|Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
|Knowledge of application vulnerabilities.
|Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.
|Knowledge of cryptography and cryptographic key management concepts.
|Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software.
|Knowledge of penetration testing principles, tools, and techniques.
|Skill in applying and incorporating information technologies into proposed solutions.
|Skill in creating and utilizing mathematical or statistical models.
|Skill in designing the integration of technology processes and solutions, including legacy systems and modern programming languages.
|Knowledge of hacking methodologies.
|Knowledge of industry technologies and how differences affect exploitation/vulnerabilities.
|Skill in using scientific rules and methods to solve problems.
|Review and validate data mining and data warehousing programs, processes, and requirements.
|Skill in applying secure coding techniques.
|Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
|Knowledge of local specialized system requirements (e.g., critical infrastructure systems that may not use standard information technology [IT]) for safety, performance, and reliability.
|Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
|Knowledge of forensic footprint identification.
|Knowledge of mobile communications architecture.
|Knowledge of hardware reverse engineering techniques.
|Knowledge of middleware (e.g., enterprise service bus and message queuing).
|Knowledge of operations security.
|Knowledge of networking protocols.
|Knowledge of software reverse engineering techniques.
|Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).
|Knowledge of Extensible Markup Language (XML) schemas.
|Knowledge of network analysis tools used to identify software communications vulnerabilities.
|Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
|Design and develop new tools/technologies as related to cybersecurity.
|Troubleshoot prototype design and process issues throughout the product design, development, and pre-launch phases.
|Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities.
|Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities.
|Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
|Knowledge of industry standard security models.
|Develop data management capabilities (e.g., cloud based, centralized cryptographic key management) to include support to the mobile workforce.
|Evaluate network infrastructure vulnerabilities to enhance capabilities being developed.
|Ability to prepare and present briefings.
|Ability to produce technical documentation.
|Knowledge of covert communication techniques.