Cyberspace Capability Developer

Provides software and hardware capabilities that produce cyberspace effects in and throughout cyberspace operations through vulnerability analysis, and software research and development.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1076 additional Collaborate with stakeholders to identify and/or develop appropriate solutions technology.
• T1149A additional Enable applications with public keying by leveraging existing public key infrastructure (PKI) libraries and incorporating certificate management and encryption functionalities when appropriate.
• T1151 additional Identify and leverage the enterprise-wide version control system while designing and developing secure applications.
• T2335 additional Direct software programming and development of documentation.
• T2417 additional Facilitate the sharing of “best practices” and “lessons learned” throughout the cyber operations community.
• T2561 additional Maintain situational awareness of cyber-related intelligence requirements and associated tasking.
• T408 additional Analyze information to determine, recommend, and plan the development of a new application or modification of an existing application.
• T414 additional Analyze user needs and software requirements to determine feasibility of design within time and cost constraints.
• T417 additional Apply coding and testing standards, apply security testing tools including "fuzzing" static-analysis code scanning tools, and conduct code reviews.
• T506 additional Design, develop, and modify software systems, using scientific analysis and mathematical models to predict and measure outcome and consequences of design.
• T515A additional Develop software system testing and validation procedures, programming, and documentation.
• T538 additional Develop new or identify existing awareness and training materials that are appropriate for the intended audiences.
• T543 additional Develop secure code and error handling.
• T630 additional Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
• T645 additional Identify security issues around steady state operation and management of software and incorporate security measures that must be taken when a product reaches its end of life.
• T6780 additional Utilize different programming languages to write code, open files, read files, and write output to different files.
• T709A additional Modify and maintain existing software to correct errors, to adapt it to new hardware, or to upgrade interfaces and improve performance.
• T756 additional Perform integrated quality assurance testing for security functionality and resiliency attack.
• T764 additional Perform secure programming and identify potential flaws in codes to mitigate vulnerabilities.
• T770 additional Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• T785 additional Prepare detailed workflow charts and diagrams that describe input, output, and logical operation, and convert them into a series of instructions coded in a computer language.
• T8002 additional Analyze and document applications using assembly languages.
• T8003 additional Analyze countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
• T8006 additional Analyze, modify, develop, debug, and document software and applications using assembly languages.
• T8007 additional Analyze, modify, develop, debug, and document software and applications utilizing standard, non-standard, specialized, and/or unique communication protocols.
• T8008 additional Analyze, modify, develop, debug, and document software and applications which run in kernel space.
• T8009 additional Analyze, modify, develop, debug, and document software and applications which run in user space.
• T8012 additional Apply cryptography primitives to protect the confidentiality and integrity of sensitive data.
• T8014 additional Apply software engineering best practices to enable sustainability and extensibility (Agile, TDD, CI/CD, etc.) to include containerization and virtualization technologies.
• T8016 additional Architect design documents that describe input, output, and logical operation.
• T8032 additional Conduct hardware and/or software static and dynamic analysis to reverse engineer malicious or benign systems.
• T8049 additional Create or enhance cyberspace capabilities to compromise, deny, degrade, disrupt, destroy, or manipulate automated information systems.
• T8050 additional Create or enhance cyberspace solutions to enable surveillance and reconnaissance of automated information systems.
• T8054 additional Describe the most likely cause of an error and recommend a list of possible solutions given the description of error or system crash.
• T8055 additional Design and develop data storage requirements, database structure, process flow, systematic procedures, algorithms, data analysis, and file structures.
• T8056 additional Design and develop user interfaces (e.g. web pages, GUIs, CLIs, Console Interfaces)
• T8057 additional Design and direct software development efforts to detect and disrupt nation-state cyber threat actors.
• T8068 additional Develop content for cyber capabilities.
• T8076 additional Develop, modify, and utilize automation technologies to enable employment of capabilities as efficiently as possible (e.g. TDD, CI/CD, etc.)
• T8080 additional Document and communicate tradecraft, best practices, TTPs, training, briefings, presentations, papers, studies, lessons learned, etc. to both technical and non-technical audiences.
• T8092 additional Enhance capability design strategies and tactics by synthesizing information, processes, and techniques in the areas of malicious software, vulnerabilities, reverse engineering, secure software engineering, and exploitation.
• T8095 additional Enter work into Task and project management tools used for software development (e.g. Jira, Confluence, Trac, MediaWiki, etc.)
• T8106 additional Generate proper supporting documentation of cyber capability.
• T8118 additional Implement project management, software engineering philosophies, modern capability development methodologies (Agile, TDD, CI/CD, etc), at the team level.
• T8129 additional Locate and utilize technical specifications and industry standards (e.g. Internet Engineering Task Force (IETF), IEEE, IEC, International Standards Organization (ISO)).
• T8135 additional Make use of compiler attributes and platform-specific features.
• T8144 additional Perform code review and analysis to inform OPSEC analysis and application (attribution, sanitization, etc.)
• T8150 additional Perform requirements analysis to identify workable tasks needed to organize collaborative software and documentation development.
• T8152 additional Perform static and dynamic analysis in order to find errors and flaws.
• T8156 additional Produce artifacts to inform risk analysis, acceptance testing, and legal review.
• T8186 additional Reference capability repositories and other sources to identify existing capabilities which fully/partially meet customer requirements (with or without modification).
• T8207 additional Utilize data structures to organize, sort, and manipulate elements of information
• T8210 additional Utilize secure coding techniques during development of software and applications
• T8211 additional Utilize tools to decompile, disassembe, analzye, and reverse engineer compiled binaries.
• T826 additional Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• T865 additional Translate security requirements into application design elements including documenting the elements of the software attack surfaces, conducting threat modeling, and defining any specific security criteria.
• T970A additional Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities.
• T971 additional Design countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A1071A ability additional Ability to develop secure software according to secure software deployment methodologies, tools, and practices.
• A3022 ability additional Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
• A4333 ability additional Ability to program in at least one assembly languages.
• A4366 ability additional Ability to use common networking protocols.
• A4368 ability additional Ability to use data structures.
• A4372 ability additional Ability to use reference documentation for C, Python, assembly, and other international technical standards and specifications (IEEE, ISO, IETF, etc.).
• K0023 knowledge additional Knowledge of computer programming principles such as object-oriented design.
• K0027 knowledge additional Knowledge of cryptography and cryptographic key management concepts.
• K0040 knowledge additional Knowledge of organization's evaluation and validation requirements.
• K0056 knowledge additional Knowledge of cybersecurity principles and methods that apply to software development.
• K0063 knowledge additional Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0074 knowledge additional Knowledge of low-level computer languages (e.g., assembly languages).
• K0102 knowledge additional Knowledge of programming language structures and logic.
• K0116 knowledge additional Knowledge of software debugging principles.
• K0118 knowledge additional Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
• K0119 knowledge additional Knowledge of software engineering.
• K0278 knowledge additional Knowledge of different types of network communication (e.g., LAN, WAN, MAN, WLAN, WWAN).
• K0904 knowledge additional Knowledge of interpreted and compiled computer languages.
• K0905 knowledge additional Knowledge of secure coding techniques.
• K095A knowledge additional Knowledge of penetration testing principles, tools, and techniques.
• K0979 knowledge additional Knowledge of supply chain risk management standards, processes, and practices.
• K1036 knowledge additional Knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), statutes (e.g., in Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed.
• K1056 knowledge additional Knowledge of operations security.
• K1062 knowledge additional Knowledge of software reverse engineering techniques.
• K3140 knowledge additional Knowledge of basic programming concepts (e.g., levels, structures, compiled vs. interpreted languages).
• K3146 knowledge additional Knowledge of both internal and external customers and partner organizations, including information needs, objectives, structure, capabilities, etc.
• K320A knowledge additional Knowledge of external organizations and academic institutions with cyber focus (e.g., cyber curriculum/training and Research & Development).
• K3441 knowledge additional Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
• K3622 knowledge additional Knowledge of organizational and partner authorities, responsibilities, and contributions to achieving objectives.
• K4424 knowledge additional Knowledge of cyber adversary threat tier taxonomy (2014 National Intellegence Estimate [NIE]), DIA/NSA Standard Cyber Threat Model, etc.).
• K4426 knowledge additional Knowledge of cyber mission force equipment taxonomy (Platform-Access-Payloads/Toolset), capability development process and repository.
• K4433 knowledge additional Knowledge of data serialization formats (e.g. XML, JSON, etc.).
• K4441 knowledge additional Knowledge of embedded systems.
• K4497 knowledge additional Knowledge of modern software development methodologies (e.g. Continuous Integration (CI), Continuous Delivery (CD), Test Driven Development (TDD), etc.).
• K4517 knowledge additional Knowledge of principles, methodologies, and tools used to improve quality of software (e.g. regression testing, test coverage, code review, pair programming, etc.).
• K4527 knowledge additional Knowledge of relevant mission processes including version control processes, release processes, documentation requirements, and testing requirements.
• K4534 knowledge additional Knowledge of sources and locations (public and classified) of capability development TTPs and tradecraft information/intelligence used by the US Gov and others.
• K4535 knowledge additional Knowledge of sources and locations of cyber capability registries and repositories (e.g. Joint Cyber Tactics Manual (JCTM), Cyber Capability Registry (CCR), Agency and service repositories, etc.).
• K4546 knowledge additional Knowledge of task and project management tools used for software development (e.g. Jira, Confluence, Trac, MediaWiki, etc.).
• K4548 knowledge additional Knowledge of terms and concepts of operating system fundamentals (e.g. virtualization, paging, file systems, I/O, memory management, process abstraction, etc.).
• K4554 knowledge additional Knowledge of the concepts and terminology of datastructures and associated algorithms (e.g., search, sort, traverse, insert, delete).
• K4580 knowledge additional Knowledge of the supported organization’s approval process for operational use of a capability.
• K4584 knowledge additional Knowledge of the use and application of static and dynamic program analysis.
• K4598 knowledge additional Knowledge of your organizations project management, timeline estimation, and software engineering philosophy (e.g. CI/CD, TDD, etc.).
• K4684 knowledge additional Knowledge of techniques to harden capabilities to prevent attacks and forensics.
• K978A knowledge additional Knowledge of root cause analysis techniques.
• S1020A skill additional Skill in secure test plan design (e. g. unit, integration, system, acceptance).
• S1140A skill additional Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).
• S168 skill additional Skill in conducting software debugging.
• S185A skill additional Skill in developing applications that can log and handle errors, exceptions, and application faults and logging.
• S4611 skill additional Skill in conducting “open source” research.
• S973A skill additional Skill in using code analysis tools.
• S980A skill additional Skill in performing root cause analysis.

EWU courses that develop this role

Other roles in this element