Working in Vulnerability Analysis
Vulnerability Analysts tend to be the Cyber Security professionals who have an interest in dissecting systems. Coming in at the final stage of analysis, the expectation is for you to uncover the weaknesses that are essentially invisible to most other humans’ eyes – aka other IT experts. From these findings you will then share your recommendations with the business.
Your recommendations are compiled into a vulnerability assessment, which is the comprehensive list of your findings, and acts as a proposal from which the business can apply your suggested improvements. Excellent writing skills are thus crucial for Vulnerability Analysis roles as these reports go to the executive level, other areas of the business and technical stakeholders so it’s important that language is clear and free of jargon.
Individuals working in Vulnerability Analysis should have excellent interpersonal skills as it is expected that they will work closely and collaboratively with internal and external stakeholders as they perform their risk based technical assessments. They should extend those communication skills to their colleagues, building up trust and respect in order to influence action to drive vulnerability remediation and reach operational and strategic targets.
Vulnerability Analyst jobs cut across various parts of the business in as far as contributing to risk strategy, collaborating with the engineering teams to understand where their expertise can be most effective and assist with remediation and mitigation strategies.
It’s critical for those working in Vulnerability Analysis to maintain an up-to-date knowledge of the threat landscape in order to stay ahead of attacker tactics and procedures. Working not only across operating systems but also networks and applications, Vulnerability Analysts will spend their days trawling for flaws that could be exploited by malicious hackers. They will use a combination of automated and manual tools and techniques to pinpoint those flaws, such as Nessus, Qualys, Kenna, Rapid7, Acunetix, ZAP and BurpSuite, among others.
Working in either an in-house position or on a consulting basis, the premise of vulnerability analysis is to get into the mindset of a hacker in much the same way as a Penetration Tester does. Though while a Pen Tester or Ethical Hacker simply identifies the risks in a network or system, the Vulnerability Analyst goes a step or two further searching for vulnerabilities and providing solutions to help manage those vulnerabilities.
Careers in Vulnerability Analysis tend to originate with those who have achieved a bachelor’s in Computer Science, Cyber Security, Programming or something similar, though you could just as likely impress an employer with 1-2 years’ hands-on industry experience within a similar role. Experience with Cloud platforms AWS and Azure is beneficial, as is programming and scripting knowledge. You could also look at professional certifications such as CompTIA, Network+, CompTIA Security+ and CompTIA Pen Test+.