes key intelligence data.
• Understands where to focus surveillance.
• Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.

• Operations Planning and Execution
• Operations Analysis

Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations – Planning, Execution, and Analysis focuses on the underlying competencies above.

• Conducts software, hardware, and systems engineering to develop new and refine/enhance existing technical capabilities, ensuring full integration with security objectives, principles and processes.
• Builds practical solutions in full consideration of lifecycle of costs, acquisitions, program and projects, management and budget.
• Identifies engineering requirements for, and ensures interoperability of, internal and external systems.
• Demonstrates strategic risk understanding, considering impact of security breaches or vulnerabilities in every aspect of the engineering process.
• Stays current on emerging technologies, and their applications to current and emerging business processes (e.g., cloud, mobile), and identifies and recommends methods for incorporating promising technologies to meet organizational cybersecurity requirements.

• Cybersecurity Hardware Engineering
• Cybersecurity Systems Engineering
• Secure Software/Application Design
• Cybersecurity Capability/Solutions Evaluation
• Cybersecurity Testing and Evaluation

• Applies knowledge of information security to define the organization’s direction and direct resources to achieve the mission.
• Develops and recommends policy changes to support mission needs.
• Manages security implications within the organization as directed.

Note: Always a secondary technical capability

• Strategic Planning
• Policy Advisement
• Cybersecurity Policy Development and Writing
• Cybersecurity Governance
• Cybersecurity Legislative Affairs

• Manages information security programs within the organization, to include strategic, personnel, security infrastructure, policy enforcement, emergency planning, security awareness, and acquisition considerations.

Note: Always a secondary technical capability

• Cybersecurity Program Design
• Cybersecurity Program Execution
• Cybersecurity Investment Management

• Conducts technology and/or feasibility research, development, and assessments.
• Provides, builds, tests and supports a prototype capability and/or evaluates its security and utility.
• Plans, conducts or oversees comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
• Ensures appropriate security measures are considered throughout each phase of the R&D lifecycle.

• Cybersecurity Research Planning
• Cybersecurity Research Development and Delivery
• Cybersecurity Research Testing and Evaluation

• Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to ensure that existing and new information technology systems meet the Department’s cybersecurity and risk requirements, and provide decision makers with the knowledge to make well-informed risk decisions.
• Ensures that strategic considerations drive investment and operational decisions with regard to managing risk to organizational operations (including mission, function, image and reputation), organizational assets, individuals, other organizations (collaborating or partnering with federal agencies and contractors) and the Nation.
• Understands and utilizes the National Institute of Standards and Technology (NIST) series of documents.

• Organizational Risk Strategy
• Organizational Risk Assessment
• Organizational Risk Management
• Policy Interpretation

• Collects, analyzes, and reports on cybersecurity threats and threat actors to support operations.
• Understands and analyzes different sources of information (e.g., INTs [intelligence], open source, law enforcement data) on specific topics or targets.
• Provides tactical/operational analysis, including attribution of cyber actors using a variety of analytic techniques and tools.
• May also provide strategic-level analysis to support broader mission.
• Develops and communicates situational awareness of local, regional, and international cybersecurity threats impacting stakeholder missions and interests.

• Warning Analysis
• Threat Assessment
• Intelligence Analysis

• Collects, processes, analyzes, interprets, preserves, and presents digital evidence in support of network vulnerability mitigation, intelligence operations, and different types of investigations (including but not limited to administrative, criminal, counterintelligence and law enforcement).
• Applies tactics, techniques and procedures (TTP) for investigative processes.

• Forensic Analysis
• Cyber Investigation
• Reverse Engineering
• Malware Analysis

• Tracks and responds to prioritized urgent IT and cyber events and indicators of compromise (IOCs) to mitigate threats to networks, systems, and applications.
• Investigates and analyzes response activities and employs various advanced response and recovery approaches as appropriate.
• Applies understanding of tactics, techniques, and procedures for investigative processes, including identifying adversaries’ TTPs and applying corresponding defense or security controls.
• Conducts root cause analysis and response coordination, providing recommendations for mitigation.
• Executes recovery action plans and adapts plans to handle new developments.

• Incident Response and Recovery
• Network Monitoring and Defense
• Malware Analysis

• Applies expertise to understand designs, protocols, and physical configurations of purpose-built interconnected systems—such as industrial control systems, physical systems, and embedded systems—and can define and implement comprehensive countermeasures to detect threats and maintain the overall cybersecurity posture of these systems.

• Embedded Compute Systems
• ICS/SCADA
• Internet of Things
• Building/Facilities Automation

• Understands the installation, configuration, testing, operation, maintenance, and management of networks and their firewalls, including hardware and software, which permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.

• Network Engineering
• Operating Systems
• Distributed Systems
• Network Management

• Implements, configures, and manages security devices and systems (such as firewalls, intrusion detection and log collectors, and vulnerability scanners) in accordance with policies, procedures, and best practices.
• Installs, manages, and monitors security measures to support mitigation efforts; shares relevant information with system and network administrators.

• Security Systems Administration
• Systems Implementation Knowledge
• Information Systems Security Monitoring
• Continuity of Security Operations

• Conducts assessments of threats and vulnerabilities on networks/systems software and hardware, and develops and recommends appropriate mitigation countermeasures.
• Develops and conducts tests of systems to evaluate compliance with specifications and requirements in accordance with policy, benchmarks and industry best practices, by validating technical, functional, and performance characteristics of systems or their elements.
• Coordinates and aligns with program offices and various stakeholders.

• Vulnerability Risk Assessment
• Penetration Testing