NSA: Cybersecurity Career Options


Posted on by Divya Aradhya

Use a Web browser connected to the Internet to explore the career options in cybersecurity at the U.S. National Security Agency. For what kind of InfoSec jobs does the NSA recruit? What qualifications do the jobs you found call for? (“Management of Information Security”, p.91)

The “Careers” page of the NSA (“Careers Job Search”) lists the following types jobs, with required qualifications (apart from the necessity of being a U.S. citizen)-

  • Cryptanalytic Computer Network Operations Development Program
    • Bachelor’s degree in Computer Science, Computer Engineering, Electrical Engineering, Mathematics (including Applied Math); or a related field (i.e., other Engineering or Math) with at least one programming and at least four upper-level math classes (Calculus and above).
    • Relevant experience in a computer science area (i.e. theoretical or applied), designing/developing/using/evaluating mathematic models, methods, and/or techniques (e.g., algorithm development) to study issues and solve problems, engineering (electrical or computer), and/or high performance computing.
  • Offensive Cyber Software Engineer
    • Bachelor’s degree in Computer Science (CS) or related field (e.g., Computer Engineering, Software Engineering, Systems Engineering, Mathematics, Physics, Electrical Engineering, Mechanical Engineering, Computer Security, Computer Forensics, Network Engineering). Degrees in Information Technology, Information Systems, Information Security, Networking (Systems Administration), and Information Assurance may be considered relevant if the programs contain, at minimum, a concentration of courses in the following foundational CS areas: algorithms; computer architecture (not network architecture); programming methodologies and languages; data structures; logic and computation; and upper-level mathematics (for example, calculus, discrete mathematics).
    • Relevant experience in engineering hardware and/or software over their lifecycle (i.e., requirements analysis, design, development, implementation, testing, integration, deployment/installation, and maintenance), programming, vulnerability analysis, penetration testing, computer forensics, and/or systems engineering.
    • Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course) will be considered towards the relevant experience requirement (i.e., 24-week JCAC course will count as 6 months of experience)
  • Cryptologic Cyber Planner
    • Bachelor’s degree plus 3 years of relevant experience or a Master’s degree plus 1 year of relevant experience or a Doctoral degree and no experience. An Associate’s degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
    • Degree must be in Computer Science (CS). Related fields (e.g., Engineering, Mathematics) may be considered relevant if the programs contain, at minimum, a concentration of courses in the following foundational CS areas: algorithms; computer architecture (not network architecture); programming methodologies and languages; data structures; logic and computation; and advanced mathematics (for example, calculus, discrete mathematics). Information Technology (IT) or Information Systems (IS) degrees may be considered relevant if the programs contain the amount and type of coursework equivalent to a CS major.
    • Relevant experience must be in computer or information systems design/development/analysis. In addition, it may also include engineering hardware and/or software, programming, computer/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering and/or network and system administration.
    • Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course) will be considered towards the relevant experience requirement (i.e., 24-week JCAC course will count as 6 months of experience).
  • Digital Network Exploitation Analyst
    • Bachelor’s degree plus 3 years of relevant experience or a Master’s degree plus 1 year of relevant experience or a Doctoral degree and no experience. An Associate’s degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
    • Degree must be in Computer Science (CS). Related fields (e.g., Engineering, Mathematics) may be considered relevant if the programs contain, at minimum, a concentration of courses in the following foundational CS areas: algorithms; computer architecture (not network architecture); programming methodologies and languages; data structures; logic and computation; and advanced mathematics (for example, calculus, discrete mathematics). Information Technology (IT) or Information Systems (IS) degrees may be considered relevant if the programs contain the amount and type of coursework equivalent to a CS major.
    • Relevant experience must be in computer or information systems design/development/analysis. In addition, it may also include engineering hardware and/or software, programming, computer/network security, vulnerability analysis, penetration testing, computer forensics, information assurance, systems engineering and/or network and system administration.
    • Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course) will be considered towards the relevant experience requirement (i.e., 24-week JCAC course will count as 6 months of experience).
  • Cryptographic Vulnerability Analyst
    • Bachelor’s degree plus 3 years of relevant experience, or a Master’s degree plus 1 year of relevant experience, or a Doctoral degree and no experience. An Associate’s degree plus 5 years of relevant experience may be considered for individuals with in-depth experience that is clearly related to the position.
    • Degree must be in Mathematics, Engineering, Computer Science or include 2 years (i.e., 24 credit hours) of advanced mathematics.
    • Relevant experience must be in the design, development, use and evaluation of mathematics models, methods, or techniques (e.g., cryptographic algorithms) to study issues and solve problems; and in vulnerability analysis, penetration testing, or computer forensics. In addition, may include information/cyber/network security and/or information assurance.
    • Completion of military training in a relevant area such as JCAC (Joint Cyber Analysis course), Undergraduate Cyber Training (UCT), Network Warfare Bridge Course (NWBC)/Intermediate Network Warfare Training (INWT), Cyber Defense Operations will be considered towards the relevant experience requirement (i.e., 20-24 weeks course will count as 6 months of experience, 10-14 weeks will count as 3 months of experience).

Chapter 2: Exercise 4

Using the Web, go to www.eff.org. What are the current top concerns of this organization? (“Management of Information Security”, p.91)

The current issues that the Electronic Frontier Foundation (EFF) is working with are (“Issues”)-

  • Free Speech –  Section 230 of the Communications Decency Act
    Section 230 says that “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider”.
    EFF works towards ensuring sufficient legal protections for Internet intermediaries and users and fights threats that would weaken such protections.
  • Creativity and Innovation – Reclaim Invention

The EFF is encouraging universities to sign a pledge that ensures that before selling or licensing its patents to a third party (usually for-profit companies), it will assess the business practices of that party and make sure that it will use those patents responsibly. This is to ensure that inventions to universally beneficial, and prevent it from being abused as a profit-making tool.

  • International – Imprisoned Bloggers and Technologists

This is an offline initiative of the EFF to help protect coders, designers, ethical hackers, and bloggers who are threatened or detained for their work.

  • Privacy and Transparency – NSA Spying

The EFF has carefully documented the illegal NSA spying activities since 2005, and is actively fighting these practices in court.

  • Security – Encrypting the Web

The EFF has been pushing for all websites to move the default web protocol from HTTP to the more secure HTTPS.

References

Whitman, Michael E. Management of Information Security, 5th Edition. Cengage Learning, 20160411. VitalBook file.

National Security Agency. (n.d.). Careers Job Search. Retrieved from https://www.nsa.gov/psp/applyonline/EMPLOYEE/HRMS/c/HRS_HRAM.HRS_APP_SCHJOB.GBL?Page=HRS_APP_SCHJOB&Action=U&FOCUS=Applicant&SiteId=1

Electronic Frontier Foundation. (n.d.). Issues | Electronic Frontier Foundation. Retrieved from https://www.eff.org/work