PR-VAM-001 Vulnerability Assessment Analyst

Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Knowledges 35

Code	Description	Work Roles
K0001	Knowledge of computer networking concepts and protocols, and network security methodologies.	52
K0002	Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).	52
K0003	Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.	52
K0004	Knowledge of cybersecurity and privacy principles.	52
K0005	Knowledge of cyber threats and vulnerabilities.	52
K0006	Knowledge of specific operational impacts of cybersecurity lapses.	52
K0009	Knowledge of application vulnerabilities.	6
K0019	Knowledge of cryptography and cryptographic key management concepts	8
K0021	Knowledge of data backup and recovery.	9
K0033	Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists).	5
K0044	Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	14
K0056	Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).	11
K0061	Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).	11
K0068	Knowledge of programming language structures and logic.	4
K0070	Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).	13
K0089	Knowledge of systems diagnostic tools and fault identification techniques.	3
K0106	Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities.	6
K0139	Knowledge of interpreted and compiled computer languages.	8
K0161	Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).	3
K0162	Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).	3
K0167	Knowledge of system administration, network, and operating system hardening techniques.	7
K0177	Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).	12
K0179	Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).	19
K0203	Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model).	10
K0206	Knowledge of ethical hacking principles and techniques.	1
K0210	Knowledge of data backup and restoration concepts.	1
K0224	Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems.	5
K0265	Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability.	1
K0287	Knowledge of an organization's information classification program and procedures for information compromise.	18
K0301	Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).	3
K0308	Knowledge of cryptology.	3
K0332	Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.	14
K0342	Knowledge of penetration testing principles, tools, and techniques.	8
K0344	Knowledge of an organization’s threat environment.	1
K0624	Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list)	13

Skills 12

Code	Description	Work Roles
S0001	Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems.	6
S0009	WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027)	1
S0025	Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort).	3
S0044	Skill in mimicking threat behaviors.	1
S0051	Skill in the use of penetration testing tools and techniques.	2
S0052	Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.).	2
S0081	Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.).	2
S0120	Skill in reviewing logs to identify evidence of past intrusions.	2
S0137	Skill in conducting application vulnerability assessments.	2
S0171	Skill in performing impact/risk assessments.	2
S0364	Skill to develop insights about the context of an organization’s threat environment	1
S0367	Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	14

Abilities 4

Code	Description	Work Roles
A0001	Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.	4
A0044	Ability to apply programming language structures (e.g., source code review) and logic.	1
A0120	Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture.	1
A0123	Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).	15

Tasks 8

Code	Description	Work Roles
T0549	Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).	1
T0550	Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes).	1
T0010	Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives.	1
T0028	Conduct and/or support authorized penetration testing on enterprise network assets.	2
T0138	Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions.	1
T0142	Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing.	1
T0188	Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions.	2
T0252	Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews).	1