Cyber Career Pathways Tool

Show Core Relationships

Toggle the top 5 relationships based on all or core shared tasks, knowledge, skills, and abilities.

Show Core Relationships

Begin typing to search work role names.

Select a second role.

Details

Systems Security Analyst

Responsible for the analysis and development of the integration, testing, operations, and maintenance of systems security.

Community: Cybersecurity

Category: Operate and Maintain

Specialty Area: Systems Analysis

OPM ID: 461

See USAJOBS listings coded for Systems Security Analyst

Related Functional Titles

The following job titles have been identified by subject matter experts as either alternative titles for this work role or including the functions of this work role as part of their job duties.

Cybersecurity Analyst
Information Assurance Operational Engineer
Information Assurance Specialist
Information Security Analyst / Administrator
Information Systems Security Analyst / Specialist
Network Security Vulnerability Technician (NSVT)
Security Analyst
Systems Analyst
Systems Compliance Analyst
Systems Security Specialist

View Cyber Career Pathway Documents

Tasks

Legend

C: Core Tasks
A: Additional Tasks
: Aligned to the role
: Not aligned to the role
A*: Not included in the initial analysis to determine whether it is Core or Additional to the work role.

ImportanceAligned	Tasks ID	Tasks Description
Additional	T0015	Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
Core	T0016	Apply security policies to meet security objectives of the system.
Additional	T0017	Apply service-oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
Core	T0085	Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
Additional	T0086	Ensure that the application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
Core	T0088	Ensure that cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Additional	T0123	Implement specific cybersecurity countermeasures for systems and/or applications.
Additional	T0128	Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
Additional	T0169	Perform cybersecurity testing of developed applications and/or systems.
Additional	T0177	Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
Core	T0187	Plan and recommend modifications or adjustments based on exercise results or system environment.
Core	T0194	Properly document all systems security implementation, operations, and maintenance activities and update as necessary.
Additional	T0202	Provide cybersecurity guidance to leadership.
Additional	T0205	Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Core	T0243	Verify and update security documentation reflecting the application/system security design features.
Core	T0309	Assess the effectiveness of security controls.
Core	T0344	Assess all the configuration management (change configuration/release management) processes.
Core	T0462	Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
Core	T0469	Analyze and report organizational security posture trends.
Core	T0470	Analyze and report system security posture trends.
Core	T0475	Assess adequate access controls based on principles of least privilege and need-to-know.
Additional	T0477	Ensure the execution of disaster recovery and continuity of operations.
Core	T0485	Implement security measures to resolve vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.
Core	T0489	Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
Additional	T0492	Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.
Core	T0499	Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative.
Additional	T0504	Assess and monitor cybersecurity related to system implementation and testing practices.
Core	T0508	Verify minimum security requirements are in place for all applications.
Core	T0526	Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
Additional	T0545	Work with stakeholders to resolve computer security incidents and vulnerability compliance.
Additional	T0548	Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

KSAs

Knowledge

Legend

C: Core Knowledge
A: Additional Knowledge
: Aligned to the role
: Not aligned to the role
A*: Not included in the initial analysis to determine whether it is Core or Additional to the work role.

ImportanceAligned	Knowledge ID	Knowledge Description
Core	K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.
Core	K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
Core	K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
Core	K0004	Knowledge of cybersecurity and privacy principles.
Core	K0005	Knowledge of cyber threats and vulnerabilities.
Core	K0006	Knowledge of specific operational impacts of cybersecurity lapses.
Additional	K0015	Knowledge of computer algorithms.
Core	K0018	Knowledge of encryption algorithms
Core criticality not evaluated	K0019	Knowledge of cryptography and cryptographic key management concepts
Additional	K0024	Knowledge of database systems.
Core	K0035	Knowledge of installation, integration, and optimization of system components.
Additional	K0036	Knowledge of human-computer interaction principles.
Additional	K0040	Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
Core	K0044	Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Core	K0049	Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
Core criticality not evaluated	K0052	Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
Core	K0056	Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
Core	K0060	Knowledge of operating systems.
Core	K0061	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
Additional	K0063	Knowledge of parallel and distributed computing concepts.
Core	K0075	Knowledge of security system design tools, methods, and techniques.
Core	K0082	Knowledge of software engineering.
Core	K0093	Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
Additional	K0102	Knowledge of the systems engineering process.
Additional	K0179	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Additional	K0180	Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
Additional	K0200	Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
Additional	K0203	Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
Core	K0227	Knowledge of various types of computer architectures.
Core	K0260	Knowledge of Personally Identifiable Information (PII) data security standards.
Additional	K0261	Knowledge of Payment Card Industry (PCI) data security standards.
Core	K0262	Knowledge of Personal Health Information (PHI) data security standards.
Core	K0263	Knowledge of information technology (IT) risk management policies, requirements, and procedures.
Additional	K0266	Knowledge of how to evaluate the trustworthiness of the supplier and/or product.
Core	K0267	Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
Core	K0275	Knowledge of configuration management techniques.
Core	K0276	Knowledge of security management.
Additional	K0281	Knowledge of information technology (IT) service catalogues.
Additional	K0284	Knowledge of developing and applying user credential management system.
Additional	K0285	Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
Core	K0287	Knowledge of an organization's information classification program and procedures for information compromise.
Core	K0290	Knowledge of systems security testing and evaluation methods.
Core criticality not evaluated	K0297	Knowledge of countermeasure design for identified security risks.
Core	K0322	Knowledge of embedded systems.
Core	K0333	Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
Core	K0339	Knowledge of how to use network analysis tools to identify vulnerabilities.

Skills

Legend

C: Core Skills
A: Additional Skills
: Aligned to the role
: Not aligned to the role
A*: Not included in the initial analysis to determine whether it is Core or Additional to the work role.

ImportanceAligned	Skills ID	Skills Description
Core	S0024	Skill in designing the integration of hardware and software solutions.
Core	S0027	Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
Core	S0031	Skill in developing and applying security system access controls.
Core	S0036	Skill in evaluating the adequacy of security designs.
Core criticality not evaluated	S0060	Skill in writing code in a currently supported programming language (e.g., Java, C++).
Core	S0141	Skill in assessing security systems designs.
Core	S0147	Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
Core	S0167	Skill in recognizing vulnerabilities in security systems. (e.g., vulnerability and compliance scanning).
Core criticality not evaluated	S0367	Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Abilities

Legend

C: Core Abilities
A: Additional Abilities
: Aligned to the role
: Not aligned to the role
A*: Not included in the initial analysis to determine whether it is Core or Additional to the work role.

ImportanceAligned	Abilities ID	Abilities Description
Additional	A0015	Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
Core criticality not evaluated	A0123	Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Capability Indicators

Capability Indicators for Systems Security Analyst
Category	Entry	Intermediate	Advanced
Credentials/Certifications	Entry Recommended: N/A Example Types: N/A Example Topics: N/A	Intermediate Recommended: Not essential but may be beneficial Example Types: N/A Example Topics: Certifications addressing enterprise security, risk management and incident response, research and analysis, integration of computing, communications and business disciplines as well as technical integration of enterprise components, categorization of information systems, selection of security controls, security control implementation and assessment, information system authorization, monitoring of security controls, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, malicious code countermeasures, strategic program management, program lifecycle (initiating, planning, executing, controlling, closing), benefits management, stakeholder management, and governance	Advanced Recommended: Not essential but may be beneficial Example Topics: Certifications addressing network types, network media, switching fundamentals, TCP/IP, IP addressing and routing, WAN technologies, operating and configuring IOS devices, and managing network environments, system security, network infrastructure, access control, cryptography, assessments and audits, organizational security, focus on new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, access control theory, alternate network mapping techniques, authentication and password management, common types of attacks, contingency planning, critical security controls, concepts, crypto fundamentals, defense-in-depth, DNS, firewalls, honeypots, ICMP, incident handling fundamentals, intrusion detection overview, IP packets, IPS overview, IPv6, legal aspects of incident handling, Mitnick-Shimomura attack, network addressing, network fundamentals, network mapping and scanning, network protocol, policy framework, protecting data at rest, PKI, reading packets, risk management, securing server services, SIEM/Log management, steganography overview, TCP, UDP, virtual private networks, viruses and malicious code, vulnerability management overview, vulnerability scanning, web application security, auditing and forensics, network security overview, permissions and user rights, security templates and group policy, service packs, hotfixes and backups, active directory and group policy overview, wireless security, authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, and malicious code countermeasures, network and endpoint security technologies, network protocols for managers, project management and business situational awareness, selling and managing the mission, strategic program management, program lifecycle (initiating, planning, executing, controlling, closing), benefits management, stakeholder management, and governance
Continuous Learning	Entry Recommended: N/A Examples: N/A	Intermediate Recommended: Not essential but may be beneficial Examples: 40 hours annually (may include formal training, conferences, rotations, developing publications, coaching or teaching others)	Advanced Recommended: Yes Examples: 40 hours annually, work role rotations (presenting at conferences, developing publications, coaching others, or teaching internally or at a university)
Education	Entry Recommended: No (not an Entry-level Work Role) Example Types: N/A Example Topics: N/A	Intermediate Recommended: Not essential but may be beneficial Example Types: Bachelor's (certifications addressing information systems security, advanced systems management, may substitute education) Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering	Advanced Recommended: Not essential but may be beneficial Example Types: Bachelor's, Master's, Ph.D. (certifications addressing information systems security and advanced systems management may substitute education) Example Topics: Computer science, cybersecurity, information technology, software engineering, information systems, and computer engineering
Experiential Learning	Entry Recommended: N/A Examples: N/A	Intermediate Recommended: Not essential but may be beneficial Examples: Information assurance technician level II, information assurance manager, network	Advanced Recommended: Yes Examples: 7+ of experience directly performing configurations and security implementations on LAN and WAN equipment, information assurance technician level III, information assurance manager, network
Training	Entry Recommended: N/A Example Types: N/A Example Topics: N/A	Intermediate Recommended: Not essential but may be beneficial Example Types: N/A Example Topics: Information systems security, network security vulnerability, advanced network analysis, and software products	Advanced Recommended: Yes Example Types: N/A Example Topics: Self- or instructor-led training in the areas of LAN, WAN architectures, and network security

Common Relationships

Related Roles by KSAT

The following work roles are related by their shared tasks, knowledge, skills and abilities.

The following work roles are related by their shared core tasks, knowledge, skills and abilities.

Roles are listed by all or core shared KSATs, as selected.

Related Roles by KSAT	Percentage
651-Enterprise Architect	34.15%
632-Systems Developer	32.11%
511-Cyber Defense Analyst	31.93%
631-Information Systems Security Developer	28.23%
652-Security Architect	27.59%

Related Roles by Core KSAT	Percentage
612-Security Control Assessor	26.67%
632-Systems Developer	26.32%
723-Communications Security (COMSEC) Manager	22.22%
611-Authorizing Official/Designating Representative	16.67%
631-Information Systems Security Developer	16.44%

On Ramps

Off Ramps

Federal Data

The below list defines the most common occupational series used in the Federal Government for this specific work role. This can be used as an indicator for users for things like position descriptions. Some work roles require multiple codes to illustrate the breadth and depth of a work role. The secondary work roles listed below can help users to identify potential work role pairing. This data was pulled from The Office of Personnel Management (OPM) Federal Government-wide data as reported in 2020.

Top 5 Occupational Series

Top 5 Occupational Series	Percentage
2210-INFORMATION TECHNOLOGY MANAGEMENT	83.69%
0080-SECURITY ADMINISTRATION	3.73%
1550-COMPUTER SCIENCE	3.56%
0343-MANAGEMENT AND PROGRAM ANALYSIS	1.8%
0854-COMPUTER ENGINEERING	1.48%

Top 5 Secondary Work Roles

Top 5 Secondary Work Roles	Percentage
411-Technical Support Specialist	13.56%
541-Vulnerability Assessment Analyst	12.1%
612-Security Control Assessor	10.32%
722-Information Systems Security Manager	8.13%
451-System Administrator	7.61%

The Cyber Career Pathways Tool is developed and maintained in partnership with the Federal Cyber Workforce Management and Coordination Working Group.

This tool is based on the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NIST Special Publication 800-181, August 2017) and revisions published in late 2020 renaming the framework as the Workforce Framework for Cybersecurity (NIST Special Publication 800-181 Rev. 1, November 2020). Please visit the NICE Framework Resource Center for more information, as well as the latest updates.

Additional Resources

Find federal job announcements by cyber skills community on USAJOBS: IT, Cybersecurity, Cyber Effects, Intel (Cyber), and Cross-Functional.