Total 50,483 skills, Security & Compliance has 1971 skills
Showing 12 of 1971 skills
Guides security assessment of embedded and cyber-physical systems on hardware-in-the-loop (HIL) test benches—bench setup, ECU/ECM or PLC targets, bus interfaces (CAN/CAN-FD, LIN, automotive Ethernet, Modbus at high level), fault injection and stimulus design, simulated plant/environment integration, attack-surface monitoring on real hardware, reproducible test cases, lab safety interlocks, and evidence capture for firmware and vehicle security teams. Use for HIL security testing, ECU security assessment, CAN bus security, PLC HIL test, fault injection lab, embedded hardware security—not web/API pentest (web-pentester), network-only pentest (network-pentester), malware/binary RE only (reverse-engineer), SOC operations (soc-analyst), AI red team (ai-redteam), classified ISSO paperwork (information-systems-security-officer-classified-specialist), or pure software CI without hardware (build-validator).
Guides secure software delivery and DevSecOps for cleared/classified or high-side programs—disconnected or air-gapped CI/CD, artifact promotion across classification boundaries (conceptual), SBOM/signing/ provenance, SAST/DAST/secrets/IaC/container gates, supply-chain controls, STIG/CIS deploy baselines, IaC for classified landing zones, cleared developer workstations, build/deploy audit logging, and ATO/RMF pipeline evidence (not SSP ownership). Use for classified DevSecOps, cleared pipeline, high-side CI/CD, air-gapped build, cross-domain release, classified software delivery, STIG pipeline, ATO evidence CI, SBOM classified, secure software factory—not portfolio cyber governance (classified-cyber-security-senior-manager), ISSO/SSP (information-systems-security-officer-classified-specialist), commercial-only DevSecOps (devsecops), general DevOps (devops), build-only validation (build-validator), pentest (penetration-tester), or enterprise GRC-only (compliance-specialist).
Conducts external reconnaissance using Open Source Intelligence (OSINT) techniques to map an organization's external attack surface without directly interacting with target systems. The tester gathers information from public sources including DNS records, certificate transparency logs, search engines, social media, code repositories, and data breach databases to build a comprehensive target profile. Activates for requests involving OSINT reconnaissance, external footprinting, attack surface mapping, or passive information gathering.
Presents a risk framework for every configurable security control in NemoClaw. Use when evaluating security posture, reviewing sandbox security defaults, or assessing control trade-offs. Trigger keywords - nemoclaw security best practices, sandbox security controls risk framework, nemoclaw credential storage, openshell provider, api key security, openclaw security controls, nemoclaw security boundary, prompt injection, tool access control.
Tax setup and compliance — sales tax, VAT, duty collection, tax-exempt customers, reporting
Query unified Sigma, Splunk, Elastic, KQL, Sublime, and CrowdStrike security detection rules via MCP server with MITRE ATT&CK mapping and coverage analysis
Security & compliance skill suite providing OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response workflows for AI coding agents
Analyze and understand Avast Premium Security features, protection mechanisms, and security architecture for antivirus research and educational purposes
Comprehensive Android APK security analysis with static/dynamic testing, RASP detection, Frida instrumentation, and MASVS compliance scoring
Security audit and compliance automation suite with OWASP scanning, CVE detection, GDPR/SOC2 audits, threat modeling, and incident response playbooks
Security & compliance skill suite with OWASP scanning, CVE detection, GDPR audits, SOC2 readiness, threat modeling, and incident response workflows
Detect and analyze Minecraft cheat clients, hack tools, and malicious game modifications for server protection