SP-TRD-001 Research & Development Specialist

Conceptualizes, designs, procures, and/or builds secure information technology (IT) systems, with responsibility for aspects of system and/or network development.

Conducts technology assessment and integration processes; provides and supports a prototype capability and/or evaluates its utility.

Conducts software and systems engineering and software systems research to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems.

Knowledges 33

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0009	Knowledge of application vulnerabilities.	6
K0019	Knowledge of cryptography and cryptographic key management concepts	8
K0059	Knowledge of new and emerging information technology (IT) and cybersecurity technologies.	12
K0090	Knowledge of system life cycle management principles, including software security and usability.	10
K0126	Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161)	14
K0169	Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.	14
K0170	Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.	12
K0171	Knowledge of hardware reverse engineering techniques.	1
K0172	Knowledge of middleware (e.g., enterprise service bus and message queuing).	1
K0174	Knowledge of networking protocols.	1
K0175	Knowledge of software reverse engineering techniques.	1
K0176	Knowledge of Extensible Markup Language (XML) schemas.	1
K0179	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).	19
K0202	Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing).	4
K0209	Knowledge of covert communication techniques.	2
K0267	Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.	8
K0268	Knowledge of forensic footprint identification.	1
K0269	Knowledge of mobile communications architecture.	1
K0271	Knowledge of operating system structures and internals (e.g., process management, directory structure, installed applications).	1
K0272	Knowledge of network analysis tools used to identify software communications vulnerabilities.	1
K0288	Knowledge of industry standard security models.	1
K0296	Knowledge of capabilities, applications, and potential vulnerabilities of network equipment including hubs, routers, switches, bridges, servers, transmission media, and related hardware.	2
K0310	Knowledge of hacking methodologies.	1
K0314	Knowledge of industry technologies’ potential cybersecurity vulnerabilities.	2
K0321	Knowledge of engineering concepts as applied to computer architecture and associated computer hardware/software.	1
K0342	Knowledge of penetration testing principles, tools, and techniques.	8
K0499	Knowledge of operations security.	8

Skills 6

Code	Description	Work Roles
S0005	Skill in applying and incorporating information technologies into proposed solutions.	4
S0017	Skill in creating and utilizing mathematical or statistical models.	3
S0072	Skill in using scientific rules and methods to solve problems.	2
S0140	Skill in applying the systems engineering process.	1
S0148	Skill in designing the integration of technology processes and solutions, including legacy systems and modern programming languages.	1
S0172	Skill in applying secure coding techniques.	2

Abilities 4

Code	Description	Work Roles
A0001	Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.	4
A0018	Ability to prepare and present briefings.	4
A0019	Ability to produce technical documentation.	5
A0170	Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.	11

Tasks 12

Code	Description	Work Roles
T0283	Collaborate with stakeholders to identify and/or develop appropriate solutions technology.	1
T0284	Design and develop new tools/technologies as related to cybersecurity.	1
T0327	Evaluate network infrastructure vulnerabilities to enhance capabilities being developed.	1
T0329	Follow software and systems engineering life cycle standards and processes.	1
T0409	Troubleshoot prototype design and process issues throughout the product design, development, and pre-launch phases.	1
T0410	Identify functional- and security-related features to find opportunities for new capability development to exploit or mitigate vulnerabilities.	1
T0411	Identify and/or develop reverse engineering tools to enhance capabilities and detect vulnerabilities.	2
T0413	Develop data management capabilities (e.g., cloud-based, centralized cryptographic key management) to include support to the mobile workforce.	1
T0547	Research and evaluate available technologies and standards to meet customer requirements.	1
T0064	Review and validate data mining and data warehousing programs, processes, and requirements.	1
T0249	Research current technology to understand capabilities of required system or network.	2
T0250	Identify cyber capabilities strategies for custom hardware and software development based on mission requirements.	1