Systems Security Analyst

Responsible for analysis and development of systems/software security through the product lifecycle to include integration, testing, operations and maintenance.

Tasks

The concrete work activities defined for this role in the DCWF v5.1 spreadsheet. Core tasks are required for the role; additional tasks are associated but not mandatory.

• T1006 additional Create auditable evidence of security measures.
• T2054 additional Assess the effectiveness of security controls.
• T417 additional Apply coding and testing standards, apply security testing tools including "fuzzing" static-analysis code scanning tools, and conduct code reviews.
• T419 additional Apply security policies to applications that interface with one another, such as Business-to-Business (B2B) applications.
• T420 additional Apply security policies to meet security objectives of the system.
• T421 additional Apply service oriented security architecture principles to meet organization's confidentiality, integrity, and availability requirements.
• T5050 additional Assess all the configuration management (change configuration/release management) processes.
• T525A additional Develop procedures and test fail-over for system operations transfer to an alternate site based on system availability requirements.
• T559A additional Analyze and report organizational security posture trends.
• T559B additional Analyze and report system security posture trends.
• T571 additional Ensure all systems security operations and maintenance activities are properly documented and updated as necessary.
• T572 additional Ensure application of security patches for commercial products integrated into system design meet the timelines dictated by the management authority for the intended operational environment.
• T576 additional Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• T5928 additional Identify, define, and document system security requirements and recommend solutions to management.
• T5929 additional Install software that monitors systems and networks for security breaches and intrusions.
• T5930 additional Educate and train staff on information system security best practices.
• T5931 additional Select and use appropriate security testing tools.
• T5932 additional Select and use appropriate secure coding standards and analyze code for common weaknesses, vulnerabilities, and hardening against common attack patterns.
• T593A additional Assess adequate access controls based on principles of least privilege and need-to-know.
• T602 additional Evaluate factors such as reporting formats required, cost constraints, and need for security restrictions to determine hardware configuration.
• T653B additional Implement security measures to mitigate or remediate vulnerabilities and security deficiencies, and provide justification for acceptance of residual risk.
• T660 additional Implement specific cybersecurity countermeasures for systems and/or applications.
• T661A additional Implement system security measures in accordance with established procedures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
• T670A additional Ensure the integration and implementation of Cross-Domain Solutions (CDS) in a secure environment.
• T671 additional Integrate automated capabilities for updating or patching system software where practical and develop processes and procedures for manual updating and patching of system software based on current and projected patch timeline requirements for the operational environment of the system.
• T710 additional Monitor and evaluate a system's compliance with information technology (IT) security, resilience, and dependability requirements.
• T717A additional Assess and monitor cybersecurity related to system implementation and testing practices.
• T729A additional Verify minimum security requirements are in place for all applications.
• T754 additional Perform cybersecurity testing of developed applications and/or systems.
• T765 additional Perform security reviews, identify gaps in security architecture, and develop a security risk management plan.
• T782 additional Plan and recommend modifications or adjustments based on exercise results or system environment.
• T795 additional Properly document all systems security implementation, operations and maintenance activities and update as necessary.
• T806 additional Provide cybersecurity guidance to leadership.
• T806A additional Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities.
• T809 additional Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• T876 additional Verify and update security documentation reflecting the application/system security design features.
• T880A additional Work with stakeholders to resolve computer security incidents and vulnerability compliance.
• T936 additional Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• T938A additional Provide advice and input for Disaster Recovery, Contingency, and Continuity of Operations Plans.

Knowledge, Skills, and Abilities

KSA statements define what a person filling this role knows or can do. "Knowledge" is what they must know, "Skill" is what they can perform, and "Ability" is a durable capacity they bring to the work.

• A6140 ability core Ability to leverage best practices and lessons learned of external organizations and academic institutions dealing with cyber issues.
• K0025 knowledge core Knowledge of encryption algorithms (e.g., Internet Protocol Security [IPSEC], Advanced Encryption Standard [AES], Generic Routing Encapsulation [GRE], Internet Key Exchange [IKE], Message Digest Algorithm [MD5], Secure Hash Algorithm [SHA], Triple Data Encryption Standard [3DES]).
• K0034 knowledge core Knowledge of database systems.
• K0051 knowledge core Knowledge of how system components are installed, integrated, and optimized.
• K0058 knowledge core Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.
• K0063 knowledge core Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• K0070 knowledge core Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
• K0079 knowledge core Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).
• K0090 knowledge core Knowledge of operating systems.
• K0092 knowledge core Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
• K0111 knowledge core Knowledge of security system design tools, methods, and techniques.
• K0144 knowledge core Knowledge of the systems engineering process.
• K027A knowledge core Knowledge of cryptology.
• K082A knowledge core Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs.
• K1034A knowledge core Knowledge of Personally Identifiable Information (PII) data security standards.
• K1037A knowledge core Knowledge of information technology (IT) risk management policies, requirements, and procedures.
• K1039B knowledge core Knowledge of how to evaluate the trustworthiness of the supplier and/or product.
• K1072 knowledge core Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth, Zero Trust).
• K1073 knowledge core Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
• K109A knowledge core Knowledge of configuration management techniques.
• K110A knowledge core Knowledge of security management.
• K1135 knowledge core Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).
• K1138A knowledge core Knowledge of developing and applying user credential management system.
• K1141A knowledge core Knowledge of an organization's information classification program and procedures for information compromise.
• K130A knowledge core Knowledge of systems security testing and evaluation methods.
• K177B knowledge core Knowledge of countermeasures for identified security risks.
• K3642 knowledge core Knowledge of various types of computer architectures.
• K6210 knowledge core Knowledge of cloud service models and possible limitations for an incident response.
• K6240 knowledge core Knowledge of critical protocols (e.g., IPSEC, AES, GRE, IKE).
• K7079 knowledge core Knowledge of security systems including anti-virus applications, content filtering, firewalls, authentication systems, and intrusion detection and notification systems.
• K7080 knowledge core Knowledge of database security.
• K7081 knowledge core Knowledge of vulnerabilities of various encryption systems.
• K922A knowledge core Knowledge of how to use network analysis tools to identify vulnerabilities.
• S179A skill core Skill in assessing security controls based on cybersecurity principles and tenets.
• S183 skill core Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
• S191 skill core Skill in developing and applying security system access controls.
• S199 skill core Skill in evaluating the adequacy of security designs.
• S3C skill core Skill in recognizing vulnerabilities in information and/or data systems.
• A6918 ability additional Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.
• A7082 ability additional Ability to implement Zero Trust security in DoD Systems/Software.
• K0021 knowledge additional Knowledge of computer algorithms.
• K0052 knowledge additional Knowledge of human-computer interaction principles.
• K0094 knowledge additional Knowledge of parallel and distributed computing concepts.
• K0119 knowledge additional Knowledge of software engineering.
• K0133 knowledge additional Knowledge of key telecommunications concepts (e.g., Routing Algorithms, Fiber Optics Systems Link Budgeting, Add/Drop Multiplexers).
• K043A knowledge additional Knowledge of embedded systems.
• K075B knowledge additional Knowledge of statistics.
• K1034B knowledge additional Knowledge of Payment Card Industry (PCI) data security standards.
• K1034C knowledge additional Knowledge of Personal Health Information (PHI) data security standards.
• K1040A knowledge additional Knowledge of relevant laws, policies, procedures, or governance related to critical infrastructure.
• K1132A knowledge additional Knowledge of information technology (IT) service catalogues.
• K1133 knowledge additional Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
• K1139A knowledge additional Knowledge of implementing enterprise key escrow systems to support data-at-rest encryption.
• K1142 knowledge additional Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
• S160A skill additional Skill in assessing security systems designs.
• S180 skill additional Skill in designing the integration of hardware and software solutions.
• S238A skill additional Skill in writing code in a currently supported programming language (e.g., Java, C++).

EWU courses that develop this role

NCAE CyberGames scoreboard errors for this role

• NCAE-5c25d301a6 WWW SSL / failure: Failed to connect to host
• NCAE-53a9f9da43 WWW Port 80 / failure: Failed to connect to server, is port 80 open?
• NCAE-3de767b21e WWW Content / failure: Failed to connect to host
• NCAE-b68a8a7bdc WWW Content / timeout: Timeout
• NCAE-6773086ba2 WWW Content / failure: Website cannot be reached
• NCAE-ff23c10a65 WWW SSL / timeout: Timeout
• NCAE-72b4452011 WWW Content / failure: admin was unable to login
• NCAE-14d2aca40b WWW SSL / failure: [SSL] record layer failure (_ssl.c:1010)
• NCAE-ea7df50c18 WWW Content / failure: [SSL] record layer failure (_ssl.c:1010)
• NCAE-8bce253742 WWW SSL / failure: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] ssl/tls alert handshake failure (_ssl.c:1010)
• NCAE-4312daca49 WWW Content / failure: Failed to detect correct content
• NCAE-989ad067ad WWW SSL / failure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1010)
• NCAE-a86494638e WWW SSL / failure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1010)
• NCAE-47f7f710d6 WWW SSL / failure: admin was unable to login
• NCAE-dccbbf4ea4 WWW Content / failure: admin was not able to request the login page
• NCAE-0526b23021 WWW Port 80 / failure: HTTP not found
• NCAE-bd3138c27b WWW SSL / partial: admin was not able to create the student user student_27044152-07a8-49f0-9b14-9d6db3824c91
• NCAE-2345002150 WWW SSL / partial: admin was not able to create the student user student_29fd905b-e6d2-4c85-a8d0-e0ae7029c47f

Other roles in this element