Job Descriptions

Use this tool to access job descriptions for your next hire. Search by skills or job titles and download the job description to help you get started. Tip: You can use this tool to help ensure your own resume is up-to-date with the latest job requirements.

You may search job titles by skills within selected career category
Information System Security Officer (ISSO)
Chief Information Security Officer (CISO)
Information Security (IS) Auditor
Security Architect
Security Automation Engineer
Secure Software Assessor
Cryptographer/Cryptanalyst
Information Systems Security Developer
Operational Technology Systems Analyst
Security Engineer
Supply Chain Security Analyst
Security Testing and Evaluation Specialist
Identity Management & Authentication Support Specialist
Encryption / Key Management Support Specialist
Data Privacy Specialist
Cybersecurity Operations Technician
Cybersecurity Incident Responder
Cybersecurity Malware Specialist
Digital Forensics Analyst
Cybersecurity Operations Analyst
Vulnerability Assessment Analyst Information Systems Security Manager - Cybersecurity Operations
Threat Hunter
Cybersecurity Operational Technology Incident Responder
Penetration Tester
Data Scientist (AI)
Machine Learning Engineer
Computer Vision Engineer
Automation Process Engineer
IT Service Manager
Systems Engineer
Full Stack Developer
Front End Developer
User Interface Designer
User Experience Designer
Software Engineer
Programmer
Systems Analyst
Developer
Data Engineer
Data Scientist (Tech)
Data Analyst
Project Manager
Technical Recruiter
Product Manager
Social Media Manager
Business Analyst
Policy Analyst
Learning and Development Specialist
Architectural Designer
IT Author / Technical Writer
Cognitive Copywriter
Clinical Researcher / Coordinator
Legal Compliance Officer
IT Auditor
Deep Learning Engineer
Robotics Process Analyst
IT Program Manager
IT Procurement Officer
Network and Systems Administrator
Web Developer
Systems Architect
Online/Digital Learning Developer
Human Resources Analyst
Medical Coder/Programmer
Tech Sales and Customer Service
Business Intelligence Analyst
Graphic and Animation Designer
Digital Marketing / Communications

Vulnerability Assessment Analyst

PROTECT & DEFEND

Skills

Job Description

Other Titles Include

  • Vulnerability tester
  • Vulnerability assessor
  • Vulnerability assessment manager

Note: This role is most commonly found in large or medium-sized organizations.

Reporting relationship

To be completed by the user of this job description as appropriate.

Job purpose / summary

Scans applications and operating systems to identify flaws, and vulnerabilities; and conducts and presents vulnerability assessments on an organization’s networks and systems.

Duties and responsibilities

  • Identify critical flaws in applications and systems that cyber actors could exploit
  • Conduct vulnerability assessments of relevant technology (e.g., computing environment, network and supporting infrastructure, and applications)
  • Prepare and present comprehensive vulnerability assessments;
  • Conduct network security audits and scanning
  • Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense operations
  • Prepare audit reports that identify technical and procedural findings, and make recommendations on corrective strategies and solutions
  • Conduct and/or support authorized penetration testing on organization networks and systems
  • Define and review requirements for information security solutions
  • Make recommendations on the selection of cost-effective security controls to mitigate risks
  • Develop, deliver, and oversee training material and educational efforts

Tools and Technology

  • Organizational security policies, procedures and practices
  • VA tools
  • Vulnerability management policies, processes and practices
  • Common vulnerability databases

Competencies

KSAs applied at the basic level:

  • Advanced threat actor tools, techniques and protocols
  • Penetration testing principles, tools, and techniques
  • Risk management processes for assessing and mitigating risks
  • System administration concepts
  • Cryptography and cryptographic key management concepts
  • Cryptology
  • Identifying security issues based on the analysis of vulnerability and configuration data
  • Vulnerability management policies, processes and practices

KSAs applied at an advanced level:

  • VA planning and scheduling including system risks and mitigations
  • System and application security threats and vulnerabilities
  • System administration, network, and operating system hardening techniques
  • Packet analysis using appropriate tools
  • Conducting vulnerability scans and recognizing vulnerabilities in security systems
  • Conducting vulnerability/impact/risk assessments
  • Reviewing system logs to identify evidence of past intrusions
  • Using network analysis tools to identify vulnerabilities

Direct reports (if appropriate)

To be completed by the user of this job description as appropriate

Qualifications

Education. Post-secondary education (degree or diploma in related computer science or IT field.

Training in cybersecurity systems, vulnerability assessment and analysis. Vendor-based vulnerability system training, or equivalent training and experience

Certifications.

To be completed by the user of this job description as appropriate

Other relevant qualifications.

To be completed by the user of this job description as appropriate

Key Attributes.

To be completed by the user of this job description as appropriate

Experience. 2 – 3 years in a network or cybersecurity operations role.

This is often a tier 2 position within a cybersecurity operations environment that is normally preceded by 2-3 years in a network or operational security role. This can lead to increased specialization as a vulnerability analyst, red/blue team leader, penetration tester or management roles.

Working conditions (if required)

If the job requires a person to work in special working conditions this should be stated in the job description. Special working conditions cover a range of circumstances from regular evening and weekend work, shift work, working outdoors, working with challenging clients, and so forth.

Physical requirements (if appropriate)

If the job is physically demanding, this should be stated in the job description. A physically demanding job is one where the incumbent is required to stand for extended periods of time, lift heavy objects on a regular basis, do repetitive tasks with few breaks, and so forth.