Icon that says Operate and Maintain with wrench and hammer together in x shape image.

Studies an organization's current computer systems and procedures, and designs information systems solutions to help the organization operate more securely, efficiently, and effectively. Brings business and information technology (IT) together by understanding the needs and limitations of both.

Below are the roles for this Specialty Area. Click each role to see the KSAs (Knowledge, Skills, and Abilities) and Tasks.

  • A0015: Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
  • A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • K0001: Knowledge of computer networking concepts and protocols, and network security methodologies. 
  • K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 
  • K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 
  • K0004: Knowledge of cybersecurity and privacy principles. 
  • K0005: Knowledge of cyber threats and vulnerabilities. 
  • K0006: Knowledge of specific operational impacts of cybersecurity lapses. 
  • K0015: Knowledge of computer algorithms. 
  • K0018: Knowledge of encryption algorithms 
  • K0019: Knowledge of cryptography and cryptographic key management concepts 
  • K0024: Knowledge of database systems. 
  • K0035: Knowledge of installation, integration, and optimization of system components.
  • K0036: Knowledge of human-computer interaction principles.
  • K0040: Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins). 
  • K0044: Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • K0049: Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 
  • K0052: Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis). 
  • K0056: Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). 
  • K0060: Knowledge of operating systems.
  • K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0063: Knowledge of parallel and distributed computing concepts.
  • K0075: Knowledge of security system design tools, methods, and techniques.
  • K0082: Knowledge of software engineering.
  • K0093: Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). 
  • K0102: Knowledge of the systems engineering process.
  • K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
  • K0180: Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 
  • K0200: Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0203: Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • K0227: Knowledge of various types of computer architectures.
  • K0260: Knowledge of Personally Identifiable Information (PII) data security standards. 
  • K0261: Knowledge of Payment Card Industry (PCI) data security standards. 
  • K0262: Knowledge of Personal Health Information (PHI) data security standards. 
  • K0263: Knowledge of information technology (IT) risk management policies, requirements, and procedures. 
  • K0266: Knowledge of how to evaluate the trustworthiness of the supplier and/or product. 
  • K0267: Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures. 
  • K0275: Knowledge of configuration management techniques.
  • K0276: Knowledge of security management.
  • K0281: Knowledge of information technology (IT) service catalogues.
  • K0284: Knowledge of developing and applying user credential management system.
  • K0285: Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
  • K0287: Knowledge of an organization's information classification program and procedures for information compromise. 
  • K0290: Knowledge of systems security testing and evaluation methods.
  • K0297: Knowledge of countermeasure design for identified security risks.
  • K0322: Knowledge of embedded systems.
  • K0333: Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • K0339: Knowledge of how to use network analysis tools to identify vulnerabilities.
  • S0024: Skill in designing the integration of hardware and software solutions.
  • S0027: Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
  • S0031: Skill in developing and applying security system access controls.
  • S0036: Skill in evaluating the adequacy of security designs.
  • S0060: Skill in writing code in a currently supported programming language (e.g., Java, C++).
  • S0141: Skill in assessing security systems designs.
  • S0147: Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). 
  • S0167: Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning). 
  • S0367: Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 
  • T0015: Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
  • T0016: Apply security policies to meet security objectives of the system.
  • T0017: Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
  • T0085: Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
  • T0086: Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
  • T0088: Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
  • T0123: Implement specific cybersecurity countermeasures for systems and/or applications.
  • T0128: Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
  • T0169: Perform cybersecurity testing of developed applications and/or systems.
  • T0177: Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
  • T0187: Plan and recommend modifications or adjustments based on exercise results or system environment.
  • T0194: Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
  • T0202: Provide cybersecurity guidance to leadership.
  • T0205: Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
  • T0243: Verify and update security documentation reflecting the application/system security design features.
  • T0309: Assess the effectiveness of security controls.
  • T0344: Assess all the configuration management (change configuration/release management) processes.
  • T0462: Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
  • T0469: Analyze and report organizational security posture trends.
  • T0470: Analyze and report system security posture trends.
  • T0475: Assess adequate access controls based on principles of least privilege and need-to-know.
  • T0477: Ensure the execution of disaster recovery and continuity of operations.
  • T0485: Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
  • T0489: Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
  • T0492: Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.
  • T0499: Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
  • T0504: Assess and monitor cybersecurity related to system implementation and testing practices.
  • T0508: Verify minimum security requirements are in place for all applications.
  • T0526: Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
  • T0545: Work with stakeholders to resolve computer security incidents and vulnerability compliance.
  • T0548: Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.
  • Capability Indicators for Systems Security Analyst
    Category Entry Intermediate Advanced
    Credentials/Certifications
    • Recommended: N/A
    • Example Types: N/A
    • Example Topics: N/A
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Certifications addressing enterprise security, risk management and incident response, research and analysis, integration of computing, communications and business disciplines as well as technical integration of enterprise components, categorization of information systems, selection of security controls, security control implementation and assessment, information system authorization, monitoring of security controls, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, malicious code countermeasures, strategic program management, program lifecycle (initiating, planning, executing, controlling, closing), benefits management, stakeholder management, and governance
    • Recommended: Not essential but may be beneficial
    • Example Topics: Certifications addressing network types, network media, switching fundamentals, TCP/IP, IP addressing and routing, WAN technologies, operating and configuring IOS devices, and managing network environments, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, focus on new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, access control theory, alternate network mapping techniques, authentication and password management, common types of attacks, contingency planning, critical security controls, concepts, crypto fundamentals, defense-in-depth, DNS, firewalls, honeypots, ICMP, incident handling fundamentals, intrusion detection overview, IP packets, IPS overview, IPv6, legal aspects of incident handling, Mitnick-Shimomura attack, network addressing, network fundamentals, network mapping and scanning, network protocol, policy framework, protecting data at rest, PKI, reading packets, risk management, securing server services, SIEM/Log management, steganography overview, TCP, UDP, virtual private networks, viruses and malicious code, vulnerability management overview, vulnerability scanning, web application security, auditing and forensics, network security overview, permissions and user rights, security templates and group policy, service packs, hotfixes and backups, active directory and group policy overview, wireless security, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, and malicious code countermeasures, network and endpoint security technologies, network protocols for managers, project management and business situational awareness, selling and managing the mission, strategic program management, program lifecycle (initiating, planning, executing, controlling, closing), benefits management, stakeholder management, and governance
    Continuous Learning
    • Recommended: N/A
    • Examples: N/A
    • Recommended: Not essential but may be beneficial
    • Examples: 40 hours annually (may include formal training, conferences, rotations, developing publications, coaching or teaching others)
    • Recommended: Yes
    • Examples: 40 hours annually, work role rotations (presenting at conferences, developing publications, coaching others, or teaching internally or at a university)
    Education
    • Recommended: No (not an Entry-level Work Role)
    • Example Types: N/A
    • Example Topics: N/A
    • Recommended: Not essential but may be beneficial
    • Example Types: Bachelor's (certifications addressing information systems security, advanced systems management, may substitute education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    • Recommended: Not essential but may be beneficial
    • Example Types: Bachelor's, Master's, Ph.D. (certifications addressing information systems security and advanced systems management may substitute education)
    • Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
    Experiential Learning
    • Recommended: N/A
    • Examples: N/A
    • Recommended: Not essential but may be beneficial
    • Examples: Information assurance technician level II, information assurance manager, network
    • Recommended: Yes
    • Examples: 7+ of experience directly performing configurations and security implementations on LAN and WAN equipment, information assurance technician level III, information assurance manager, network
    Training
    • Recommended: N/A
    • Example Types: N/A
    • Example Topics: N/A
    • Recommended: Not essential but may be beneficial
    • Example Types: N/A
    • Example Topics: Information systems security, network security vulnerability, advanced network analysis, and software products
    • Recommended: Yes
    • Example Types: N/A
    • Example Topics: Self- or instructor-led training in the areas of LAN, WAN architectures, and network security