Vulnerability Assessor Jobs
What is a vulnerability assessor?
A vulnerability assessor or analyst reviews the existing cyber security structure of an organisation to identify any vulnerabilities that could be exploited by malicious actors.
Analysts will use a number of vulnerability testing tools to scan the existing infrastructure for flaws and produce a vulnerability assessment report which will then be used by the company to improve their security measures.
What does a vulnerability assessor do?
Vulnerability assessors need to plan, organise and undertake regular assessments of the company’s defences, taking into consideration any developments in security best practice or in response to related attacks.
Some of the duties of vulnerability analysts include:
Identifying and logging security issues
This may involve producing automated vulnerability testing procedures or using testing tools to scan the business’ defence architecture for issues and flaws.
You may be required to examine the physical equipment relating to the IT systems or networks to ensure nothing has been compromised by malicious actors.
Reviewing security practices
It may be your responsibility to review security practices for weaknesses concerning human errors, such as poor password practices or poor phishing awareness.
Produce assessment documents and advise senior staff using them
With the vulnerability assessment documents you produce, you will need to use these to advise senior staff and other relevant colleagues on how best to proceed with security strategy to ensure the business is as protected as possible.
Reviewing changes made to ensure vulnerabilities are managed
Your vulnerability assessments will also need to be regularly reviewed to track the progress of the business based on your recommendations to monitor how well the vulnerabilities are dealt with.
What qualifications do I need to become a vulnerability assessor?
Typically, employers will be looking for a degree in computer science, mathematics or a related field to cyber security, however, this is not a necessity and those with enough relevant experience may not need a formal qualification.
Professional qualifications which may help you progress to this position include:
Certified Ethical Hacker (CEH)
Certified Penetration Tester (CPT)
Certified Information Systems Security Professional (CISSP)
Certified Vulnerability Assessor (CVA)
A number of jobs require the CISSP and penetration testing certification for candidates to be eligible for the role of vulnerability assessor.
How much do vulnerability analysts make?
How do I become a vulnerability analyst?
As a specialist role, employers will typically expect 3+ years of related experience before considering you for the role of vulnerability assessor, but this will likely be more for those without formal qualifications.
Vulnerability assessment is also often related to the role of security consultant, so those struggling to find the right role might want to consider this route as well.
Vulnerability assessors are commonly also penetration testers and many start their careers in entry level security positions such as security administrators.
What’s the difference between a vulnerability assessor and a penetration tester?
While very similar in their skillsets, vulnerability assessors and penetration testers perform different tasks which set them apart.
Vulnerability assessors use assessment tools (or devise their own) to review the processes of an organisation’s defences for flaws or required improvements. On the other hand penetration testers employ methods typically used by malicious hackers to try and gain access to the organisation from the inside in order to recommend changes to the system where they find weaknesses.