PD-WRL-001
Defensive Cybersecurity OPM Code: 511

Protects against, identifies, and analyzes risks to technology systems or networks. Includes investigation of cybersecurity events or crimes related to technology systems and networks.

Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.

Code Description Work Roles
T0020 Develop content for cyber defense tools 1
T0164 Perform cyber defense trend analysis and reporting 2
T0292 Recommend computing environment vulnerability corrections 1
T0299 Identify network mapping and operating system (OS) fingerprinting activities 1
T1020 Determine the operational and safety impacts of cybersecurity lapses 37
T1021 Review cyber defense service provider reporting structure 2
T1084 Identify anomalous network activity 9
T1085 Identify potential threats to network resources 3
T1112 Validate network alerts 1
T1119 Recommend vulnerability remediation strategies 8
T1176 Determine if cybersecurity-enabled products reduce identified risk to acceptable levels 2
T1177 Determine if security control technologies reduce identified risk to acceptable levels 2
T1241 Document cybersecurity incidents 2
T1242 Escalate incidents that may cause ongoing and immediate impact to the environment 2
T1254 Determine the effectiveness of an observed attack 1
T1266 Recommend risk mitigation strategies 3
T1278 Recommend system modifications 2
T1290 Communicate daily network event and activity reports 1
T1299 Determine causes of network alerts 2
T1347 Detect cybersecurity attacks and intrusions 1
T1348 Distinguish between benign and potentially malicious cybersecurity attacks and intrusions 1
T1349 Communicate cybersecurity attacks and intrusions alerts 1
T1350 Perform continuous monitoring of system activity 1
T1351 Determine impact of malicious activity on systems and information 1
T1384 Establish intrusion set procedures 1
T1386 Analyze network traffic anomalies 1
T1387 Validate intrusion detection system alerts 2
T1388 Isolate malware 1
T1389 Remove malware 1
T1390 Identify network device applications and operating systems 1
T1391 Reconstruct malicious attacks 1
T1406 Construct cyber defense network tool signatures 1
T1428 Notify designated managers, cyber incident responders, and cybersecurity service provider team members of suspected cybersecurity incidents 1
T1539 Analyze organizational cybersecurity posture trends 2
T1540 Develop organizational cybersecurity posture trend reports 2
T1541 Develop system security posture trend reports 2
T1548 Determine adequacy of access controls 2
T1582 Maintain currency of cyber defense threat conditions 2
T1583 Determine effectiveness of system implementation and testing processes 5
T1603 Recommend threat and vulnerability risk mitigation strategies 2
T1615 Advise stakeholders on vulnerability compliance 2
T1616 Resolve computer security incidents 2
T1618 Advise stakeholders on disaster recovery, contingency, and continuity of operations plans 2
Code Description Work Roles
K0018 Knowledge of encryption algorithms 10
K0068 Knowledge of programming language structures and logic 7
K0674 Knowledge of computer networking protocols 40
K0675 Knowledge of risk management processes 41
K0676 Knowledge of cybersecurity laws and regulations 41
K0677 Knowledge of cybersecurity policies and procedures 41
K0678 Knowledge of privacy laws and regulations 41
K0679 Knowledge of privacy policies and procedures 41
K0680 Knowledge of cybersecurity principles and practices 40
K0681 Knowledge of privacy principles and practices 40
K0682 Knowledge of cybersecurity threats 40
K0683 Knowledge of cybersecurity vulnerabilities 40
K0684 Knowledge of cybersecurity threat characteristics 40
K0685 Knowledge of access control principles and practices 21
K0686 Knowledge of authentication and authorization tools and techniques 21
K0689 Knowledge of network infrastructure principles and practices 9
K0691 Knowledge of cyber defense tools and techniques 7
K0692 Knowledge of vulnerability assessment tools and techniques 7
K0694 Knowledge of computer algorithm capabilities and applications 5
K0698 Knowledge of cryptographic key management principles and practices 10
K0707 Knowledge of database systems and software 9
K0710 Knowledge of enterprise cybersecurity architecture principles and practices 20
K0716 Knowledge of host access control (HAC) systems and software 10
K0717 Knowledge of network access control (NAC) systems and software 10
K0718 Knowledge of network communications principles and practices 10
K0723 Knowledge of vulnerability data sources 5
K0724 Knowledge of incident response principles and practices 8
K0725 Knowledge of incident response tools and techniques 8
K0726 Knowledge of incident handling tools and techniques 8
K0728 Knowledge of Confidentiality, Integrity and Availability (CIA) principles and practices 20
K0729 Knowledge of non-repudiation principles and practices 20
K0730 Knowledge of cyber safety principles and practices 20
K0731 Knowledge of systems security engineering (SSE) principles and practices 13
K0732 Knowledge of intrusion detection tools and techniques 4
K0736 Knowledge of information technology (IT) security principles and practices 18
K0742 Knowledge of identity and access management (IAM) principles and practices 10
K0743 Knowledge of new and emerging technologies 15
K0744 Knowledge of operating system (OS) systems and software 16
K0746 Knowledge of policy-based access controls 15
K0747 Knowledge of Risk Adaptive (Adaptable) Access Controls (RAdAC) 15
K0749 Knowledge of process engineering principles and practices 13
K0751 Knowledge of system threats 40
K0752 Knowledge of system vulnerabilities 40
K0756 Knowledge of security management principles and practices 6
K0757 Knowledge of system design tools and techniques 8
K0758 Knowledge of server administration principles and practices 13
K0759 Knowledge of client and server architecture 16
K0765 Knowledge of software engineering principles and practices 15
K0766 Knowledge of data asset management principles and practices 5
K0770 Knowledge of system administration principles and practices 14
K0772 Knowledge of systems testing and evaluation tools and techniques 7
K0773 Knowledge of telecommunications principles and practices 14
K0778 Knowledge of enterprise information technology (IT) architecture principles and practices 20
K0779 Knowledge of systems engineering processes 14
K0781 Knowledge of virtual private network (VPN) systems and software 4
K0783 Knowledge of network attack characteristics 7
K0784 Knowledge of insider threat laws and regulations 7
K0785 Knowledge of insider threat tools and techniques 7
K0788 Knowledge of adversarial tactics principles and practices 3
K0789 Knowledge of adversarial tactics tools and techniques 3
K0790 Knowledge of adversarial tactics policies and procedures 3
K0791 Knowledge of defense-in-depth principles and practices 19
K0792 Knowledge of network configurations 9
K0793 Knowledge of file extensions 4
K0805 Knowledge of command-line tools and techniques 6
K0812 Knowledge of digital communication systems and software 9
K0813 Knowledge of interpreted and compiled programming language characteristics 7
K0815 Knowledge of intelligence collection management processes 1
K0816 Knowledge of front-end intelligence collection systems and software 1
K0829 Knowledge of account creation policies and procedures 6
K0830 Knowledge of password policies and procedures 6
K0831 Knowledge of network attack vectors 8
K0832 Knowledge of cyberattack characteristics 3
K0833 Knowledge of cyberattack actor characteristics 4
K0837 Knowledge of hardening tools and techniques 14
K0840 Knowledge of hardware reverse engineering tools and techniques 15
K0842 Knowledge of software reverse engineering tools and techniques 15
K0844 Knowledge of cyberattack stages 4
K0845 Knowledge of cyber intrusion activity phases 4
K0848 Knowledge of network systems management principles and practices 8
K0849 Knowledge of network systems management tools and techniques 8
K0851 Knowledge of reverse engineering principles and practices 15
K0859 Knowledge of encryption tools and techniques 13
K0860 Knowledge of malware signature principles and practices 1
K0861 Knowledge of network port capabilities and applications 1
K0870 Knowledge of enterprise architecture (EA) reference models and frameworks 20
K0871 Knowledge of enterprise architecture (EA) principles and practices 20
K0877 Knowledge of application firewall principles and practices 12
K0878 Knowledge of network firewall principles and practices 12
K0879 Knowledge of industry cybersecurity models and frameworks 9
K0880 Knowledge of access control models and frameworks 9
K0891 Knowledge of the Open Systems Interconnect (OSI) reference model 13
K0892 Knowledge of cyber defense laws and regulations 13
K0915 Knowledge of network architecture principles and practices 21
K0917 Knowledge of Personally Identifiable Information (PII) data security standards and best practices 15
K0918 Knowledge of Payment Card Industry (PCI) data security standards and best practices 16
K0919 Knowledge of Personal Health Information (PHI) data security standards and best practices 16
K0924 Knowledge of network analysis tools and techniques 7
K0928 Knowledge of systems engineering principles and practices 13
K0937 Knowledge of countermeasure design principles and practices 3
K0938 Knowledge of network mapping principles and practices 1
K0939 Knowledge of packet-level analysis tools and techniques 3
K0940 Knowledge of subnet tools and techniques 1
K0942 Knowledge of cryptology principles and practices 10
K0947 Knowledge of computer engineering principles and practices 14
K0948 Knowledge of embedded systems and software 9
K0950 Knowledge of Intrusion Detection System (IDS) tools and techniques 2
K0951 Knowledge of Intrusion Prevention System (IPS) tools and techniques 2
K0955 Knowledge of penetration testing principles and practices 8
K0956 Knowledge of penetration testing tools and techniques 8
K0962 Knowledge of targeting laws and regulations 11
K0963 Knowledge of exploitation laws and regulations 11
K0969 Knowledge of cyber-attack tools and techniques 7
K0983 Knowledge of computer networking principles and practices 39
K1014 Knowledge of network security principles and practices 40
K1079 Knowledge of web application security risks 13
K1089 Knowledge of protocol analyzer tools and techniques 2
K1108 Knowledge of traceroute tools and techniques 3
K1131 Knowledge of cyber defense monitoring tools 1
K1132 Knowledge of cyber defense system analysis tools 1
K1144 Knowledge of data correlation tools and techniques 1
K1168 Knowledge of intrusion set tools and techniques 1
K1176 Knowledge of network topologies 1
K1181 Knowledge of organizational cybersecurity incident response plans 1
K1193 Knowledge of packet analysis tools and techniques 2
Code Description Work Roles
S0156 Skill in performing packet-level analysis 4
S0483 Skill in identifying software communications vulnerabilities 7
S0490 Skill in recreating network topologies 1
S0509 Skill in evaluating security products 5
S0543 Skill in scanning for vulnerabilities 12
S0544 Skill in recognizing vulnerabilities 13
S0566 Skill in developing signatures 1
S0567 Skill in deploying signatures 1
S0572 Skill in detecting host- and network-based intrusions 5
S0574 Skill in developing security system controls 11
S0578 Skill in evaluating security designs 9
S0593 Skill in handling incidents 4
S0600 Skill in collecting relevant data from a variety of sources 4
S0614 Skill in categorizing types of vulnerabilities 3
S0627 Skill in reading signatures 1
S0651 Skill in performing malware analysis 6
S0667 Skill in assessing security controls 3
S0688 Skill in performing network data analysis 7
S0712 Skill in evaluating data source quality 7
S0722 Skill in interpreting traceroute results 3
S0755 Skill in reconstructing a network 3
S0809 Skill in utilizing cyber defense service provider information 2
S0838 Skill in identifying anomalous activities 1
S0839 Skill in identifying exploited system weaknesses 1
S0840 Skill in identifying misuse activities 1
S0846 Skill in monitoring system activity 1
S0854 Skill in performing data analysis 8
S0857 Skill in performing dynamic analysis 3
S0859 Skill in performing event correlation 1
S0863 Skill in performing incident analysis 2
S0866 Skill in performing log file analysis 6
S0867 Skill in performing malicious activity analysis 1
S0869 Skill in performing metadata analysis 2
S0872 Skill in performing network data flow analysis 1
S0874 Skill in performing network traffic analysis 4
S0875 Skill in performing network traffic packet analysis 2
S0885 Skill in performing system activity analysis 1
S0892 Skill in performing trend analysis 3