Secure Software Developer / Validator: Analyzes user needs and develops secure software solutions. Develops, creates, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs. Ensures secure coding practices are implemented during development and provides patches and upgrades to existing systems. Ensures coding is free of known coding flaws and weak design approaches, and checks software to identify and remediate flaws. Recognizes security vulnerabilities in programs while under time, quality, or cost pressures/constraints. Addresses means to reduce exploitable software weaknesses and improve capabilities to routinely develop, acquire, and deploy resilient software products. Enables software security automation and measurement capabilities through use of common indexing and reporting capabilities for malware, exploitable software weaknesses, vulnerabilities, structured threat information, cyber observables, and common attacks which target software; enhances software transparency and security diagnostic and measurement capabilities.
Systems Administrator: Installs, configures, troubleshoots, and maintains server configurations (hardware and software) to ensure their confidentiality, integrity, and availability. Responsible for access control, passwords, account creation and administration. Develops and documents systems administration standard operating procedures; resolves hardware/software interface and interoperability problems. Ensures systems availability, functionality, integrity, and efficiency; maintains systems configuration; manages the installation and integration of system fixes, updates, and enhancements. Also manages accounts, firewalls, and patches.
The tasks that the incumbent will perform as part of their job duties include:
NCWF Code: 621 Category: Work in this category includes performing OPM GDS Cybersecurity Category / Specialty Area: Software Developer SP-DEV-001 tasks, as defined by the NIST SP 800-181 National Cyberskills Workforce Framework (NCWF). Develops, creates, maintains, and writes/codes new (or modifies existing) computer applications, software, or specialized utility programs. The following specific tasks are performed 40 percent of the time:
- Analyze user needs and software requirements to determine feasibility of design within time and cost constraints T0011
- Compile and write documentation of program development and subsequent revisions, inserting comments in the coded instructions so others can understand the program T0026
- Conduct trial runs of programs and software applications to ensure that the desired information is produced and instructions and security levels are correct T0436
- Apply cybersecurity functions (e.g., encryption, access control, and identity management) to reduce exploitation opportunities T0553
NCWF Code: 451 Category: Work in this category includes performing OPM GDS Cybersecurity Category / Specialty Area: System Administrator OM-ADM-001 tasks, as defined by the NIST SP 800-181 National Cyberskills Workforce Framework (NCWF). Responsible for setting up and maintaining a system or specific components of a system (e.g. for example, installing, configuring, and updating hardware and software; establishing and managing user accounts; overseeing or conducting backup and recovery tasks; implementing operational and technical security controls; and adhering to organizational security policies and procedures). The following specific tasks are performed 35 percent of the time:
- Design group policies and access control lists to ensure compatibility with organizational standards, business rules, and needs T0054
- Provide ongoing optimization and problem-solving support T0207
- Install, update, and troubleshoot systems/servers T0418
- Manage system/server resources including performance, capacity, availability, serviceability, and recoverability T0498
- Monitor and maintain system/server configuration T0501
NCWF Code: 141 Category: Work in this category includes performing OPM GDS Cybersecurity Category / Specialty Area: Threat/Warning Analyst AN-TWA-001 tasks, as defined by the NIST SP 800-181 National Cyberskills Workforce Framework (NCWF). Develops cyber indicators to maintain awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber threat/warning assessments. The following specific tasks are performed 25 percent of the time:
- Answer requests for information T0569
- Provide subject matter expertise to the development of cyber operations specific indicators T0585
- Conduct in-depth research and analysis T0615
- Produce timely, fused, all-source cyber operations intelligence and/or indications and warnings intelligence products (e.g., threat assessments, briefings, intelligence studies, country studies) T0758
- Provide subject-matter expertise and support to planning/developmental forums and working groups as appropriate T0761
- Provide current intelligence support to critical internal/external stakeholders as appropriate T0783
- Provide information and assessments for the purposes of informing leadership and customers; developing and refining objectives; supporting operation planning and execution; and assessing the effects of operations T0786
- Work closely with planners, intelligence analysts, and collection managers to ensure intelligence requirements and collection plans are accurate and up-to-date T0834
Work comparable to this level involves a mastery of and skill in applying one or more of the following knowledge areas:
- total infrastructure protection environments;
- systems security certification and accreditation requirements and processes; and/or
- federal information systems security protocols.
The aforementioned knowledge is used in order to:
- integrate information systems security with other security disciplines;
- certify systems or network accreditation; and/or
- ensure coordination and or collaboration on security activities.
Specific knowledge, skills, and abilities required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
- Knowledge of secure coding techniques K0140
- Knowledge of computer networking concepts and protocols, and network security methodologies K0001
- Knowledge of the application firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing) K0202
- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services K0332
- Skill in developing applications that can log and handle errors, exceptions, and application faults and logging S0149
- Ability to develop secure software according to secure software deployment methodologies, tools, and practices A0047
- Knowledge of operations security K0499
- Knowledge of the common networking and routing protocols (e.g. TCP/IP), services (e.g., web, mail, DNS), and how they interact to provide network communications. K0565
- Knowledge of virtualization products (VMware, Virtual PC). K0610
- Skill in developing or recommending analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. S0211
- Skill in evaluating information for reliability, validity, and relevance. S0218
- Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists. S0080
- Knowledge of virtualization technologies and virtual machine development and maintenance K0130
- Knowledge of principles and methods for integrating system components K0346
Proficiency with the following tools and technologies are required by the incumbent to successfully fulfill the Major Duties and perform the Tasks required for this position include:
- Linux, and similar POSIX operating systems
- Python, and related tooling
- Shell scripting
- Regular expressions
- Docker, or similar containerization tools
- Ansible, or similar IT automation tool
- Terraform, or similar infrastructure as code tool
- Packer, or similar machine image automation tool
- Amazon Web Services (AWS), or similar cloud technologies
- Git version control system
- GitHub workflow
- Agile software development
- Continuous integration and deployment tools
This position has been awarded the following OPM GDS (aka NIST NICE Framework) CyberSkill codes:
- PRIMARY: 621 Software Developer
- SECONDARY: 451 System Administrator
- SECONDARY(alt): 141 Threat/Warning Analyst