Systems Developer
Work Role ID: SP-SYS-002Designs, develops, tests, and evaluates information systems throughout the systems development life cycle.Category: Securely ProvisionSpecialty Area: Systems Development
Abilities
- A0123: Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- A0170: Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Knowledge
- K0001: Knowledge of computer networking concepts and protocols, and network security methodologies.
- K0002: Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003: Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004: Knowledge of cybersecurity and privacy principles.
- K0005: Knowledge of cyber threats and vulnerabilities.
- K0006: Knowledge of specific operational impacts of cybersecurity lapses.
- K0015: Knowledge of computer algorithms.
- K0018: Knowledge of encryption algorithms
- K0024: Knowledge of database systems.
- K0027: Knowledge of organization's enterprise information security architecture.
- K0028: Knowledge of organization's evaluation and validation requirements.
- K0030: Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
- K0032: Knowledge of resiliency and redundancy.
- K0035: Knowledge of installation, integration, and optimization of system components.
- K0036: Knowledge of human-computer interaction principles.
- K0044: Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- K0045: Knowledge of information security systems engineering principles (NIST SP 800-160).
- K0049: Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
- K0050: Knowledge of local area and wide area networking principles and concepts including bandwidth management.
- K0052: Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
- K0055: Knowledge of microprocessors.
- K0056: Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
- K0060: Knowledge of operating systems.
- K0061: Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
- K0063: Knowledge of parallel and distributed computing concepts.
- K0065: Knowledge of policy-based and risk adaptive access controls.
- K0066: Knowledge of Privacy Impact Assessments.
- K0067: Knowledge of process engineering concepts.
- K0073: Knowledge of secure configuration management techniques.
- K0081: Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
- K0082: Knowledge of software engineering.
- K0084: Knowledge of structured analysis principles and methods.
- K0086: Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
- K0087: Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
- K0090: Knowledge of system life cycle management principles, including software security and usability.
- K0091: Knowledge of systems testing and evaluation methods.
- K0093: Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
- K0102: Knowledge of the systems engineering process.
- K0126: Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)
- K0139: Knowledge of interpreted and compiled computer languages.
- K0169: Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
- K0170: Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
- K0179: Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- K0180: Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- K0200: Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
- K0203: Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
- K0207: Knowledge of circuit analysis.
- K0212: Knowledge of cybersecurity-enabled software products.
- K0227: Knowledge of various types of computer architectures.
- K0260: Knowledge of Personally Identifiable Information (PII) data security standards.
- K0261: Knowledge of Payment Card Industry (PCI) data security standards.
- K0262: Knowledge of Personal Health Information (PHI) data security standards.
- K0276: Knowledge of security management.
- K0287: Knowledge of an organization's information classification program and procedures for information compromise.
- K0297: Knowledge of countermeasure design for identified security risks.
- K0308: Knowledge of cryptology.
- K0322: Knowledge of embedded systems.
- K0325: Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
- K0332: Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
- K0333: Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
- K0336: Knowledge of access authentication methods.
Skills
- S0018: Skill in creating policies that reflect system security objectives.
- S0022: Skill in designing countermeasures to identified security risks.
- S0023: Skill in designing security controls based on cybersecurity principles and tenets.
- S0024: Skill in designing the integration of hardware and software solutions.
- S0025: Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
- S0031: Skill in developing and applying security system access controls.
- S0034: Skill in discerning the protection needs (i.e., security controls) of information systems and networks.
- S0036: Skill in evaluating the adequacy of security designs.
- S0060: Skill in writing code in a currently supported programming language (e.g., Java, C++).
- S0085: Skill in conducting audits or reviews of technical systems.
- S0097: Skill in applying security controls.
- S0136: Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
- S0145: Skill in integrating and applying policies that meet system security objectives.
- S0146: Skill in creating policies that enable systems to meet performance objectives (e.g. traffic routing, SLA's, CPU specifications).
- S0160: Skill in the use of design modeling (e.g., unified modeling language).
- S0367: Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Tasks
- T0012: Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
- T0021: Build, test, and modify product prototypes using working models or theoretical models.
- T0053: Design and develop cybersecurity or cybersecurity-enabled products.
- T0056: Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
- T0061: Develop and direct system testing and validation procedures and documentation.
- T0067: Develop architectures or system components consistent with technical specifications.
- T0070: Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
- T0107: Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
- T0109: Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
- T0119: Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements.
- T0181: Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
- T0201: Provide guidelines for implementing developed systems to customers or installation teams.
- T0205: Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
- T0228: Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
- T0242: Utilize models and simulations to analyze or predict system performance under different operating conditions.
- T0304: Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.
- T0326: Employ configuration management processes.
- T0350: Conduct a market analysis to identify, assess, and recommend commercial, Government off-the-shelf, and open source products for use within a system and ensure recommended products are in compliance with organization's evaluation and validation requirements.
- T0358: Design and develop system administration and management functionality for privileged access users.
- T0359: Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
- T0378: Incorporates risk-driven systems maintenance updates process to address system deficiencies (periodically and out of cycle).
- T0406: Ensure that design and development activities are properly documented (providing a functional description of implementation) and updated as necessary.
- T0447: Design hardware, operating systems, and software applications to adequately address requirements.
- T0449: Design to security requirements to ensure requirements are met for all systems and/or applications.
- T0464: Develop detailed design documentation for component and interface specifications to support system design and development.
- T0466: Develop mitigation strategies to address cost, schedule, performance, and security risks.
- T0480: Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements.
- T0488: Implement designs for new or existing system(s).
- T0518: Perform security reviews and identify security gaps in architecture.
- T0528: Provide input to implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials
- T0538: Provide support to test and evaluation activities.
- T0541: Trace system requirements to design components and perform gap analysis.
- T0544: Verify stability, interoperability, portability, and/or scalability of system architecture.
- T0558: Analyze user needs and requirements to plan and conduct system development.
- T0559: Develop designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations.
- T0560: Collaborate on cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).