Discover the Skills of a Vulnerability Assessment Analyst

Learning Objectives

After completing this unit, you’ll be able to:

• Describe a vulnerability assessment analyst career path.
  
• List key skills relevant to the role of a vulnerability assessment analyst.
  

A Vulnerability Assessment Analyst Career

Let’s explore whether you’d be a good fit for the role of a vulnerability assessment analyst by starting with some questions.

Who are you?

Do you like to think like an attacker in order to defend against them? Do you like to identify patterns during analysis? Do you like to prioritize things and make recommendations? If so, then vulnerability assessment analysis might be the career for you.

What do you like to do?

Vulnerability assessment analysts perform assessments of systems and networks to identify where those systems and networks deviate from acceptable configurations. They also scan applications and systems to identify vulnerabilities and make recommendations on how to further secure them. Their goal is to detect weaknesses in networks and software, and then take measures to correct flaws and strengthen security within the system. 

Vulnerability assessment analysts measure the effectiveness of the organization’s architecture in protecting against known vulnerabilities. They are knowledgeable about applicable policies and regulations. And they analyze the organization’s cyber defense policies and configurations to evaluate compliance with these requirements. They also create and maintain vulnerability management policies, procedures, and training. 

To give you a closer look, let’s meet Dacso, a vulnerability assessment analyst at a technology company. On a daily basis, Dacso is involved in maintaining the software and hardware necessary to audit cyber defenses. On a typical day, Dacso does the following.

• Evaluates technology, people, and operations to assess the risks and vulnerabilities associated with the local computing environment, network and infrastructure, and system boundaries
  
• Performs scans to identify possible network security and host-based vulnerabilities, and completes regular audits with manual testing techniques
  
• Prepares reports that detail findings and provides recommended remediation strategies
  
• Tracks vulnerabilities and mitigation results over time for metrics purposes
  

What type of team do you want to work with?

The role of vulnerability assessment analyst can be an in-house position or a consultant hired for specific times or tasks. Either way, the job is an important one: to determine critical security flaws and figure out how to fix them. The larger the organization, the more vulnerability assessment analysts they may employ. You can work for many industries, including government organizations, defense contractors, manufacturers, and more.

What are other common names for this role? 

Other common names for this role include blue team technician or security analyst, to name a few. 

What is the career trajectory for this role? 

Most vulnerability assessment analysts can grow into managing security or network operations centers, as well as penetration testers. 

Why should you consider this career?

The role of vulnerability assessment analyst pays well, and is expected to continue to be in demand. Further the career offers an opportunity to positively impact an organization and growth opportunities.

Vulnerability Assessment Analyst Skills

Like Dacso, you’re excited about helping organizations think like an attacker in order to protect against them, and identify patterns in your organization’s system weaknesses to help prioritize remediations. So, what education and skills do you need to pursue this career?

Education

A bachelor’s degree in computer science, cybersecurity, or a related field is typically good to have, but not a deal breaker.

Experience

Typically, employers look for candidates with anywhere from 2 to 6 years of experience in information systems, infrastructure design, or network security. 

Certifications

To help you skill up and get your foot in the door, pursuing a certification is a great idea. Here are some common certifications for vulnerability assessment analysts (note that some of these are broader security training while others are more specialized).

• The Computing Technology Industry Association (CompTIA) Network+, Security+, and PenTest+
  
• The International Information System Security Certification Consortium (ISC)² Certified Information Systems Security Professional (CISSP)
  
• Mile2’s Certified Vulnerability Assessor (CVA)
  
• EC-Council’s Certified Ethical Hacker (CEH)
  

Knowledge

As a vulnerability assessment analyst, it is key to have a solid understanding of the basics—like industry standard scoring models, including the Common Vulnerability Scoring System (CVSS), security frameworks like the International Organization for Standardization and International Electrotechnical Commission ISO/IEC 27001/27002, and the Health Insurance Portability and Accountability Act (HIPAA). You should also have familiarity with network security architecture concepts like topology, protocols, and components. And you should understand how traffic flows across the network, including understanding the transmission control protocol (TCP), internet protocol (IP), and Open Systems Interconnection Model (OSI model). 

It’s also critical to have knowledge of application vulnerabilities like SQL injection, cross-site scripting (XSS), and more, plus security threats and penetration testing principles. Additional areas of expertise that are helpful include high-level knowledge of how to conduct vulnerability scans, network analysis tools, malware, and forensics.

Business Skills

In addition to these technical skills, it’s also critical to sharpen your business skills. A huge part of being successful as a vulnerability assessment analyst is having strong written and verbal communication and problem-solving skills. You should be naturally curious, creative, detail oriented and enjoy educating others about security topics. 

Sum It Up

In this module, you’ve been introduced to the goals of vulnerability assessment and analysis. You’ve learned more about the importance of vulnerability assessment in preventing the misuse of systems by malicious actors. You’ve also discovered the duties, skills, and qualifications of a vulnerability assessment analyst. 

In the next module, Responsibilities of a Vulnerability Assessment Analyst, you learn how to understand your vulnerability footprint, scan for and assess vulnerabilities, track vulnerability remediation, and report on progress. Interested in learning more about cybersecurity roles and hearing from security professionals? Check out the Cybersecurity Learning Hub on Trailhead.

Resources

• External Site: National Institute of Standards and Technology (NIST): Common Vulnerability Scoring System (CVSS)
  
• External Site: International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC): ISO/IEC 27001/27002
  
• External Site: CompTIA: Your Next Move: Vulnerability Analyst
  
• External Site: National Initiative for Cybersecurity Careers and Studies (NICCSTM) Vulnerability Assessment and Management