PR-VAM-001 Vulnerability Assessment Analyst

Identifies, analyzes, and mitigates threats to internal information technology (IT) systems and/or networks.

Conducts assessments of threats and vulnerabilities; determines deviations from acceptable configurations, enterprise or local policy; assesses the level of risk; and develops and/or recommends appropriate mitigation countermeasures in operational and nonoperational situations.

Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known vulnerabilities.

Knowledges 35

Code Description Work Roles
K0001 Knowledge of computer networking concepts and protocols, and network security methodologies. 52
K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk). 52
K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. 52
K0004 Knowledge of cybersecurity and privacy principles. 52
K0005 Knowledge of cyber threats and vulnerabilities. 52
K0006 Knowledge of specific operational impacts of cybersecurity lapses. 52
K0009 Knowledge of application vulnerabilities. 6
K0019 Knowledge of cryptography and cryptographic key management concepts 8
K0021 Knowledge of data backup and recovery. 9
K0033 Knowledge of host/network access control mechanisms (e.g., access control list, capabilities lists). 5
K0044 Knowledge of cybersecurity and privacy principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 14
K0056 Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML). 11
K0061 Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]). 11
K0068 Knowledge of programming language structures and logic. 4
K0070 Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). 13
K0089 Knowledge of systems diagnostic tools and fault identification techniques. 3
K0106 Knowledge of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities. 6
K0139 Knowledge of interpreted and compiled computer languages. 8
K0161 Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). 3
K0162 Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored). 3
K0167 Knowledge of system administration, network, and operating system hardening techniques. 7
K0177 Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks). 12
K0179 Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 19
K0203 Knowledge of security models (e.g., Bell-LaPadula model, Biba integrity model, Clark-Wilson integrity model). 10
K0206 Knowledge of ethical hacking principles and techniques. 1
K0210 Knowledge of data backup and restoration concepts. 1
K0224 Knowledge of system administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems. 5
K0265 Knowledge of infrastructure supporting information technology (IT) for safety, performance, and reliability. 1
K0287 Knowledge of an organization's information classification program and procedures for information compromise. 18
K0301 Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump). 3
K0308 Knowledge of cryptology. 3
K0332 Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services. 14
K0342 Knowledge of penetration testing principles, tools, and techniques. 8
K0344 Knowledge of an organization’s threat environment. 1
K0624 Knowledge of Application Security Risks (e.g. Open Web Application Security Project Top 10 list) 13

Skills 12

Code Description Work Roles
S0001 Skill in conducting vulnerability scans and recognizing vulnerabilities in security systems. 6
S0009 WITHDRAWN: Skill in assessing the robustness of security systems and designs. (See S0027) 1
S0025 Skill in detecting host and network based intrusions via intrusion detection technologies (e.g., Snort). 3
S0044 Skill in mimicking threat behaviors. 1
S0051 Skill in the use of penetration testing tools and techniques. 2
S0052 Skill in the use of social engineering techniques. (e.g., phishing, baiting, tailgating, etc.). 2
S0081 Skill in using network analysis tools to identify vulnerabilities. (e.g., fuzzing, nmap, etc.). 2
S0120 Skill in reviewing logs to identify evidence of past intrusions. 2
S0137 Skill in conducting application vulnerability assessments. 2
S0171 Skill in performing impact/risk assessments. 2
S0364 Skill to develop insights about the context of an organization’s threat environment 1
S0367 Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 14

Abilities 4

Code Description Work Roles
A0001 Ability to identify systemic security issues based on the analysis of vulnerability and configuration data. 4
A0044 Ability to apply programming language structures (e.g., source code review) and logic. 1
A0120 Ability to share meaningful insights about the context of an organization’s threat environment that improve its risk management posture. 1
A0123 Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). 15

Tasks 8

Code Description Work Roles
T0549 Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications). 1
T0550 Make recommendations regarding the selection of cost-effective security controls to mitigate risk (e.g., protection of information, systems and processes). 1
T0010 Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives. 1
T0028 Conduct and/or support authorized penetration testing on enterprise network assets. 2
T0138 Maintain deployable cyber defense audit toolkit (e.g., specialized cyber defense software and hardware) to support cyber defense audit missions. 1
T0142 Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing. 1
T0188 Prepare audit reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions. 2
T0252 Conduct required reviews as appropriate within environment (e.g., Technical Surveillance, Countermeasure Reviews [TSCM], TEMPEST countermeasure reviews). 1