System Testing and Evaluation Specialist

Plans, prepares, and executes tests of systems to evaluate results against specifications and requirements as well as analyze/report test results.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1006 additional Create auditable evidence of security measures.
• T412A additional Analyze the results of software, hardware, or interoperability testing.
• T417 additional Apply coding and testing standards, apply security testing tools including "fuzzing" static-analysis code scanning tools, and conduct code reviews.
• T508 additional Determine level of assurance of developed capabilities based on test results.
• T550 additional Develop test plans to address specifications and requirements.
• T5650 additional Validate specifications and requirements for testability.
• T694 additional Make recommendations based on test results.
• T748A additional Perform developmental testing on systems under development.
• T757A additional Perform interoperability testing on systems exchanging electronic information with other systems.
• T761A additional Perform operational testing.
• T826 additional Address security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
• T858A additional Test, evaluate, and verify hardware and/or software to determine compliance with defined specifications and requirements.
• T858B additional Record and manage test data.
• T951 additional Determine scope, infrastructure, resources, and data sample size to ensure system requirements are adequately demonstrated.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A6020 ability core Ability to analyze test data.
• A6060 ability core Ability to collect, verify, and validate test data.
• A6170 ability core Ability to translate data and test results into evaluative conclusions.
• K0040 knowledge core Knowledge of organization's evaluation and validation requirements.
• K053A knowledge core Knowledge of risk assessments and authorization per Risk Management Framework processes.
• K6430 knowledge core Knowledge of Test & Evaluation processes.
• S169 skill core Skill in conducting test events.
• S176 skill core Skill in designing a data analysis structure (i.e., the types of data your test must generate and how to analyze those data).
• S182 skill core Skill in determining an appropriate level of test rigor for a given system.
• S190 skill core Skill in developing operations-based testing scenarios.
• S220 skill core Skill in systems integration testing.
• S239 skill core Skill in writing test plans.
• S6500 skill core Skill in conducting Test Readiness Reviews.
• S6530 skill core Skill in designing and documenting overall program Test & Evaluation strategies.
• S6580 skill core Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
• S6600 skill core Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
• S6630 skill core Skill in preparing Test & Evaluation reports.
• S6641 skill core Skill in providing Test & Evaluation resource estimate.
• S950 skill core Skill in evaluating test plans for applicability and completeness.
• K0038 knowledge additional Knowledge of organization's enterprise information security architecture system.
• K0063 knowledge additional Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0083 knowledge additional Knowledge of network hardware devices and functions.
• K0127 knowledge additional Knowledge of systems administration concepts.
• K0144 knowledge additional Knowledge of the systems engineering process.
• K081A knowledge additional Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
• K0904 knowledge additional Knowledge of interpreted and compiled computer languages.
• K1034A knowledge additional Knowledge of Personally Identifiable Information (PII) data security standards.
• K1034B knowledge additional Knowledge of Payment Card Industry (PCI) data security standards.
• K1034C knowledge additional Knowledge of Personal Health Information (PHI) data security standards.
• K1037 knowledge additional Knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures.
• K1038B knowledge additional Knowledge of local specialized system requirements (e.g., critical infrastructure/control systems that may not use standard information technology [IT]) for safety, performance, and reliability).
• K1072 knowledge additional Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust).
• K1131 knowledge additional Knowledge of security architecture concepts and enterprise architecture reference models (e.g., Zackman, Federal Enterprise Architecture [FEA]).
• K1141A knowledge additional Knowledge of an organization's information classification program and procedures for information compromise.
• K1142 knowledge additional Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
• K3307 knowledge additional Knowledge of cybersecurity-enabled software products.
• S238A skill additional Skill in writing code in a currently supported programming language (e.g., Java, C++).

Other roles in this element