Vulnerability Assessment & Management

Vulnerability Assessment & Management

Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.



Below are the associated Work Roles. Click the arrow to expand/collapse the Work Role information and view the associated Core and Additional KSATs (Knowledge, Skills, Abilties, and Tasks). Items denoted by a * are CORE KSATs for every Work Role, while other CORE KSATs vary by Work Role. Click on the other blue links to further explore the information.
Vulnerability Assessment Analyst Work Role ID: 541 (NIST: PR-VA-001) Workforce Element: Cybersecurity

Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Core KSATs

KSAT ID Description KSAT
3B

Skill in conducting vulnerability scans and recognizing vulnerabilities in information systems and networks.

Skill
10A

Skill in conducting application vulnerability assessments.

Skill
10

Knowledge of application vulnerabilities.

Knowledge
22

* Knowledge of computer networking concepts and protocols, and network security methodologies.

Knowledge
92

Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

Knowledge
95B

Knowledge of penetration testing principles, tools, and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Knowledge
105

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge
108

* Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

Knowledge
150

Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

Knowledge
225A

Skill in the use of penetration testing tools and techniques, including specialized tools for non-traditional systems and networks (e.g., control systems).

Skill
411A

Analyze organization’s cybersecurity policies and configurations and evaluate compliance with regulations and organizational directives.

Task
685A

Maintain deployable cybersecurity audit toolkit (e.g., specialized cyber defense software and hardware) to support cybersecurity audit missions.

Task
692

Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.

Task
784

Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.

Task
922B

Skill in using network analysis tools, including specialized tools for non-traditional systems and networks (e.g., control systems), to identify vulnerabilities.​

Skill
940B

Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, control system and operational environments, enclave boundary, supporting infrastructure, and applications).

Task
1072

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge
1157

* Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity.

Knowledge
1158

* Knowledge of cybersecurity principles.

Knowledge
1159

* Knowledge of cyber threats and vulnerabilities.

Knowledge
6900

* Knowledge of specific operational impacts of cybersecurity lapses.

Knowledge
6935

* Knowledge of cloud computing service models Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS).

Knowledge
6938

* Knowledge of cloud computing deployment models in private, public, and hybrid environment and the difference between on-premises and off-premises environments.

Knowledge

Additional KSATs

KSAT ID Description KSAT
4

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Ability
27

Knowledge of cryptography and cryptographic key management concepts.

Knowledge
27B

Skill in assessing the application of cryptographic standards.

Skill
29

Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.

Knowledge
49

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge
63

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge
79

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge
81A

Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

Knowledge
102A

Ability to apply programming language structures (e.g., source code review) and logic.

Ability
102

Knowledge of programming language structures and logic.

Knowledge
128

Knowledge of systems diagnostic tools and fault identification techniques.

Knowledge
160

Skill in assessing the robustness of security systems and designs.

Skill
181A

Skill in detecting host and network based intrusions via intrusion detection technologies.

Skill
210

Skill in mimicking threat behaviors.

Skill
214B

Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

Knowledge
226

Skill in the use of social engineering techniques.

Skill
448

Conduct and/or support authorized penetration testing on enterprise network assets.

Task
801B

Knowledge of threat and risk assessment.

Knowledge
897A

Skill in performing impact/risk assessments.

Skill
904

Knowledge of interpreted and compiled computer languages.

Knowledge
939

Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).

Task
941A

Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).

Task
991

Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

Knowledge
992C

Knowledge of threat environments (e.g., first generation threat actors, threat activities).

Knowledge
992B

Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

Knowledge
1033

Knowledge of basic system administration, network, and operating system hardening techniques.

Knowledge
1038A

Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.

Knowledge
1069

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).

Knowledge
1141A

Knowledge of an organization’s information classification program and procedures for information compromise.

Knowledge
1142

Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).

Knowledge
3150

Knowledge of ethical hacking principles and techniques.

Knowledge
3222

Knowledge of data backup and restoration concepts.

Knowledge
3513

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Knowledge
6210

Knowledge of cloud service models and possible limitations for an incident response.

Knowledge
6660

Skill in reviewing logs to identify evidence of past intrusions.

Skill
6918

Ability to apply cybersecurity strategy to cloud computing service and deployment models, identifying proper architecture for different operating environments.

Ability