Vulnerability Analyst Job Description
Vulnerability analyst
provides ongoing support for security controls such as single sign-on, multifactor authentication, encryption, security logging infrastructure, security monitoring and web application firewall.
Vulnerability Analyst Duties & Responsibilities
To write an effective vulnerability analyst job description, begin by listing detailed duties, responsibilities and expectations. We have included vulnerability analyst job description templates that you can modify and use.
Sample responsibilities for this position include:
Perform incident response and information security auditing
Lead vulnerability assessments and security reviews through a comprehensive testing process to identifying weaknesses and vulnerabilities within the systems that affect the confidentiality, integrity and availability of electronic protected health information and other sensitive company data
Web application security assessments (e.g., exploiting web app vulnerabilities such as sql injection, cross-site scripting, parameter manipulation, session hijacking)
Analyze vulnerability test reports and suggest remediation / mitigation plan
Update security tools for logging /monitoring, and increasing coverage of existing tools
Responsible for executing programs for user awareness, compliance monitoring, and security compliance
Use advanced level of understanding in their cyber specialization their general understanding of several cyber related disciplines to investigate and analyze all response activities related to cyber incidents
Collect, aggregate, synthesize, analyse and report on data from multiple sources and formats
Provide technical support to system owners to propose mitigation and remediation solutions to identified vulnerability and security issues
Assist CHI in improving the security posture capability by researching technical threat areas
Vulnerability Analyst Qualifications
Qualifications for a job description may include education, certification, and experience.
Licensing or Certifications for Vulnerability Analyst
List any licenses or certifications required by the position: CISSP, GPEN, GCIH, CISA, IAT, III, CEH, US, EN, ITIL
Education for Vulnerability Analyst
Typically a job would require a certain level of education.
Employers hiring for the vulnerability analyst job most commonly would prefer for their future employee to have a relevant degree such as Bachelor's and Master's Degree in Computer Science, Information Security, Technical, Education, Engineering, Information Technology, Cyber Security, Information Systems, Web Development, Technology
Skills for Vulnerability Analyst
Desired skills for vulnerability analyst include:
Information security principles
Application security
CCSS
Vulnerability attack methods
Controls
Auditing
Authentication
Encryption
Integrity
Interoperability
Desired experience for vulnerability analyst includes:
BA or BS degree in Security, International Relations, National Security, Criminal Justice, or a related field
Schedule and perform scans when required
Demonstrated experience with common penetration testing and vulnerability assessment tools such as nmap, wireshark, Nessus, NeXpose, BackTrack, Metasploit, AppScan, WebInspect, Burp Suite
Proven analytical and problem solving skills, the desire to assist others in solving issues
Minimum of 5 years professional work experience which must be directly related to the development of information security solutions and/or the analysis of information security event logs, vulnerabilities
Five years of information technology experience including project management and security concepts for technology systems (OSI model, applications, platforms)
Vulnerability Analyst Examples
1
Vulnerability Analyst Job Description
Job Description Example
Our company is looking for a vulnerability analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability analyst
- Recommend security and mitigating controls to reduce technical and business risk
- Enhance the Vulnerability Management Lifecycle Program for all environments
- Reporting vulnerabilities to Management and to ensure the organization remediation efforts meet GIS standards
- Vulnerability and Security Research
- Gathers security related information across multiple electronic, computer and development environments
- Participates in information security audits to proactively minimize and eliminate information security vulnerabilities
- Application Code review and reporting of the vulnerabilities
- Performs detailed security evaluations associated with designing and installing Qualys Guard Enterprise Vulnerability Management
- Help coordinate, coach, develop, and lead the team responsible for risk assessments, inventory and remediation planning
- Develop and maintain data collection configurations for vulnerability and compliance management
Qualifications for vulnerability analyst
- Experience with vulnerability scanning tools required - Experience with POA&M management required - Self-starter that can work independently with minimal direction - Experience with information assurance processes and the NIST Risk Management Framework desired
- 2 years of experience with research, counterintelligence, intelligence analysis, security, or data science
- Experience with host-based detection tools
- BA or BS degree or 4+ years of experience with intelligence analysis and counterintelligence
- Knowledge of existing information technology products, including network, security, analytic, and infrastructure-related tools
- Possession of excellent critical thinking, data gathering, data analysis, report writing, leadership, presentation, analytic, quantitative, time management, and consulting skills
2
Vulnerability Analyst Job Description
Job Description Example
Our growing company is looking for a vulnerability analyst. Please review the list of responsibilities and qualifications. While this is our ideal list, we will consider candidates that do not necessarily have all of the qualifications, but have sufficient experience and talent.
Responsibilities for vulnerability analyst
- Support other SMAC initiatives and technologies
- Assist in development and implementation of an information security vulnerability management policies, procedures, and standards
- Perform and oversee research of special topics that may arise coincidently to the technical assessments, and prepare structured studies and analyses as appropriate
- Oversee enterprise vulnerability assessment program and maintain tools used to perform the ongoing assessments
- Configure and coordinate network and application penetration tests as needed
- Provide risk assessment of vulnerabilities identified and pen test results
- Utilize threat and CERT advisories to potential impact to enterprise posed by various vulnerabilities
- Oversee global patch management program and work with global contacts to ensure that critical patches are deployed
- Develop and maintain remediation and mitigation processes with Security team to address or resolve risks associated with vulnerabilities
- Monitor and report on remediation and/or mitigation progress to leadership team
Qualifications for vulnerability analyst
- 5 years of experience with counterintelligence, intelligence analysis, security, or data science in a range of threat mitigation issues
- Knowledge of investigative methodologies and decomposing behavioral profiles to develop investigative plans
- Possession of excellent leadership, presentation, analytic, quantitative, and data gathering skills
- Either 3+ years of relevant analytic experience or a bachelor’s degree
- 3 years of experience with host-based detection tools and advanced analytic methodologies
- Undergraduate degree and 4-6 years relevant vulnerability assessment experience, or equivalent combination of education and work experience
3
Vulnerability Analyst Job Description
Job Description Example
Our innovative and growing company is hiring for a vulnerability analyst. To join our growing team, please review the list of responsibilities and qualifications.
Responsibilities for vulnerability analyst
- Execution and support of vulnerability analysis activities in support of Common Criteria certifications of products (technical report review, follow-up investigation with focus on hardware, crypto libraries, and operating systems)
- Identifying and analysing emerging threats that could affect technology platforms managed in the region
- Providing advice and guidance on the mitigation of risks associated with vulnerabilities and non-compliance with Operational Security Standards liaising with regional/country technology teams as required
- Performing periodic and ad-hoc vulnerability assessments, assessing newly identified vulnerabilities and it impact on the enterprise and communicate to respective stake holders
- As a member of the extended Global IT Security team, working closely with peers to provide a cohesive and collaborative end-to-end security function
- Liaising with relevant governance, platform, service delivery and management areas
- Build good relationships with teams, and stakeholders at all levels
- Ensure parameters are established and monitor process quality and performance metrics
- Responsible for configuring and maintaining vulnerability assessment tools, performing scans, researching and analyzing vulnerabilities, identifying relevant threats, corrective action recommendations, summarizing and reporting results
- Keep current with vulnerabilities, attacks, and countermeasures devoting time to research and development activities
Qualifications for vulnerability analyst
- Bachelor's degree in IT Security, Information Systems, or Computer Science or equivalent experience
- Minimum of 6 years of progressive experience in information technology including 4 years in systems and or applications security, including maintenance and use of security products in a distributed enterprise environment
- Appropriate security certifications, such as CISSP, CISA, C|EH
- Required demonstrated knowledge of information technology security, trends, leading practices, and regulatory and industry standard compliance issues such as, Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Standard (PCI), and FIPS-140
- Progressive background and experience in administering and supporting all areas of information technology
- Assist in development of security-related software development processes including coding standards, technical documentation standards, QA processes, build, and configuration management
4
Vulnerability Analyst Job Description
Job Description Example
Our company is looking to fill the role of vulnerability analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability analyst
- Recommend solutions to remediate issues identified from application security testing
- Manage the life cycle of application security vulnerabilities, from identification to validation and remediation
- Manage policies in application security preventive and detective tools
- Develop a formalized threat and vulnerability management program including a fully accessible and manageable CMDB / inventory of assets (or a combination of such systems resulting in this capability)
- Enhances the current patching standards and processes and cover vulnerabilities across all system assets (operating systems, applications, mobile apps, phones, network systems like routers and switches, all other company systems)
- Tracks the CVSS DB entries and receives daily alerts from several external sources (including but not limited to the NRF-ISACs, InfraGard, CERTs, ext
- Partners with the other security functions and IT to understand the data flow across systems to understand the exposure risk and attack surface for a specific vulnerability to prioritize actions and risk responses
- Proactively establishes good working relationships with external sources and other key parties
- Perform regular security analysis of items assigned management
- Fulfill risk assessments around vulnerability and threat management and supports the risk assessment process and documents findings in the risk register
Qualifications for vulnerability analyst
- Knowledge of common attack methodologies
- Proficiency in the use of manual and automated techniques for scanning, vulnerability, and penetration testing of networks, applications, operating systems, databases, and email systems
- Sound knowledge of network protocols, operating systems and management systems with hands-on experience
- Knowledge of TCP/IP networking and standard protocols (FTP, SMTP, HTTP, SNMP)
- Interactions, hand-offs
- Works with Security Architecture to establish and document standard security policies and procedures
5
Vulnerability Analyst Job Description
Job Description Example
Our company is looking for a vulnerability analyst. Thank you in advance for taking a look at the list of responsibilities and qualifications. We look forward to reviewing your resume.
Responsibilities for vulnerability analyst
- Analyze or produce current state documentation and deliver regular reports to management regarding projects affecting vulnerability and threat management capability
- Forecast updates on the threat landscape or other critical issues with the development of a security intelligence capability
- Perform relevant industry research and shares finding with the security team and other parties via regular verbal and written communication
- Provide influence over the overall information security program via attack surface reduction efforts
- Determine security requirements by evaluating business strategies and requirements, researching information security standards, conducting system security and vulnerability analyses, threat modeling and risk assessments, studying architecture/platform, identifying integration issues, preparing cost estimates
- Drive the architecture for key security aspects of the core framework throughout the stack (infrastructure, platform and application) and develop designs geared towards massive scalability and availability
- Design security systems by evaluating network and security technologies, developing requirements for Application offerings, DDoS protections, and related security and network devices
- Drive developers and engineering managers to adopt architectural changes in security and adapt to the emerging security requirements and technologies, coach engineers to overturn assumptions and think big
- Collaborate effectively with peer Architects and Application development teams to solve complex problems spanning their respective areas and resolve technological disagreement with informed, rational debate
- Lead security projects from inception to creation of guidelines used to deployed security components into production
Qualifications for vulnerability analyst
- Involvement with the enterprise project management office in testing new systems and software for vulnerabilities prior to go-live
- Provides guidance to ITS and hospital staff on security policy and standards
- Bachelor's degree in computer science, MIS, or related field or equivalent experience
- 2-5 years of Information Security in various disciplines
- Demonstrated leadership in the realm of information security to internal and external customers
- Proven experience with Vulnerability testing