U.S. flag

An official website of the United States Government

One department.
Many jobs.

In the DHS Cybersecurity Service, you can chart a career path based on your interests, while honing critical skills. Whether you are looking for your first cybersecurity job or have spent years in the field, DHS has opportunities for you.

Different Cybersecurity Specializations

DHS Cybersecurity Service jobs are structured around the following cybersecurity specializations – called technical capabilities. Each technical capability includes a series of more specific security skills – called underlying technical competencies.

Technical Capability
Cybersecurity Architecture
Description
  • Develops system concepts and works on the capabilities phases of the systems development lifecycle.
  • Translates technology and environmental conditions (e.g., laws, regulations, policies and technical standards) into system and security designs and processes.
  • Provides recommendations for investment standards and policies that drive how controls will be applied across the organization.
Underlying Technical Competencies
  • Systems Requirements Analysis
  • Secure Network Design
  • Secure Software Design
  • Secure Systems Development
  • Systems Testing and Evaluation
  • Regulatory Advisory
Technical Capability
Cybersecurity Data Science
Description
  • Examines data with the goal of providing new insight for the purposes of cybersecurity.
  • Designs and implements custom algorithms, flow processes and layouts for complex, enterprise-scale data sets used for modeling, data analytics, and research purposes.
  • Applies understanding of cybersecurity field to inform analytical methodologies and algorithms selected for implementation.
  • Designs, builds, implements, integrates, and maintains systems and tools for data trend and pattern analysis of cyber data.
  • Applies knowledge of statistics and mathematical theory to develop and integrate new and emerging technologies, such as machine learning and deep learning concepts and techniques.
  • Communicates insights gained to mission user.
Underlying Technical Competencies
  • Data Collection and Ingestion
  • Data Management
  • Statistical Modeling
  • Data Visualization
Technical Capability
Cybersecurity Defensive Operations – Intelligence Collection and Analysis
Description
  • Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations.
  • Plans and executes end-to-end cybersecurity operations to defend protected assets.
  • Plans collection operations, retrieves and analyzes key intelligence data.
  • Understands where to focus surveillance.
  • Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.
Underlying Technical Competencies
  • Intelligence Collection
  • Intelligence Analysis
Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations – Intelligence Collection and Analysis focuses on the underlying competencies above.
Technical Capability
Cybersecurity Defensive Operations – Planning, Execution, and Analysis
Description
  • Responsible for the integration, management, and execution of all aspects of the cyber attack lifecycle to inform cyber defensive operations.
  • Plans and executes end-to-end cybersecurity operations to defend protected assets.
  • Plans collection operations, retrieves and analyzes key intelligence data.
  • Understands where to focus surveillance.
  • Oversees specialized denial and deception operations and collection of cybersecurity information that informs and develops the end-to-end operations.
Underlying Technical Competencies
  • Operations Planning and Execution
  • Operations Analysis
Note: There are two subtypes of Cybersecurity Defensive Operations. An individual whose primary technical capability is Cybersecurity Defensive Operations – Planning, Execution, and Analysis focuses on the underlying competencies above.
Technical Capability
Cybersecurity Engineering
Description
  • Conducts software, hardware, and systems engineering to develop new and refine/enhance existing technical capabilities, ensuring full integration with security objectives, principles and processes.
  • Builds practical solutions in full consideration of lifecycle of costs, acquisitions, program and projects, management and budget.
  • Identifies engineering requirements for, and ensures interoperability of, internal and external systems.
  • Demonstrates strategic risk understanding, considering impact of security breaches or vulnerabilities in every aspect of the engineering process.
  • Stays current on emerging technologies, and their applications to current and emerging business processes (e.g., cloud, mobile), and identifies and recommends methods for incorporating promising technologies to meet organizational cybersecurity requirements.
Underlying Technical Competencies
  • Cybersecurity Hardware Engineering
  • Cybersecurity Systems Engineering
  • Secure Software/Application Design
  • Cybersecurity Capability/Solutions Evaluation
  • Cybersecurity Testing and Evaluation
Technical Capability
Cybersecurity Policy
Description
  • Applies knowledge of information security to define the organization’s direction and direct resources to achieve the mission.
  • Develops and recommends policy changes to support mission needs.
  • Manages security implications within the organization as directed.

Note: Always a secondary technical capability

Underlying Technical Competencies
  • Strategic Planning
  • Policy Advisement
  • Cybersecurity Policy Development and Writing
  • Cybersecurity Governance
  • Cybersecurity Legislative Affairs
Technical Capability
Cybersecurity Program Management
Description
  • Manages information security programs within the organization, to include strategic, personnel, security infrastructure, policy enforcement, emergency planning, security awareness, and acquisition considerations.

Note: Always a secondary technical capability

Underlying Technical Competencies
  • Cybersecurity Program Design
  • Cybersecurity Program Execution
  • Cybersecurity Investment Management
Technical Capability
Cybersecurity Research and Development
Description
  • Conducts technology and/or feasibility research, development, and assessments.
  • Provides, builds, tests and supports a prototype capability and/or evaluates its security and utility.
  • Plans, conducts or oversees comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.
  • Ensures appropriate security measures are considered throughout each phase of the R&D lifecycle.
Underlying Technical Competencies
  • Cybersecurity Research Planning
  • Cybersecurity Research Development and Delivery
  • Cybersecurity Research Testing and Evaluation
Technical Capability
Cybersecurity Risk Management and Compliance
Description
  • Oversees, evaluates, and supports the documentation, validation, assessment, and authorization processes necessary to ensure that existing and new information technology systems meet the Department’s cybersecurity and risk requirements, and provide decision makers with the knowledge to make well-informed risk decisions.
  • Ensures that strategic considerations drive investment and operational decisions with regard to managing risk to organizational operations (including mission, function, image and reputation), organizational assets, individuals, other organizations (collaborating or partnering with federal agencies and contractors) and the Nation.
  • Understands and utilizes the National Institute of Standards and Technology (NIST) series of documents.
Underlying Technical Competencies
  • Organizational Risk Strategy
  • Organizational Risk Assessment
  • Organizational Risk Management
  • Policy Interpretation
Technical Capability
Cybersecurity Threat Analysis
Description
  • Collects, analyzes, and reports on cybersecurity threats and threat actors to support operations.
  • Understands and analyzes different sources of information (e.g., INTs [intelligence], open source, law enforcement data) on specific topics or targets.
  • Provides tactical/operational analysis, including attribution of cyber actors using a variety of analytic techniques and tools.
  • May also provide strategic-level analysis to support broader mission.
  • Develops and communicates situational awareness of local, regional, and international cybersecurity threats impacting stakeholder missions and interests.
Underlying Technical Competencies
  • Warning Analysis
  • Threat Assessment
  • Intelligence Analysis
Technical Capability
Digital Forensics
Description
  • Collects, processes, analyzes, interprets, preserves, and presents digital evidence in support of network vulnerability mitigation, intelligence operations, and different types of investigations (including but not limited to administrative, criminal, counterintelligence and law enforcement).
  • Applies tactics, techniques and procedures (TTP) for investigative processes.
Underlying Technical Competencies
  • Forensic Analysis
  • Cyber Investigation
  • Reverse Engineering
  • Malware Analysis
Technical Capability
Mitigation and Response
Description
  • Tracks and responds to prioritized urgent IT and cyber events and indicators of compromise (IOCs) to mitigate threats to networks, systems, and applications.
  • Investigates and analyzes response activities and employs various advanced response and recovery approaches as appropriate.
  • Applies understanding of tactics, techniques, and procedures for investigative processes, including identifying adversaries’ TTPs and applying corresponding defense or security controls.
  • Conducts root cause analysis and response coordination, providing recommendations for mitigation.
  • Executes recovery action plans and adapts plans to handle new developments.
Underlying Technical Competencies
  • Incident Response and Recovery
  • Network Monitoring and Defense
  • Malware Analysis
Technical Capability
Physical, Embedded, and Control Systems Security
Description
  • Applies expertise to understand designs, protocols, and physical configurations of purpose-built interconnected systems—such as industrial control systems, physical systems, and embedded systems—and can define and implement comprehensive countermeasures to detect threats and maintain the overall cybersecurity posture of these systems.
Underlying Technical Competencies
  • Embedded Compute Systems
  • ICS/SCADA
  • Internet of Things
  • Building/Facilities Automation
Technical Capability
Secure Network Operations
Description
  • Understands the installation, configuration, testing, operation, maintenance, and management of networks and their firewalls, including hardware and software, which permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems.
Underlying Technical Competencies
  • Network Engineering
  • Operating Systems
  • Distributed Systems
  • Network Management
Technical Capability
Security System Operations and Maintenance
Description
  • Implements, configures, and manages security devices and systems (such as firewalls, intrusion detection and log collectors, and vulnerability scanners) in accordance with policies, procedures, and best practices.
  • Installs, manages, and monitors security measures to support mitigation efforts; shares relevant information with system and network administrators.
Underlying Technical Competencies
  • Security Systems Administration
  • Systems Implementation Knowledge
  • Information Systems Security Monitoring
  • Continuity of Security Operations
Technical Capability
Vulnerability Assessment
Description
  • Conducts assessments of threats and vulnerabilities on networks/systems software and hardware, and develops and recommends appropriate mitigation countermeasures.
  • Develops and conducts tests of systems to evaluate compliance with specifications and requirements in accordance with policy, benchmarks and industry best practices, by validating technical, functional, and performance characteristics of systems or their elements.
  • Coordinates and aligns with program offices and various stakeholders.
Underlying Technical Competencies
  • Vulnerability Risk Assessment
  • Penetration Testing

DHS Cybersecurity Service employees apply these technical capabilities to contribute to our Nation's cybersecurity.

Most DHS Cybersecurity Service employees join with a primary technical capability, reflecting the majority of their cybersecurity technical expertise and experience.

Those just beginning a career in cybersecurity will work with DHS to identify and develop a primary technical capability.

Visit Resources for more information about DHS Cybersecurity Service technical capabilities.