Information System Security Developer Job Profile

What is an Information System Security Developer

The Information Systems Security Developer designs, develops, tests, and evaluates information system security throughout the systems development life cycle.

Information Systems Security Developer must know

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • computer algorithms.
  • encryption algorithms
  • database systems.
  • organization’s enterprise information security architecture.
  • organization’s evaluation and validation requirements.
  • electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
  • resiliency and redundancy.
  • installation, integration, and optimization of system components.
  • human-computer interaction principles.
  • cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • information security systems engineering principles (NIST SP 800-160).
  • information technology (IT) security principles and methods (e.g., firewalls, demilitarized zones, encryption).
  • local area and wide area networking principles and concepts including bandwidth management.
  • mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
  • microprocessors.
  • network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • operating systems.
  • how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology
  • Infrastructure Library, current version [ITIL]).
  • parallel and distributed computing concepts.
  • policy-based and risk adaptive access controls.
  • Privacy Impact Assessments.
  • process engineering concepts.
  • secure configuration management techniques. (e.g., Security Technical Implementation Guides (STIGs), cybersecurity best practices on cisecurity.org).
  • software development models (e.g., Waterfall Model, Spiral Model).
  • software engineering.
  • structured analysis principles and methods.
  • system design tools, methods, and techniques, including automated systems analysis and design tools.
  • system software and organizational design standards, policies, and authorized approaches (e.g., International Organization for Standardization [ISO] guidelines) relating to system design.
  • system life cycle management principles, including software security and usability.
  • systems testing and evaluation methods.
  • telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
  • the systems engineering process.
  • Supply Chain Risk Management Practices (NIST SP 800-161)
  • interpreted and compiled computer languages.
  • information technology (IT) supply chain security and supply chain risk management policies, requirements, and procedures.
  • critical infrastructure systems with information communication technology that were designed without system security considerations.
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
  • service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
  • security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • Personally Identifiable Information (PII) data security standards.
  • Payment Card Industry (PCI) data security standards.
  • Personal Health Information (PHI) data security standards.
  • security management.
  • an organization’s information classification program and procedures for information compromise.
  • countermeasure design for identified security risks.
  • cryptology.
  • embedded systems.
  • Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
  • network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
  • network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • access authentication methods.

Information Systems Security Developer must be able to

  • identify systemic security issues based on the analysis of vulnerability and configuration data.
  • apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open
  • Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF],
  • Federal Enterprise Architecture Framework [FEAF]).
  • ask clarifying questions.
  • communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.
  • conduct vulnerability scans and recognize vulnerabilities in security systems.
  • produce technical documentation.
  • analyze test data.
  • translate data and test results into evaluative conclusions.
  • apply network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • apply secure system design tools, methods and techniques.
  • apply system design tools, methods, and techniques, including automated systems analysis and design tools.
  • ensure security practices are followed throughout the acquisition process.
  • design architectures and frameworks.
  • collaborate effectively with others.
  • function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
  • participate as a member of planning teams, coordination groups, and task forces as necessary.
  • understand objectives and effects.
  • understand the basic concepts and issues related to cyber and its organizational impact.
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • identify critical infrastructure systems with information communication technology that were designed without system security consideration.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel