Welcome to Lunarline School of Cybersecurity (SCS) - Providing Excellence in Cybersecurity Training and Certifications Since 2008
Contact SCS
School of Cybersecurity
To get started, contact us today at 571-481-9307
LinkedIn
YouTube
shopping_cart
Product was added to your cart

Cart

Systems Developer

Home NICE Framework Cybersecurity Work Roles Systems Developer
NICE Work Role Description:
Designs, develops, tests, and evaluates information systems throughout the systems development life cycle.
*Certification Declaration
Certification Declaration
Each certification is mapped to the NICE Framework, which organizes cybersecurity into seven high-level Categories, each comprised of several specialty areas, work roles, knowledge, skills, abilities, and tasks.  These seven high-level Categories are aligned directly to the CCE® Program’s certification Concentration Areas.   Candidates often prepare for an exam by using a variety of resources that familiarize them with the authoritative sources and the exam’s concentration area.

Third-party products and services, including course instructors have helped many candidates to close knowledge and skill gaps.  The CCE® Program does not endorse any particular provider and encourages candidates to use a variety of tools and resources that will enhance their understanding of relevant principles and the exam’s concentration area.

NICE Framework Category
CCE® Concentration Area:
Securely Provision (SP)
NICE Specialty Area:
Systems Development (SYS)
NICE Work Role ID:
SP-SYS-002
OPM Code | DCWF Code:
632
School of Cybersecurity Training
School of Cybersecurity Training
Cybersecurity Enterprise Engineering and Architecture (SP151)
Cybersecurity Enterprise Engineering and Architecture – SP (SP151-SP)
Securing Coding – Intersystems (SP250)
Systems Developer (SP103-RBT)
CCE® Program
CCE® Program
Certified Expert Security Admin (CEAD)® – Linux (CEAD)®-L
Certified Expert Security Admin (CEAD)® – Windows (CEAD)®-W

KSA-T

Below are the Knowledge, Skills, Abilities and Tasks (KSA-T) identified as being required to perform this work role.

ID & Description

  • K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • K0004 – Knowledge of cybersecurity and privacy principles.
  • K0005 – Knowledge of cyber threats and vulnerabilities.
  • K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  • K0015 – Knowledge of computer algorithms.
  • K0018 – Knowledge of encryption algorithms.
  • K0024 – Knowledge of database systems.
  • K0027 – Knowledge of organization’s enterprise information security architecture.
  • K0028 – Knowledge of organization’s evaluation and validation requirements.
  • K0030 – Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
  • K0032 – Knowledge of resiliency and redundancy.
  • K0035 – Knowledge of installation, integration, and optimization of system components.
  • K0036 – Knowledge of human-computer interaction principles.
  • K0044 – Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0045 – Knowledge of information security systems engineering principles (NIST SP 800-160).
  • K0049 – Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0050 – Knowledge of local area and wide area networking principles and concepts including bandwidth management.
  • K0052 – Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
  • K0055 – Knowledge of microprocessors.
  • K0056 – Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • K0060 – Knowledge of operating systems.
  • K0061 – Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0063 – Knowledge of parallel and distributed computing concepts.
  • K0065 – Knowledge of policy-based and risk adaptive access controls.
  • K0066 – Knowledge of Privacy Impact Assessments.
  • K0067 – Knowledge of process engineering concepts.
  • K0073 – Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
  • K0081 – Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
  • K0082 – Knowledge of software engineering.
  • K0084 – Knowledge of structured analysis principles and methods.
  • K0086 – Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
  • K0087 – Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0090 – Knowledge of system life cycle management principles, including software security and usability.
  • K0091 – Knowledge of systems testing and evaluation methods.
  • K0093 – Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
  • K0102 – Knowledge of the systems engineering process.
  • K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
  • K0139 – Knowledge of interpreted and compiled computer languages.
  • K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0170 – Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
  • K0179 – Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0180 – Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0203 – Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • K0207 – Knowledge of circuit analysis.
  • K0212 – Knowledge of cybersecurity-enabled software products.
  • K0227 – Knowledge of various types of computer architectures.
  • K0260 – Knowledge of Personally Identifiable Information (PII) data security standards.
  • K0261 – Knowledge of Payment Card Industry (PCI) data security standards.
  • K0262 – Knowledge of Personal Health Information (PHI) data security standards.
  • K0276 – Knowledge of security management.
  • K0287 – Knowledge of an organization’s information classification program and procedures for information compromise.
  • K0297 – Knowledge of countermeasure design for identified security risks.
  • K0308 – Knowledge of cryptology.
  • K0322 – Knowledge of embedded systems.
  • K0325 – Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
  • K0332 – Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0333 – Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • K0336 – Knowledge of access authentication methods.

ID & Description

  • S0015 – Skill in conducting test events.
  • S0021 – Skill in designing a data analysis structure (i.e., the types of data a test must generate and how to analyze that data).
  • S0026 – Skill in determining an appropriate level of test rigor for a given system.
  • S0030 – Skill in developing operations-based testing scenarios.
  • S0048 – Skill in systems integration testing.
  • S0060 – Skill in writing code in a currently supported programming language (e.g., Java, C++).
  • S0061 – Skill in writing test plans.
  • S0082 – Skill in evaluating test plans for applicability and completeness.
  • S0104 – Skill in conducting Test Readiness Reviews.
  • S0107 – Skill in designing and documenting overall program Test & Evaluation strategies.
  • S0110 – Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
  • S0112 – Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
  • S0115 – Skill in preparing Test & Evaluation reports.
  • S0117 – Skill in providing Test & Evaluation resource estimate.
  • S0367 – Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

ID & Description

  • A0123 – Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0170 – Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.

ID & Description

    • T0012 – Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
    • T0021 – Build, test, and modify product prototypes using working models or theoretical models.
    • T0053 – Design and develop cybersecurity or cybersecurity-enabled products.
    • T0056 – Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
    • T0061 – Develop and direct system testing and validation procedures and documentation.
    • T0067 – Develop architectures or system components consistent with technical specifications.
    • T0070 – Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
    • T0107 – Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
    • T0109 – Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
    • T0119 – Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization’s evaluation and validation requirements.
    • T0181 – Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
    • T0201 – Provide guidelines for implementing developed systems to customers or installation teams.
    • T0205 – Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
    • T0228 – Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
    • T0242 – Utilize models and simulations to analyze or predict system performance under different operating conditions.
    • T0304 – Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.
    • T0326 – Employ configuration management processes.
    • T0350 – Conduct a market analysis to identify, assess, and recommend commercial, Government off-the-shelf, and open source products for use within a system and ensure recommended products are in compliance with organization’s evaluation and validation requirements.
    • T0358 – Design and develop system administration and management functionality for privileged access users.
    • T0359 – Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
    • T0378 – Incorporates risk-driven systems maintenance updates process to address system deficiencies (periodically and out of cycle).
    • T0406 – Ensure that design and development activities are properly documented (providing a functional description of implementation) and updated as necessary.
    • T0447 – Design hardware, operating systems, and software applications to adequately address requirements.
    • T0449 – Design to security requirements to ensure requirements are met for all systems and/or applications.
    • T0464 – Develop detailed design documentation for component and interface specifications to support system design and development.
    • T0466 – Develop mitigation strategies to address cost, schedule, performance, and security risks.
    • T0480 – Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements.
    • T0488 – Implement designs for new or existing system(s).
    • T0518 – Perform security reviews and identify security gaps in architecture.
    • T0528 – Provide input to implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials.
    • T0538 – Provide support to test and evaluation activities.
    • T0541 – Trace system requirements to design components and perform gap analysis.
  • T0544 – Verify stability, interoperability, portability, and/or scalability of system architecture.
  • T0558 – Analyze user needs and requirements to plan and conduct system development.
  • T0559 – Develop designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations.
  • T0560 – Collaborate on cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).
Knowledge

ID & Description

  • K0001 – Knowledge of computer networking concepts and protocols, and network security methodologies.
  • K0002 – Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0003 – Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • K0004 – Knowledge of cybersecurity and privacy principles.
  • K0005 – Knowledge of cyber threats and vulnerabilities.
  • K0006 – Knowledge of specific operational impacts of cybersecurity lapses.
  • K0015 – Knowledge of computer algorithms.
  • K0018 – Knowledge of encryption algorithms.
  • K0024 – Knowledge of database systems.
  • K0027 – Knowledge of organization’s enterprise information security architecture.
  • K0028 – Knowledge of organization’s evaluation and validation requirements.
  • K0030 – Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
  • K0032 – Knowledge of resiliency and redundancy.
  • K0035 – Knowledge of installation, integration, and optimization of system components.
  • K0036 – Knowledge of human-computer interaction principles.
  • K0044 – Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • K0045 – Knowledge of information security systems engineering principles (NIST SP 800-160).
  • K0049 – Knowledge of information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • K0050 – Knowledge of local area and wide area networking principles and concepts including bandwidth management.
  • K0052 – Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
  • K0055 – Knowledge of microprocessors.
  • K0056 – Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • K0060 – Knowledge of operating systems.
  • K0061 – Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • K0063 – Knowledge of parallel and distributed computing concepts.
  • K0065 – Knowledge of policy-based and risk adaptive access controls.
  • K0066 – Knowledge of Privacy Impact Assessments.
  • K0067 – Knowledge of process engineering concepts.
  • K0073 – Knowledge of secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
  • K0081 – Knowledge of software development models (e.g., Waterfall Model, Spiral Model).
  • K0082 – Knowledge of software engineering.
  • K0084 – Knowledge of structured analysis principles and methods.
  • K0086 – Knowledge of system design tools, methods, and techniques, including automated systems analysis and design tools.
  • K0087 – Knowledge of system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • K0090 – Knowledge of system life cycle management principles, including software security and usability.
  • K0091 – Knowledge of systems testing and evaluation methods.
  • K0093 – Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
  • K0102 – Knowledge of the systems engineering process.
  • K0126 – Knowledge of Supply Chain Risk Management Practices (NIST SP 800-161).
  • K0139 – Knowledge of interpreted and compiled computer languages.
  • K0169 – Knowledge of information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • K0170 – Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
  • K0179 – Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • K0180 – Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • K0200 – Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • K0203 – Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • K0207 – Knowledge of circuit analysis.
  • K0212 – Knowledge of cybersecurity-enabled software products.
  • K0227 – Knowledge of various types of computer architectures.
  • K0260 – Knowledge of Personally Identifiable Information (PII) data security standards.
  • K0261 – Knowledge of Payment Card Industry (PCI) data security standards.
  • K0262 – Knowledge of Personal Health Information (PHI) data security standards.
  • K0276 – Knowledge of security management.
  • K0287 – Knowledge of an organization’s information classification program and procedures for information compromise.
  • K0297 – Knowledge of countermeasure design for identified security risks.
  • K0308 – Knowledge of cryptology.
  • K0322 – Knowledge of embedded systems.
  • K0325 – Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
  • K0332 – Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • K0333 – Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • K0336 – Knowledge of access authentication methods.
Skills

ID & Description

  • S0015 – Skill in conducting test events.
  • S0021 – Skill in designing a data analysis structure (i.e., the types of data a test must generate and how to analyze that data).
  • S0026 – Skill in determining an appropriate level of test rigor for a given system.
  • S0030 – Skill in developing operations-based testing scenarios.
  • S0048 – Skill in systems integration testing.
  • S0060 – Skill in writing code in a currently supported programming language (e.g., Java, C++).
  • S0061 – Skill in writing test plans.
  • S0082 – Skill in evaluating test plans for applicability and completeness.
  • S0104 – Skill in conducting Test Readiness Reviews.
  • S0107 – Skill in designing and documenting overall program Test & Evaluation strategies.
  • S0110 – Skill in identifying Test & Evaluation infrastructure (people, ranges, tools, instrumentation) requirements.
  • S0112 – Skill in managing test assets, test resources, and test personnel to ensure effective completion of test events.
  • S0115 – Skill in preparing Test & Evaluation reports.
  • S0117 – Skill in providing Test & Evaluation resource estimate.
  • S0367 – Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
Abilities

ID & Description

  • A0123 – Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • A0170 – Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
Tasks

ID & Description

    • T0012 – Analyze design constraints, analyze trade-offs and detailed system and security design, and consider life cycle support.
    • T0021 – Build, test, and modify product prototypes using working models or theoretical models.
    • T0053 – Design and develop cybersecurity or cybersecurity-enabled products.
    • T0056 – Design or integrate appropriate data backup capabilities into overall system designs, and ensure that appropriate technical and procedural processes exist for secure system backups and protected storage of backup data.
    • T0061 – Develop and direct system testing and validation procedures and documentation.
    • T0067 – Develop architectures or system components consistent with technical specifications.
    • T0070 – Develop Disaster Recovery and Continuity of Operations plans for systems under development and ensure testing prior to systems entering a production environment.
    • T0107 – Identify and direct the remediation of technical problems encountered during testing and implementation of new systems (e.g., identify and find work-arounds for communication protocols that are not interoperable).
    • T0109 – Identify and prioritize essential system functions or sub-systems required to support essential capabilities or business functions for restoration or recovery after a system failure or during a system recovery event based on overall system requirements for continuity and availability.
    • T0119 – Identify, assess, and recommend cybersecurity or cybersecurity-enabled products for use within a system and ensure that recommended products are in compliance with organization’s evaluation and validation requirements.
    • T0181 – Perform risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
    • T0201 – Provide guidelines for implementing developed systems to customers or installation teams.
    • T0205 – Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
    • T0228 – Store, retrieve, and manipulate data for analysis of system capabilities and requirements.
    • T0242 – Utilize models and simulations to analyze or predict system performance under different operating conditions.
    • T0304 – Implement and integrate system development life cycle (SDLC) methodologies (e.g., IBM Rational Unified Process) into development environment.
    • T0326 – Employ configuration management processes.
    • T0350 – Conduct a market analysis to identify, assess, and recommend commercial, Government off-the-shelf, and open source products for use within a system and ensure recommended products are in compliance with organization’s evaluation and validation requirements.
    • T0358 – Design and develop system administration and management functionality for privileged access users.
    • T0359 – Design, implement, test, and evaluate secure interfaces between information systems, physical systems, and/or embedded technologies.
    • T0378 – Incorporates risk-driven systems maintenance updates process to address system deficiencies (periodically and out of cycle).
    • T0406 – Ensure that design and development activities are properly documented (providing a functional description of implementation) and updated as necessary.
    • T0447 – Design hardware, operating systems, and software applications to adequately address requirements.
    • T0449 – Design to security requirements to ensure requirements are met for all systems and/or applications.
    • T0464 – Develop detailed design documentation for component and interface specifications to support system design and development.
    • T0466 – Develop mitigation strategies to address cost, schedule, performance, and security risks.
    • T0480 – Identify components or elements, allocate comprehensive functional components to include security functions, and describe the relationships between the elements.
    • T0488 – Implement designs for new or existing system(s).
    • T0518 – Perform security reviews and identify security gaps in architecture.
    • T0528 – Provide input to implementation plans, standard operating procedures, maintenance documentation, and maintenance training materials.
    • T0538 – Provide support to test and evaluation activities.
    • T0541 – Trace system requirements to design components and perform gap analysis.
  • T0544 – Verify stability, interoperability, portability, and/or scalability of system architecture.
  • T0558 – Analyze user needs and requirements to plan and conduct system development.
  • T0559 – Develop designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations.
  • T0560 – Collaborate on cybersecurity designs to meet specific operational needs and environmental factors (e.g., access controls, automated applications, networked operations, high integrity and availability requirements, multilevel security/processing of multiple classification levels, and processing Sensitive Compartmented Information).
Menu