LOCATION: Saint Louis, Missouri
EXPERIENCE LEVEL: Intermediate
CLEARANCE: TOP SECRET/SCI
WORK ROLE DESCRIPTION:
Designs, develops, tests, and evaluates information system security throughout the systems development life cycle.
TASKS:
T0012: Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
T0015: Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
T0018: Assess the effectiveness of cybersecurity measures utilized by system(s).
T0019: Assess threats to and vulnerabilities of computer system(s) to develop a security risk profile.
T0021: Build, test, and modify product prototypes using working models or theoretical models.
T0032: Conduct Privacy Impact Assessments (PIAs) of the application’s security design for the appropriate security controls, which protect the confidentiality and integrity of Personally Identifiable Information (PII).
T0053: Design and develop cybersecurity or cybersecurity-enabled products.
T0055: Design hardware, operating systems, and software applications to adequately address cybersecurity requirements.
T0056: Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
T0061: Develop and direct system testing and validation procedures and documentation.
T0069: Develop detailed security design documentation for component and interface specifications to support system design and development.
T0070: Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
T0076: Develop risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.
T0078: Develop specific cybersecurity countermeasures and risk mitigation strategies for systems and/or applications.
T0105: Identify components or elements, allocate security functions to those elements, and describe the relationships between the elements.
ABILITIES:
A0001: Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
A0008: Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization's enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
A0012: Ability to ask clarifying questions.
A0013: Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
A0019: Ability to produce technical documentation.
A0026: Ability to analyze test data.
A0040: Ability to translate data and test results into evaluative conclusions.
A0048: Ability to apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
A0049: Ability to apply secure system design tools, methods and techniques.
A0050: Ability to apply system design tools, methods, and techniques, including automated systems analysis and design tools.
A0056: Ability to ensure security practices are followed throughout the acquisition process.
A0061: Ability to design architectures and frameworks. A0074: Ability to collaborate effectively with others.
A0089: Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
A0098: Ability to participate as a member of planning teams, coordination groups, and task forces as necessary.
A0108: Ability to understand objectives and effects.
A0119: Ability to understand the basic concepts and issues related to cyber and its organizational impact.
EDUCATION:
Bachelor degree or higher from an accredited college or university
Prefer an accredited Computer Science, Cyber Security, Information Technology, Software Engineering, Information Systems, or Computer Engineering degree; or a degree in a Mathematics or Engineering field.
CERTIFICATION REQUIREMENT(S) (e.g., DoD 8570.01-M):
IAT, IAM, or IASAE Level 3