DD-WRL-003
Secure Software Development OPM Code: 621

Conducts research, conceptualizes, designs, develops, and tests secure technology systems, including on perimeter and cloud-based networks.

Responsible for developing, creating, modifying, and maintaining computer applications, software, or specialized utility programs.

Code Description Work Roles
T0077 Develop secure code and error handling 1
T0311 Consult with customers about software system design and maintenance 2
T1019 Determine special needs of cyber-physical systems 10
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1067 Recommend development of new applications or modification of existing applications 4
T1068 Create development plans for new applications or modification of existing applications 4
T1071 Evaluate software design plan timelines and cost estimates 1
T1073 Perform code reviews 2
T1074 Prepare secure code documentation 2
T1082 Integrate software cybersecurity objectives into project plans and schedules 2
T1083 Determine project security controls 2
T1089 Create program documentation during initial development and subsequent revision phases 1
T1098 Determine system performance requirements 1
T1099 Design application interfaces 1
T1108 Evaluate interfaces between hardware and software 2
T1116 Correct program errors 1
T1117 Determine if desired program results are produced 1
T1135 Design and develop software systems 1
T1190 Determine hardware configuration 2
T1197 Identify common coding flaws 2
T1202 Determine software development security implications within centralized and decentralized environments across the enterprise 2
T1203 Implement software development cybersecurity methodologies within centralized and decentralized environments across the enterprise 2
T1204 Determine cybersecurity measures for steady state operation and management of software 2
T1205 Incorporate product end-of-life cybersecurity measures 2
T1258 Perform integrated quality assurance testing 2
T1261 Mitigate programming vulnerabilities 1
T1262 Identify programming code flaws 1
T1269 Conduct risk analysis of applications and systems undergoing major changes 4
T1280 Develop workflow charts and diagrams 1
T1281 Convert workflow charts and diagrams into coded computer language instructions 1
T1302 Address security implications in the software acceptance phase 2
T1309 Analyze system capabilities and requirements 3
T1318 Integrate security requirements into application design elements 2
T1319 Document software attack surface elements 2
T1320 Conduct threat modeling 2
T1360 Design programming language exploitation countermeasures and mitigations 1
T1400 Design and develop secure applications 3
T1422 Develop software documentation 2
T1499 Integrate public key cryptography into applications 1
T1509 Analyze feasibility of software design within time and cost constraints 2
T1513 Conduct trial runs of programs and software applications 2
T1528 Develop software system testing and validation procedures 2
T1529 Create software system documentation 2
T1575 Adapt software to new hardware 1
T1576 Upgrade software interfaces 1
T1577 Improve software performance 1
T1624 Conduct vulnerability analysis of software patches and updates 2
T1625 Prepare vulnerability analysis reports 2
Code Description Work Roles
K0068 Knowledge of programming language structures and logic 7
K0639 Knowledge of code tailoring tools and techniques 1
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0693 Knowledge of complex data structure capabilities and applications 3
K0695 Knowledge of programming principles and practices 3
K0710 Knowledge of enterprise cybersecurity architecture principles and practices 20
K0711 Knowledge of evaluation and validation principles and practices 7
K0712 Knowledge of Local Area Networks (LAN) 6
K0713 Knowledge of Wide Area Networks (WAN) 6
K0721 Knowledge of risk management principles and practices 19
K0722 Knowledge of software development principles and practices 3
K0728 Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices 20
K0729 Knowledge of non-repudiation principles and practices 20
K0730 Knowledge of cyber safety principles and practices 20
K0734 Knowledge of Risk Management Framework (RMF) requirements 14
K0735 Knowledge of risk management models and frameworks 13
K0737 Knowledge of bandwidth management tools and techniques 5
K0738 Knowledge of low-level programming languages 3
K0739 Knowledge of mathematics principles and practices 7
K0744 Knowledge of operating system (OS) systems and software 16
K0748 Knowledge of Privacy Impact Assessment (PIA) principles and practices 5
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0755 Knowledge of configuration management (CM) tools and techniques 4
K0757 Knowledge of system design tools and techniques 8
K0759 Knowledge of client and server architecture 16
K0762 Knowledge of software debugging principles and practices 3
K0763 Knowledge of software design tools and techniques 2
K0764 Knowledge of software development models and frameworks 3
K0765 Knowledge of software engineering principles and practices 15
K0767 Knowledge of structured analysis principles and practices 5
K0768 Knowledge of automated systems analysis tools and techniques 5
K0778 Knowledge of enterprise information technology (IT) architecture principles and practices 20
K0782 Knowledge of web service protocols 2
K0791 Knowledge of defense-in-depth principles and practices 19
K0803 Knowledge of supply chain risk management principles and practices 17
K0813 Knowledge of interpreted and compiled programming language characteristics 7
K0814 Knowledge of secure coding tools and techniques 6
K0820 Knowledge of supply chain risks 18
K0826 Knowledge of software security principles and practices 2
K0827 Knowledge of software quality assurance (SQA) principles and practices 3
K0828 Knowledge of supply chain risk management standards and best practices 16
K0839 Knowledge of critical infrastructure systems and software 13
K0870 Knowledge of enterprise architecture (EA) reference models and frameworks 20
K0871 Knowledge of enterprise architecture (EA) principles and practices 20
K0877 Knowledge of application firewall principles and practices 12
K0878 Knowledge of network firewall principles and practices 12
K0891 Knowledge of the Open Systems Interconnect (OSI) reference model 13
K0915 Knowledge of network architecture principles and practices 21
K0917 Knowledge of Personally Identifiable Information (PII) data security standards and best practices 15
K0918 Knowledge of Payment Card Industry (PCI) data security standards and best practices 16
K0919 Knowledge of Personal Health Information (PHI) data security standards and best practices 16
K0920 Knowledge of risk management policies and procedures 7
K0948 Knowledge of embedded systems and software 9
K0955 Knowledge of penetration testing principles and practices 8
K0956 Knowledge of penetration testing tools and techniques 8
K0957 Knowledge of root cause analysis tools and techniques 2
K0983 Knowledge of computer networking principles and practices 39
K1014 Knowledge of network security principles and practices 40
K1079 Knowledge of web application security risks 13
K1099 Knowledge of code analysis tools and techniques 4
K1117 Knowledge of coding and testing standards 2
K1118 Knowledge of completion criteria 2
K1126 Knowledge of cost constraints 2
K1137 Knowledge of cybersecurity requirements 11
K1148 Knowledge of data manipulation principles and practices 3
K1149 Knowledge of data retrieval principles and practices 3
K1150 Knowledge of data storage principles and practices 3
K1157 Knowledge of enterprise-wide version control systems 3
K1165 Knowledge of independent testing methods 2
K1170 Knowledge of mathematical models 1
K1203 Knowledge of Public Key Infrastructure (PKI) libraries 1
K1205 Knowledge of required reporting formats 3
K1208 Knowledge of risk acceptance and documentation 2
K1210 Knowledge of secure programming tools and techniques 1
K1214 Knowledge of security restrictions 2
K1215 Knowledge of security testing tools and techniques 2
K1236 Knowledge of user requirements 3
K1239 Knowledge of certificate management principles and practices 1
Code Description Work Roles
S0172 Skill in applying secure coding techniques 6
S0175 Skill in performing root cause analysis 3
S0382 Skill in tailoring code analysis 1
S0417 Skill in deploying software securely 1
S0465 Skill in identifying critical infrastructure systems 10
S0466 Skill in identifying systems designed without security considerations 10
S0543 Skill in scanning for vulnerabilities 12
S0544 Skill in recognizing vulnerabilities 13
S0560 Skill in debugging software 1
S0562 Skill in creating mathematical models 4
S0563 Skill in creating statistical models 4
S0565 Skill in implementing input validation 1
S0569 Skill in designing security controls 4
S0574 Skill in developing security system controls 11
S0597 Skill in writing code in a currently supported programming language 7
S0655 Skill in designing secure test plans 5
S0657 Skill in implementing Public Key Infrastructure (PKI) encryption 5
S0658 Skill in implementing digital signatures 5
S0670 Skill in implementing error handling in applications 1
S0825 Skill in communicating with engineering staff 2
S0836 Skill in encrypting data 1
S0878 Skill in performing risk analysis 9
S0879 Skill in performing scientific analysis 1
S0883 Skill in performing static code analysis 2