Enterprise Architect

Develops and maintains business, systems, and information processes to support enterprise mission needs; develops information technology (IT) rules and requirements that describe baseline and target architectures.

Below are the Knowledge, Skills, Abilities and Tasks identified as being required to perform this work role.

Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004Knowledge of cybersecurity and privacy principles.
K0005Knowledge of cyber threats and vulnerabilities.
K0006Knowledge of specific operational impacts of cybersecurity lapses.
K0024Knowledge of database systems.
K0027Knowledge of organization’s enterprise information security architecture.
K0028Knowledge of organization’s evaluation and validation requirements.
K0030Knowledge of electrical engineering as applied to computer architecture (e.g., circuit boards, processors, chips, and computer hardware).
K0035Knowledge of installation, integration, and optimization of system components.
K0037Knowledge of Security Assessment and Authorization process.
K0043Knowledge of industry-standard and organizationally accepted analysis principles and methods.
K0044Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
K0052Knowledge of mathematics (e.g. logarithms, trigonometry, linear algebra, calculus, statistics, and operational analysis).
K0056Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
K0060Knowledge of operating systems.
K0061Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
K0063Knowledge of parallel and distributed computing concepts.
K0074Knowledge of key concepts in security management (e.g., Release Management, Patch Management).
K0075Knowledge of security system design tools, methods, and techniques.
K0082Knowledge of software engineering.
K0091Knowledge of systems testing and evaluation methods.
K0093Knowledge of telecommunications concepts (e.g., Communications channel, Systems Link Budgeting, Spectral efficiency, Multiplexing).
K0102Knowledge of the systems engineering process.
K0170Knowledge of critical infrastructure systems with information communication technology that were designed without system security considerations.
K0179Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0180Knowledge of network systems management principles, models, methods (e.g., end-to-end systems performance monitoring), and tools.
K0198Knowledge of organizational process improvement concepts and process maturity models (e.g., Capability Maturity Model Integration (CMMI) for Development, CMMI for Services, and CMMI for Acquisitions).
K0200Knowledge of service management concepts for networks and related standards (e.g., Information Technology Infrastructure Library, current version [ITIL]).
K0203Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
K0207Knowledge of circuit analysis.
K0211Knowledge of confidentiality, integrity, and availability requirements.
K0212Knowledge of cybersecurity-enabled software products.
K0214Knowledge of the Risk Management Framework Assessment Methodology.
K0227Knowledge of various types of computer architectures.
K0240Knowledge of multi-level security systems and cross domain solutions.
K0264Knowledge of program protection planning (e.g. information technology (IT) supply chain security/risk management policies, anti-tampering techniques, and requirements).
K0275Knowledge of configuration management techniques.
K0286Knowledge of N-tiered typologies (e.g. including server and client operating systems).
K0287Knowledge of an organization’s information classification program and procedures for information compromise.
K0291Knowledge of the enterprise information technology (IT) architectural concepts and patterns (e.g., baseline, validated design, and target architectures.)
K0293Knowledge of integrating the organization??s goals and objectives into the architecture.
K0299Knowledge in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
K0322Knowledge of embedded systems.
K0323Knowledge of system fault tolerance methodologies.
K0325Knowledge of Information Theory (e.g., source coding, channel coding, algorithm complexity theory, and data compression).
K0326Knowledge of demilitarized zones.
K0332Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
K0333Knowledge of network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
K0487Knowledge of network security (e.g., encryption, firewalls, authentication, honey pots, perimeter protection).
K0516Knowledge of physical and logical network devices and infrastructure to include hubs, switches, routers, firewalls, etc.
S0005Skill in applying and incorporating information technologies into proposed solutions.
S0024Skill in designing the integration of hardware and software solutions.
S0027Skill in determining how a security system should work (including its resilience and dependability capabilities) and how changes in conditions, operations, or the environment will affect these outcomes.
S0050Skill in design modeling and building use cases (e.g., unified modeling language).
S0060Skill in writing code in a currently supported programming language (e.g., Java, C++).
S0122Skill in the use of design methods.
S0367Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
S0374Skill to identify cybersecurity and privacy issues that stem from connections with internal and external customers and partner organizations.
A0008Ability to apply the methods, standards, and approaches for describing, analyzing, and documenting an organization’s enterprise information technology (IT) architecture (e.g., Open Group Architecture Framework [TOGAF], Department of Defense Architecture Framework [DoDAF], Federal Enterprise Architecture Framework [FEAF]).
A0015Ability to conduct vulnerability scans and recognize vulnerabilities in security systems.
A0027Ability to apply an organization’s goals and objectives to develop and maintain architecture.
A0038Ability to optimize systems to meet enterprise performance requirements.
A0051Ability to execute technology integration processes.
A0060Ability to build architectures and frameworks.
A0123Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
A0170Ability to identify critical infrastructure systems with information communication technology that were designed without system security considerations.
A0172Ability to set up a physical or logical sub-networks that separates an internal local area network (LAN) from other untrusted networks.
T0051Define appropriate levels of system availability based on critical system functions and ensure that system requirements identify appropriate disaster recovery and continuity of operations requirements to include any appropriate fail-over/alternate site requirements, backup requirements, and material supportability requirements for system recover/restoration.
T0084Employ secure configuration management processes.
T0090Ensure that acquired or developed system(s) and architecture(s) are consistent with organization’s cybersecurity architecture guidelines.
T0108Identify and prioritize critical business functions in collaboration with organizational stakeholders.
T0196Provide advice on project costs, design concepts, or design changes.
T0205Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
T0307Analyze candidate architectures, allocate security services, and select security mechanisms.
T0314Develop a system security context, a preliminary system security Concept of Operations (CONOPS), and define baseline system security requirements in accordance with applicable cybersecurity requirements.
T0328Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
T0338Write detailed functional specifications that document the architecture development process.
T0427Analyze user needs and requirements to plan architecture.
T0440Capture and integrate essential system capabilities or business functions required for partial or full system restoration after a catastrophic failure event.
T0448Develop enterprise architecture or system components required to meet user needs.
T0473Document and update as necessary all definition and architecture activities.
T0517Integrate results regarding the identification of gaps in security architecture.
T0521Plan implementation strategy to ensure that enterprise components can be integrated and aligned.
T0542Translate proposed capabilities into technical requirements.
T0555Document how the implementation of a new system or new interface between systems impacts the current and target environment including but not limited to security posture.
T0557Integrate key management functions as related to cyberspace.