Vulnerability Assessment Analyst Job Profile

Discover more salary details for Vulnerability Assessment – Static Analysis

Vulnerability Assessment Analyst

Vulnerability Assessment Analyst performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Professional Certification

Vulnerability Assessment Analyst must know:

  • computer networking concepts and protocols, and network security methodologies.
  • risk management processes (e.g., methods for assessing and mitigating risk).
  • laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • cybersecurity and privacy principles.
  • cyber threats and vulnerabilities.
  • specific operational impacts of cybersecurity lapses.
  • application vulnerabilities.
  • cryptography and cryptographic key management concepts
  • data backup and recovery.
  • host/network access control mechanisms (e.g., access control list, capabilities lists).
  • cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
  • network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
  • how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
  • programming language structures and logic.
  • system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • systems diagnostic tools and fault identification techniques.
  • what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.
  • interpreted and compiled computer languages.
  • different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
  • cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
  • system administration, network, and operating system hardening techniques.
  • cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
  • security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
  • ethical hacking principles and techniques.
  • data backup and restoration concepts.
  • system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
  • infrastructure supporting information technology (IT) for safety, performance, and reliability.
  • an organization’s information classification program and procedures for information compromise.
  • packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
  • cryptology.
  • network protocols such as TCP/IP, Dynamic Host

Key skills of the Vulnerability Assessment Analyst include:

  • conducting vulnerability scans and recognizing vulnerabilities in security systems.
  • assessing the robustness of security systems and designs. (See System Architecture)
  • detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
  • mimicking threat behaviors.
  • the use of penetration testing tools and techniques.
  • the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
  • using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
  • reviewing logs to identify evidence of past intrusions.
  • conducting application vulnerability assessments.
  • performing impact/risk assessments.
  • develop insights about the context of an organization’s threat environment
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Vulnerability Assessment Analyst must be able to:

  • identify systemic security issues based on the analysis of vulnerability and configuration data.
  • apply programming language structures (e.g., source code review) and logic.
  • share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.
  • apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?