Vulnerability Assessment Analyst

Performs assessments of systems and networks within the NE or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.
Core KSATs
KSAT ID | Description | KSAT |
---|---|---|
3 | Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. |
Skill |
10 | Knowledge of application vulnerabilities. |
Knowledge |
10A | Skill in conducting application vulnerability assessments. |
Skill |
22 | * Knowledge of computer networking concepts and protocols, and network security methodologies. |
Knowledge |
92 | Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). |
Knowledge |
95A | Knowledge of penetration testing principles, tools, and techniques. |
Knowledge |
105 | Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). |
Knowledge |
108 | * Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). |
Knowledge |
150 | Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. |
Knowledge |
225 | Skill in the use of penetration testing tools and techniques. |
Skill |
411 | Analyze organization’s cyber defense policies and configurations and evaluate compliance with regulations and organizational directives. |
Task |
685 | Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions. |
Task |
692 | Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing. |
Task |
784 | Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions. |
Task |
922 | Skill in using network analysis tools to identify vulnerabilities. |
Skill |
940A | Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications). |
Task |
1072 | Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). |
Knowledge |
1157 | * Knowledge of national and international laws, regulations, policies, and ethics as they relate to cybersecurity. |
Knowledge |
1158 | * Knowledge of cybersecurity principles. |
Knowledge |
1159 | * Knowledge of cyber threats and vulnerabilities. |
Knowledge |
6900 | * Knowledge of specific operational impacts of cybersecurity lapses. |
Knowledge |
Additional KSATs
KSAT ID | Description | KSAT |
---|---|---|
4 | Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. |
Ability |
27 | Knowledge of cryptography and cryptographic key management concepts. |
Knowledge |
27B | Skill in assessing the application of cryptographic standards. |
Skill |
29 | Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools. |
Knowledge |
49 | Knowledge of host/network access control mechanisms (e.g., access control list). |
Knowledge |
63 | Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). |
Knowledge |
79 | Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]). |
Knowledge |
81A | Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. |
Knowledge |
102A | Ability to apply programming language structures (e.g., source code review) and logic. |
Ability |
102 | Knowledge of programming language structures and logic. |
Knowledge |
160 | Skill in assessing the robustness of security systems and designs. |
Skill |
181A | Skill in detecting host and network based intrusions via intrusion detection technologies. |
Skill |
210 | Skill in mimicking threat behaviors. |
Skill |
214B | Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). |
Knowledge |
226 | Skill in the use of social engineering techniques. |
Skill |
448 | Conduct and/or support authorized penetration testing on enterprise network assets. |
Task |
897A | Skill in performing impact/risk assessments. |
Skill |
904 | Knowledge of interpreted and compiled computer languages. |
Knowledge |
939 | Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews). |
Task |
941A | Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes). |
Task |
991 | Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). |
Knowledge |
992A | Knowledge of threat environments. |
Knowledge |
992B | Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). |
Knowledge |
1033 | Knowledge of basic system administration, network, and operating system hardening techniques. |
Knowledge |
1038A | Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. |
Knowledge |
1069 | Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks). |
Knowledge |
1141A | Knowledge of an organization’s information classification program and procedures for information compromise. |
Knowledge |
1142 | Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). |
Knowledge |
3150 | Knowledge of ethical hacking principles and techniques. |
Knowledge |
3222 | Knowledge of data backup and restoration concepts. |
Knowledge |
3513 | Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems. |
Knowledge |
6660 | Skill in reviewing logs to identify evidence of past intrusions. |
Skill |