Cybersecurity Job Description: Vulnerability Assessment/Management Specialist
A Vulnerability Assessment and Management specialist conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.
- Below is a sampling of the abilities, tasks and responsibilities for the Vulnerability Assessment and Management specialty:
- Analyzes organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
- Conducts and/or support authorized penetration testing on enterprise network assets.
- Maintains a deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
- Prepares audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
- Conducts required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
- Performs technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
- Consults with organizations’ leadership and makes recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).
Visit the National Initiative for Cybersecurity Careers and Studies website for an exhaustive list of the tasks and responsibilities.
The following certification, education, and training is recommended for positions in Cyber Security Analysis: are required for each level of cybersecurity analysis employment:
Vulnerability Assessment Job Requirements
As a rule the certifications, education, and training recommendations for entry level employment are more flexible than mid-level and leadership level employment.
Recommended Certifications: Certifications addressing new attack vectors (emphasis on cloud computing technology, mobile platforms and tablet computers), new vulnerabilities, existing threats to operating environments, managing, maintaining, troubleshooting, installing, configuring basic network infrastructure..
Recommended Education: A minimum of an AS degree in the following areas: Computer science, cybersecurity, information technology, software engineering, information systems, computer engineering.
Recommended Training: Systems administration, basic cyber analysis/operations, intermediate cyber core, cyber threat modeling.
Be sure to visit the NICCS website to learn more about getting the proper certifications and training needed to be successful in the Cybersecurity Career Field.
To learn more about becoming a Cyber Warrior, check out the College Recon Guide to Cybersecurity Careers.