Vulnerability Assessment Analyst

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Below are the Knowledge, Skills, Abilities and Tasks identified as being required to perform this work role.

Knowledge of computer networking concepts and protocols, and network security methodologies.
Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
K0003Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
K0004Knowledge of cybersecurity and privacy principles.
K0005Knowledge of cyber threats and vulnerabilities.
K0006Knowledge of specific operational impacts of cybersecurity lapses.
K0009Knowledge of application vulnerabilities.
K0019Knowledge of cryptography and cryptographic key management concepts
K0021Knowledge of data backup and recovery.
K0033Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).
K0044Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
K0056Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
K0061Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).
K0068Knowledge of programming language structures and logic.
K0070Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
K0089Knowledge of systems diagnostic tools and fault identification techniques.
K0106Knowledge of what constitutes a network attack and a network attack??s relationship to both threats and vulnerabilities.
K0139Knowledge of interpreted and compiled computer languages.
K0161Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
K0162Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).
K0167Knowledge of system administration, network, and operating system hardening techniques.
K0177Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
K0179Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
K0203Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).
K0206Knowledge of ethical hacking principles and techniques.
K0210Knowledge of data backup and restoration concepts.
K0224Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.
K0265Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.
K0287Knowledge of an organization’s information classification program and procedures for information compromise.
K0301Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).
K0308Knowledge of cryptology.
K0332Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
K0342Knowledge of penetration testing principles, tools, and techniques.
K0344Knowledge of an organization??s threat environment.
K0624Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
S0001Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.
S0009WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)
S0025Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).
S0044Skill in mimicking threat behaviors.
S0051Skill in the use of penetration testing tools and techniques.
S0052Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).
S0081Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).
S0120Skill in reviewing logs to identify evidence of past intrusions.
S0137Skill in conducting application vulnerability assessments.
S0171Skill in performing impact/risk assessments.
S0364Skill to develop insights about the context of an organization??s threat environment
S0367Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
A0001Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
A0044Ability to apply programming language structures (e.g., source code review) and logic.
A0120Ability to share meaningful insights about the context of an organization??s threat environment that improve its risk management posture.
A0123Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
T0010Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.
T0028Conduct and/or support authorized penetration testing on enterprise network assets.
T0138Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.
T0142Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.
T0188Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.
T0252Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).
T0549Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).
T0550Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).