How do I Become an Vulnerability Assessor?
Vulnerability Assessor Job Overview
A Vulnerability Assessor (a.k.a. Vulnerability Assessment Analyst) scans applications and operating systems to identify trouble, vulnerabilities, and flaws. This individuals then presents findings in a comprehensive, prioritized document known as the Vulnerability Assessment. Other terminology for this job includes vulnerability assessment analyst, vulnerability researcher, and cyber security assessor.
Vulnerability Assessor Job Duties
- Conduct assessments in support of Cyber Vulnerability Assessments (CVA)
- Identify vulnerabilities and flaws in systems and applications
- Design assessments for networks and operating systems
- Assist with penetration testing procedures
- Methodically analyze problems, and identify solutions to those problems whether vulnerabilities or cyber securities breaches
- Engage with cyber incident response
- Write an exhaustive vulnerability assessment
- Present vulnerability assessment findings with upper management and assessment team
- Ethical Hacking
- Define recommendations for cyber security solutions
- Retain a compiled list of vulnerabilities for track recording and metrics
- Train administrators on all matters related to vulnerability assessment
Vulnerability Assessment Vs. Penetration Test
We agree with David Miessler when he states that vulnerability assessments are about exhaustive lists, and penetrations tests and specific goal-oriented tests such as ethical hacks.
Vulnerability assessments should identify the myriad of issues related to a security system. White box approaches are recommended as are of course remedies for these issues.
Though penetration tests often deliver a report, the report outlines the specific security breaches that were achievable during the penetration test. If you would like a more in-depth look into the distinctions between penetration tests and vulnerability assessments, check out our resources section at the bottom of the page.
Vulnerability Assessor Career Pathway
Based on your starting point (whether you’re already active in cyber security, a service member, IT specialist, or a student) there are a few paths to entering the field of vulnerability assessment. We’ve listed some different levels at which you can engage in security jobs below. These levels will depend on the typical number of years of experience associated with career stages (entry, middle, senior) as well as how specialized your education is. For an in-depth look at how job experience in cyber security and education levels compare and contrast, check out our guide on how to prepare for a career in cyber security.
A note on this position: you will only truly need an associate degree to start, though evaluate the job market and take a look at what many jobs prefer. Many key positions will ask for a bachelor’s degree, though years of experience and a thorough understanding of what the role entails are very impressive to many employers and will be enough for some roles even without a bachelor’s.
A note on the positions below: Some job titles are tiered within that position- a position labeled “mid-level” for example, may have a range between mid to advanced.
- Entry level: junior vulnerability assessor,system administrator, security administrator
- Mid-Level Level: penetration tester, vulnerability assessor, security auditor, Vulnerability Assessment Analyst
- Senior Level: Vulnerability Assessment Analyst, CISO, Security director, Cyber threat analyst
Vulnerability Assessor Technical Skills
- Unix/Linux and Windows
- Hardware and Software
- Web-based applications
- Understanding of secure frameworks like NIST, HIPPA,SOX
- Reverse engineering
- Develop exploit code using Metasploit
Vulnerability Assessor Soft Skills
- Out-of-box thinking
- Strong Oral and Written Communication
- Training others
Vulnerability Assessor Job Outlook and Salary
There are thousands of jobs available for vulnerability analysts/assessors across the nation. According to Glassdoor, the median salary of a vulnerability assessor is $83,017 though can range from $64,000 – $95,000+ It is important to note, however, that this salary range will depend on the job level itself- (whether or not it is entry, mid, or senior), location, and how much of an educational background you have. As this position is still developing consistent language describing itself, the job title is difficult to come by in some searches. We recommend also searching for “cyber assessor” and “vulnerability assessment analyst”.
Vulnerability Assessor Resources
- For information how to utilize the G.I Bill Head to the U.S. Department of Veteran Affairs
- An in-depth look at the difference between a vulnerability assessment and a penetration test.
- Ready to take your skills to the next level become and Certified Expert Penetration Tester (CEPT)
- If you’re ready to start you job hunt Indeed.com is a great place to start!