DevSecOps Specialist

Work Role ID: 627  |  Workforce Element: Software Engineering

What does this work role do? Selects/Deploys/Maintains the set of Continuous Integration/Continuous Deployment (CI/CD) tools and processes used by the development team and/or maintains the deployed software product and ensures observability and security across the lifecycle.

KSAT ID Description KSAT
22 * Knowledge of computer networking concepts and protocols, and network security methodologies. Knowledge
108 * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Knowledge
1157 * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. Knowledge
1158 * Knowledge of cybersecurity principles. Knowledge
1159 * Knowledge of cyber threats and vulnerabilities. Knowledge
6900 * Knowledge of specific operational impacts of cybersecurity lapses. Knowledge
6935 * Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS). Knowledge
6938 * Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments. Knowledge
KSAT ID Description KSAT
3C Skill in recognizing vulnerabilities in information and/or data systems. Skill
3B Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks. Skill
4 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. Ability
21 Knowledge of computer algorithms. Knowledge
25B Knowledge of encryption algorithms. Knowledge
27A Knowledge of cryptology. Knowledge
34 Knowledge of database systems. Knowledge
58 Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Knowledge
75B Knowledge of statistics. Knowledge
94 Knowledge of parallel and distributed computing concepts. Knowledge
130 Knowledge of systems testing and evaluation methods. Knowledge
130A Knowledge of systems security testing and evaluation methods. Knowledge
142A Knowledge of the operations and processes for incident, problem, and event management. Knowledge
144 Knowledge of the systems engineering process. Knowledge
190 Skill in developing operations-based testing scenarios. Skill
220 Skill in systems integration testing. Skill
225A Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems). Skill
238A Skill in writing code in a currently supported programming language (e.g., Java, C++). Skill
412A Analyze the results of software, hardware, or interoperability testing. Task
420 Apply security policies to meet security objectives of the system. Task
421a Apply security architecture principles to meet organization’s confidentiality, integrity, and availability requirements. Task
452 Conduct functional and connectivity testing to ensure continuing operability. Task
559B Analyze and report system security posture trends. Task
568 Employ secure configuration management processes. Task
571 Ensure all systems security operations and maintenance activities are properly documented and updated as necessary. Task
572 Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment. Task
576 Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level. Task
653B Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk. Task
661A Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation. Task
708A Mitigate/correct security deficiencies identified during security/certification testing and/or recommend risk acceptance for the appropriate senior leader or authorized representative. Task
717A Assess and monitor cybersecurity related to system implementation and testing practices. Task
726 Oversee and make recommendations regarding configuration management. Task
729A Verify minimum security requirements are in place for all applications. Task
754 Perform cybersecurity testing of developed applications and/or systems. Task
765 Perform security reviews, identify gaps in security architecture, and develop a security risk management plan. Task
795 Properly document all systems security implementation, operations and maintenance activities and update as necessary. Task
806A Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities. Task
809 Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). Task
876 Verify and update security documentation reflecting the application/system security design features. Task
880A Work with stakeholders to resolve computer security incidents and vulnerability compliance. Task
938A Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans. Task
1037A Knowledge of information technology (IT) risk management policies, requirements, and procedures. Knowledge
1040A Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure. Knowledge
1139A Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption. Knowledge
1141A Knowledge of an organization’s information classification program and procedures for information compromise. Knowledge
2054 Assess the effectiveness of security controls. Task
3030 Ability to conduct vulnerability scans and recognize vulnerabilities in security systems. Ability
3642 Knowledge of various types of computer architectures. Knowledge
3822 Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results. Skill
5050 Assess all the configuration management (change configuration/release management) processes. Task
5940 Work with designers and developers thru out the design, development and testing process. Task
5939 Choose and deploy the appropriate automated application security testing tools. Task
5941 Utilize tools and techniques like risk assessment, threat modeling, and cybersecurity to detect and analyze the threats. Task
5942 Work with Security Engineers to ensure that all security threats are dealt with during the development phase. Task
5943 Work with Automation tools are used to identify the vulnerabilities. Task
5944 Identify and implement tooling for controlling the steps in a continuous integration (CI) and continuous deployment (CD) pipeline. Task
5945 Develop and implement automatic test tools in a CI/CD pipeline, which could include Static Application Security Test (SAST) tools, Dynamic Application Security Test (DAST) tools, Unit Test tools, Static Code Analysis (SCA) tools, etc. Task
5946 Develop code within a CI/CD Pipeline. Task
5947 Select appropriate language and coding standards for software application for appropriate Continuous Integration/Continuous Deployment (CI/CD) framework. Task
5948 Apply testing activities, understands fault vs. failures, conduct basic test planning, develop test selection or adequacy criteria, crafts test documentation, ensures test coverages, and conducts automated testing. Task
5949 Transition embedded and non-embedded software developed and sustained using traditional software methods into a DevSecOps environment. Task
5950 Develop and deploy software using continuous integration methods, processes, and tools, including test case writing against completion criteria (for each release, capability, micro-service, or component), build automation, and build processes. Task
5951 Select and implement telemetry within the CI/CD pipeline and Ops software to support metrics and problem discovery and resolution. Task
5953 Provide DevSecOps guidance to leadership. Task
5954 Build test interfaces and perform complex integration. Task
5955 Work closely with development teams to provide and support the environment needed to deliver an organization’s services. Task
6090 Ability to develop curriculum for use within a virtual environment. Ability
6240 Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE). Knowledge
7087 Knowledge of programming languages. Knowledge
7088 Knowledge of continuous integration/continuous deployment (CI/CD) processes and pipeline tools. Knowledge
7089 Knowledge of portable, extensible, open source platform for managing containerized workloads and services. Knowledge
7090 Knowledge of cloud hosting providers. Knowledge
7091 Knowledge of threat modeling, risk assessment techniques, code reviews, current best practices and the latest cybersecurity threats. Knowledge
7092 Knowledge of how security impacts each development phase and the services. Knowledge
7093 Knowledge of a Continuous Integration/Continuous Deployment (CI/CD) environment and processes. Knowledge
7094 Knowledge of the steps for release to higher levels of integration testing, certification activities, and/or operations using testbeds, modeling and simulation to synchronize software releases with the development of an operations environment(s) to ensure compatibility. Knowledge
7095 Knowledge of every stage in the software project lifecycle, from initial design and build to rollout and maintenance. Knowledge