Vulnerability Assessor Jobs


What is a vulnerability assessor?

A vulnerability assessor or analyst reviews the existing cyber security structure of an organisation to identify any vulnerabilities that could be exploited by malicious actors.

Analysts will use a number of vulnerability testing tools to scan the existing infrastructure for flaws and produce a vulnerability assessment report which will then be used by the company to improve their security measures.

What does a vulnerability assessor do?

Vulnerability assessors need to plan, organise and undertake regular assessments of the company’s defences, taking into consideration any developments in security best practice or in response to related attacks.

Some of the duties of vulnerability analysts include:

  • Identifying and logging security issues

This may involve producing automated vulnerability testing procedures or using testing tools to scan the business’ defence architecture for issues and flaws.

  • Physical testing

You may be required to examine the physical equipment relating to the IT systems or networks to ensure nothing has been compromised by malicious actors.

  • Reviewing security practices

It may be your responsibility to review security practices for weaknesses concerning human errors, such as poor password practices or poor phishing awareness.

  • Produce assessment documents and advise senior staff using them

With the vulnerability assessment documents you produce, you will need to use these to advise senior staff and other relevant colleagues on how best to proceed with security strategy to ensure the business is as protected as possible.

  • Reviewing changes made to ensure vulnerabilities are managed

Your vulnerability assessments will also need to be regularly reviewed to track the progress of the business based on your recommendations to monitor how well the vulnerabilities are dealt with.

What qualifications do I need to become a vulnerability assessor?

Typically, employers will be looking for a degree in computer science, mathematics or a related field to cyber security, however, this is not a necessity and those with enough relevant experience may not need a formal qualification.

Professional qualifications which may help you progress to this position include:

  • Certified Ethical Hacker (CEH)

  • Certified Penetration Tester (CPT)

  • Certified Information Systems Security Professional (CISSP)

  • Certified Vulnerability Assessor (CVA)

A number of jobs require the CISSP and penetration testing certification for candidates to be eligible for the role of vulnerability assessor.

How much do vulnerability analysts make?

IT Jobs Watch places the median salary of a vulnerability analyst in the UK as £52,750. In the US,Payscale reports the average salary as $77,000, with the lower 10% earning £62,000.

How do I become a vulnerability analyst?

As a specialist role, employers will typically expect 3+ years of related experience before considering you for the role of vulnerability assessor, but this will likely be more for those without formal qualifications.

Vulnerability assessment is also often related to the role of security consultant, so those struggling to find the right role might want to consider this route as well.

Vulnerability assessors are commonly also penetration testers and many start their careers in entry level security positions such as security administrators.

What’s the difference between a vulnerability assessor and a penetration tester?

While very similar in their skillsets, vulnerability assessors and penetration testers perform different tasks which set them apart.

Vulnerability assessors use assessment tools (or devise their own) to review the processes of an organisation’s defences for flaws or required improvements. On the other hand penetration testers employ methods typically used by malicious hackers to try and gain access to the organisation from the inside in order to recommend changes to the system where they find weaknesses.



Cyber-Exchange Member-Badge Full AFC POS RGB logo referenced on jobboard finder 90x90

We use cookies to provide you with the best possible browsing experience on our website. You can find out more below.
Cookies are small text files that can be used by websites to make a user's experience more efficient. The law states that we can store cookies on your device if they are strictly necessary for the operation of this site. For all other types of cookies we need your permission. This site uses different types of cookies. Some cookies are placed by third party services that appear on our pages.
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
SessionUsed to track your user session on our website.
ResolutionUsed to ensure the correct version of the site is displayed to your device.

More Details