A Vulnerability Assessor is sometimes known as a Vulnerability Assessment Analyst and not to be confused with a Penetration Tester. They are usually responsible for scanning through applications and systems to identify IT security vulnerabilities in a clients IT networks, systems and websites.
They are basically looking for flaws and will ultimately produce a document known as a ‘Vulnerability Assessment’ which the organisation can use to improve its overall IT and Data Security.
They will use a suite of vulnerability testing tools and techniques in order to identify exploits that cyber attackers could use against the organisation.
They will need to formally record any weaknesses or vulnerabilities that they find in the report that they produce for their client.
What are the typical job duties for a Vulnerability Assessor?
The job may involve developing automated vulnerability testing scripts, and using off the shelf vulnerability testing tools, to log security flaws in web based applications, IT networks and computer systems.
The role encompasses the collation of identified issues to be incorporated in a vulnerability assessment report that the client can use to improve their IT security.
The Vulnerability Assessors report will comprehensively show where these identified weaknesses are with suggestions on how to mitigate against them.
More specific Vulnerability Assessor responsibilities may include:
1) The identification of security flaws in systems, applications and web-based assets that cyber criminals could exploit.
2) Planning and performing relevant vulnerability tests on computer systems, networks or web-based applications across an organisations servers.
3) Designing and implementing new vulnerability testing tools and techniques that can be deployed during vulnerability testing on behalf of the client organisation.
4) Conducting a physical security assessment of an organisations systems, including servers and networks, ensuring that any unauthorised external physical interference is not actually possible.
5) Identifying the methods that cyber attackers may use to gain access to the clients systems, discovering existing exploits and weaknesses within the organisations security defenses.
6) Discovering inadequate or inappropriate security practices such as poor password policies and other human errors by a process of discovery. Recommending new processes and procedures to mitigate against future human error and the potential attacks associated with such failures.
7) Utilize a combination of automated and manual testing methods to validate the vulnerability testing methods, thereby reducing false positives.
8) Compilation and tracking of identified vulnerabilities, over time, for the efficient recording of IT security metrics that the organisation can then use to plot future progress against.
9) Report on all of the findings together into a formal Vulnerability Assessment document, highlighting all issues that have been uncovered together with recommended resolution actions to be taken by the organisation.
10) Presentation and explanation of the reports contents where necessary to all interested parties, such as senior IT management and directors.
11) Recommending a process of vulnerability testing that the organisation can implement on a regular basis in order to maintain a secure live environment in future as new threats and exploits emerge.
12) The Vulnerability Assessor could be engaged to verify that the organisations implementation of any assigned VULNERABILITY ASSESSMENT actions have succeeded in improving overall IT security.
13) Going forwards, the collected metrics can be analysed, and compared against pre-assessment metrics, to confirm the effectiveness of any of the vulnerability assessments recommended actions.
The job of Vulnerability Assessor is often a daytime role, working an average 40 hours per week. Short-term IT Vulnerability Assessor Contractors and Consultants may be paid a day rate where any additional work is chargeable.
What can you expect to earn as a Vulnerability Assessor? The position of an IT Vulnerability Assessor is an intermediate level role. Salaries will of course vary depending on your experience, qualifications, the organisation and sector plus whether you are employed on a full-time, short-term Contractor or Consultant basis.
According to SimplyHired* Average salary expectations for the role of Vulnerability Assessor are $56,000 or £43,076 at a conversion rate of 1.3 for USD/GBP.
* SimplyHired – http://www.simplyhired.com/salaries-k-vulnerability-assessor-jobs.html