SP-SYS-002 Systems Developer

Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.

Works on the development phases of the systems development life cycle.

Designs, develops, tests, and evaluates information systems throughout the systems development life cycle.

Knowledges 61

Code Description Work Roles
K0001 Knowledge of computer networking concepts and protocols, and network security methodologies. 52
K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 52
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 52
K0004 Knowledge of cybersecurity and privacy principles. 52
K0005 Knowledge of cyber threats and vulnerabilities. 52
K0006 Knowledge of specific operational impacts of cybersecurity lapses. 52
K0015 Knowledge of computer algorithms. 6
K0018 Knowledge of encryption algorithms 11
K0024 Knowledge of database systems. 7
K0027 Knowledge of organization's enterprise information security architecture. 9
K0028 Knowledge of organization's evaluation and validation requirements. 8
K0030 Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware). 4
K0032 Knowledge of resiliency and redundancy. 3
K0035 Knowledge of installation, integration, and optimization of system components. 6
K0036 Knowledge of human-computer interaction principles. 12
K0044 Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 14
K0045 Knowledge of information security systems engineering principles (NIST SP 800-160). 3
K0049 Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption). 8
K0050 Knowledge of local area and wide area networking principles and concepts including bandwidth management. 6
K0052 Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis). 6
K0055 Knowledge of microprocessors. 4
K0056 Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). 11
K0060 Knowledge of operating systems. 13
K0061 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). 11
K0063 Knowledge of parallel and distributed computing concepts. 6
K0065 Knowledge of policy-based and risk adaptive access controls. 5
K0066 Knowledge of Privacy Impact Assessments. 6
K0067 Knowledge of process engineering concepts. 3
K0073 Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org). 5
K0081 Knowledge of software development models (e.g., Waterfall Model, Spiral Model). 4
K0082 Knowledge of software engineering. 7
K0084 Knowledge of structured analysis principles and methods. 6
K0086 Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools. 5
K0087 Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design. 4
K0090 Knowledge of system life cycle management principles, including software security and usability. 10
K0091 Knowledge of systems testing and evaluation methods. 6
K0093 Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing). 8
K0102 Knowledge of the systems engineering process. 7
K0126 Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161) 14
K0139 Knowledge of interpreted and compiled computer languages. 8
K0169 Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures. 14
K0170 Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations. 12
K0179 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 19
K0180 Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 9
K0200 Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]). 11
K0203 Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). 10
K0207 Knowledge of circuit analysis. 2
K0212 Knowledge of cybersecurity-enabled software products. 4
K0227 Knowledge of various types of computer architectures. 4
K0260 Knowledge of Personally Identifiable Information (PII) data security standards. 16
K0261 Knowledge of Payment Card Industry (PCI) data security standards. 17
K0262 Knowledge of Personal Health Information (PHI) data security standards. 17
K0276 Knowledge of security management. 3
K0287 Knowledge of an organization's information classification program and procedures for information compromise. 18
K0297 Knowledge of countermeasure design for identified security risks. 4
K0308 Knowledge of cryptology. 3
K0322 Knowledge of embedded systems. 10
K0325 Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression). 6
K0332 Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. 14
K0333 Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs. 6
K0336 Knowledge of access authentication methods. 3

Skills 16

Code Description Work Roles
S0018 Skill in creating policies that reflect system security objectives. 3
S0022 Skill in designing countermeasures to identified security risks. 5
S0023 Skill in designing security controls based on cybersecurity principles and tenets. 2
S0024 Skill in designing the integration of hardware and software solutions. 5
S0025 Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort). 3
S0031 Skill in developing and applying security system access controls. 5
S0034 Skill in discerning the protection needs (i.e., security controls) of information systems and networks. 6
S0036 Skill in evaluating the adequacy of security designs. 4
S0060 Skill in writing code in a currently supported programming language (e.g., Java, C++). 7
S0085 Skill in conducting audits or reviews of technical systems. 3
S0097 Skill in applying security controls. 3
S0136 Skill in network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools. 2
S0145 Skill in integrating and applying policies that meet system security objectives. 3
S0146 Skill in creating policies that enable systems to meet performance objectives (e.g. traffic routing, SLA's, CPU specifications). 1
S0160 Skill in the use of design modeling (e.g., unified modeling language). 3
S0367 Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 14

Abilities 2

Code Description Work Roles
A0123 Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 15
A0170 Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations. 11

Tasks 36

Code Description Work Roles
T0558 Analyze user needs and requirements to plan and conduct system development. 1
T0559 Develop designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations. 1
T0560 Collaborate on cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information). 1
T0304 Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment. 2
T0326 Employ configuration management processes. 2
T0350 Conduct a market analysis to identify, assess, and recommend commercial, Government off-the-shelf, and open source products for use within a system and ensure recommended products are in compliance with organization's evaluation and validation requirements. 1
T0358 Design and develop system administration and management functionality for privileged access users. 1
T0359 Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies. 2
T0378 Incorporates risk-driven systems maintenance updates process to address system deficiencies (periodically and out of cycle). 1
T0406 Ensure that design and development activities are properly documented (providing a functional description of implementation) and updated as necessary. 1
T0447 Design hardware, operating systems, and software applications to adequately address requirements. 1
T0449 Design to security requirements to ensure requirements are met for all systems and/or applications. 2
T0464 Develop detailed design documentation for component and interface specifications to support system design and development. 1
T0466 Develop mitigation strategies to address cost, schedule, performance, and security risks. 2
T0480 Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements. 1
T0488 Implement designs for new or existing system(s). 1
T0518 Perform security reviews and identify security gaps in architecture. 2
T0528 Provide input to implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials 1
T0538 Provide support to test and evaluation activities. 1
T0541 Trace system requirements to design components and perform gap analysis. 2
T0544 Verify stability, interoperability, portability, and/or scalability of system architecture. 2
T0012 Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support. 2
T0021 Build, test, and modify product prototypes using working models or theoretical models. 2
T0053 Design and develop cybersecurity or cybersecurity-enabled products. 2
T0056 Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data. 2
T0061 Develop and direct system testing and validation procedures and documentation. 2
T0067 Develop architectures or system components consistent with technical specifications. 1
T0070 Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment. 2
T0107 Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable). 2
T0109 Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability. 2
T0119 Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization's evaluation and validation requirements. 2
T0181 Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change. 5
T0201 Provide guidelines for implementing developed systems to customers or installation teams. 2
T0205 Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials). 6
T0228 Store, retrieve, and manipulate data for analysis of system capabilities and requirements. 4
T0242 Utilize models and simulations to analyze or predict system performance under different operating conditions. 2