Cyber Degrees

  • Degree Programs
    • Associate Degrees
    • Bachelor’s Degrees
    • Certificate Programs
    • Master’s Degrees
    • PhD Programs
    • Online Associate Degrees
    • Online Bachelor’s Degrees
    • Online Certificate Programs
    • Online Master’s Degrees
    • Online PhD Programs
  • Rankings
    • Top Schools
    • Top 18 Online Bachelor’s Degrees
    • Top 20 Online Bachelor’s in IT Degrees
    • Top 30 Online Certificate Programs
    • Top 22 Online Computer Forensics Programs
    • Top 25 Online Master’s in Cyber Security Degrees
    • Top 20 Online Master’s in Information Assurance Programs
    • Top 22 Online Master’s in Information Technology Programs
  • Colleges by State
    • Alabama
    • Alaska
    • Arizona
    • Arkansas
    • California
    • Colorado
    • Connecticut
    • Delaware
    • Florida
    • Georgia
    • Hawaii
    • Idaho
    • Illinois
    • Indiana
    • Iowa
    • Kansas
    • Kentucky
    • Louisiana
    • Maine
    • Maryland
    • Massachusetts
    • Michigan
    • Minnesota
    • Mississippi
    • Missouri
    • Montana
    • Nebraska
    • Nevada
    • New Hampshire
    • New Jersey
    • New Mexico
    • New York
    • North Carolina
    • North Dakota
    • Ohio
    • Oklahoma
    • Oregon
    • Pennsylvania
    • Rhode Island
    • South Carolina
    • South Dakota
    • Tennessee
    • Texas
    • Utah
    • Vermont
    • Virginia
    • Washington
    • Washington, D.C.
    • West Virginia
    • Wisconsin
    • Wyoming
  • Professional Training
    • Cyber Security Bootcamps
    • Cyber Security Certifications
    • Free Online Cyber Security Courses
  • Career Paths
    • Chief InfoSec Officer
    • Cryptographer
    • Forensics Expert
    • Incident Responder
    • Penetration Tester
    • Security Administrator
    • Security Analyst
    • Security Architect
    • Security Auditor
    • Security Consultant
    • Security Director
    • Security Engineer
    • Security Manager
    • Security Software Developer
    • Security Specialist
    • Source Code Auditor
    • Vulnerability Assessor

Become a Vulnerability Assessor

What Does a Vulnerability Assessor Do?

What is a Vulnerability Assessor?

A Vulnerability Assessor (a.k.a. Vulnerability Assessment Analyst) scans applications and systems to identify vulnerabilities. In other words, you are looking for trouble, searching a network for critical flaws. What’s more, you’ll often be expected to present your findings in a comprehensive, prioritized list – the Vulnerability Assessment – that organizations can use as a blueprint for improvements.

It’s a role for folks who love picking systems apart. In the final analysis, you’ll be expected to identify weaknesses that may be completely invisible to other IT experts. Just as importantly, you’ll have to prioritize these findings and make practical, business-focused recommendations. It’s a fact of life that companies may not be able to handle all of their IT security problems at once.

Vulnerability Assessor Job Responsibilities

As an analyst, your major deliverable is the Vulnerability Assessment report. To that end, you may be required to:

  • Identify critical flaws in applications and systems that cyber attackers could exploit
  • Conduct vulnerability assessments for networks, applications and operating systems
  • Conduct network security audits and scanning on a predetermined basis
  • Use automated tools (e.g. Nessus) to pinpoint vulnerabilities and reduce time-consuming tasks
  • Use manual testing techniques and methods to gain a better understanding of the environment and reduce false negatives
  • Develop, test and modify custom scripts and applications for vulnerability testing
  • Manually validate report findings to reduce false positives
  • Compile and track vulnerabilities over time for metrics purposes
  • Write and present a comprehensive Vulnerability Assessment
  • Review and define requirements for information security solutions
  • Supply hands-on training for network and systems administrators
  • Develop and maintain a vulnerability assessment database
Note: Vulnerability assessment is also an umbrella term that covers physical security (e.g. locks, buildings, money in transit, etc.) and cyber security. We are only dealing with cyber security responsibilities.

Vulnerability Assessor Careers

Vulnerability Assessor Career Paths

Like Penetration Testers, a lot of Vulnerability Assessors get interested in hacking during school or university. There is no rule that says a Vulnerability Assessor can’t also be a Pen Tester. In fact, most cyber experts take on multiple tasks, including the role of a:

  • Source Code Auditor
  • Forensics Expert
  • Cryptanalyst

And so on. The blanket term for all these jobs is often Security Consultant.

Vulnerability Assessor vs. Penetration Tester

For a clear sense of the difference between Vulnerability Assessors and Penetration Testers, check out Daniel Miessler’s article, The Difference Between a Vulnerability Assessment and a Penetration Test:

“Vulnerability Assessments are designed to yield a prioritized list of vulnerabilities and are generally for clients who already understand they are not where they want to be in terms of security. The customer already knows they have issues and simply need help identifying and prioritizing them.”

“Penetration Tests are designed to achieve a specific, attacker-simulated goal and should be requested by customers who are already at their desired security posture. A typical goal could be to access the contents of the prized customer database on the internal network, or to modify a record in an HR system.”

In Miessler’s words, Vulnerability Assessors are list-orientated and Pen Testers are goal-orientated.

Similar Job Titles

A Vulnerability Assessor can also be known as a:

  • Vulnerability Assessment Analyst
  • Vulnerability Researcher
  • Cyber Assessor
  • Security Assessor
  • Security Control Assessor
  • Software Assurance Assessor

A number of folks also find work as outside Security Consultants.

Vulnerability Assessor Salaries

This is a super-specialized job, so salary figures can be tricky to pin down.

  • According to Payscale, the median salary for a Security Assessor is $90,000.
  • SimplyHired calculates the average salary for a Vulnerability Assessor to be $62,356 (2019 figures). For the term Vulnerability Assessor Analyst, the average salary estimate is $65,644 (2019 figures).

As a cyber security specialist, you’re likely to be earning $70-$80K in the Midwest and $85-$95K on the East and West Coasts.

Vulnerability Assessor Job Requirements

Requirements for Vulnerability Assessor jobs will depend on the company and its mission. For example, a position as a Tier 2 Vulnerability Assessor with the DHS is going to require a BS or MS and 6-12 years of in-depth experience with malware, forensics and incident detection. But if you’re starting out in a junior-level position, you may only need an AS and a few years of security-related experience in an IT job.

Do some market research, talk to your mentors and reach out to experts in the field before you make any decisions. You can also get your feet wet with a bootcamp. For example, the capstone project in Springboard’s 6-month Cybersecurity Career Track camp includes a comprehensive risk and vulnerability assessment. And Evolve Security offers a Penetration Testing option. Or you can network at the DIMVA Conference on Detection of Intrusions and Malware & Vulnerability Assessment.

Degree Requirements

The degree requirement will depend on the company and the nature of the job. For a small’ish company, an associate or bachelor’s degree in Computer Science, Cyber Security or the equivalent is nice to have in your back pocket. Once you start looking the super-charged options (e.g. classified government work, jobs in large companies, senior-level positions, etc.) you’ll need a BS or an MS.

Work Experience

Experience requirements vary according to the level of job difficulty. The general standard for a cyber security specialist job is 2-3 years of related work experience in the field. However, senior-level openings often specify 5-7 years—and sometimes even higher.

Hard Skills

Employers can be picky when it comes to technical skills. We have pulled out some general requirements, but we recommend you check current job listings to see where the market is heading.

  • Windows, UNIX and Linux operating systems
  • C, C++, C#, Java, ASM, PHP, PERL
  • Network scanning tools (e.g. Nessus, ACAS, RETINA, Gold Disk, etc.)
  • Computer hardware and software systems
  • Web-based applications
  • Security frameworks (e.g. ISO 27001/27002, NIST, HIPPA, SOX, etc.)
  • Security tools and products (Fortify, AppScan, etc.)
  • Vulnerability analysis and reverse engineering
  • Metasploit framework
Note: Programming is only required if you’re assessing applications. Network vulnerability assessors won’t usually need it.

Soft Skills

Here’s the thing about Vulnerability Assessors and Pen Testers – they don’t necessarily play by the rules. That’s why they’re so good at their jobs. This is not to say employers will be happy to see a criminal record, but they will be interested in knowing if you are curious, creative and off-the-wall in your approach. Your job, after all, is to think like a bad guy.

Other important soft skills include an anal-retentive attention to detail, a puzzler’s brain and strong oral and written abilities. In addition to drafting reports, you will be educating IT teams about better security practices.

Certifications for Vulnerability Assessors

We’ve listed a variety of certifications that crop up in job descriptions. Mile2 has a specific vulnerability assessment certification (CVA), but CISSP and penetration testing certs are often cited as must-haves.

  • CEH: Certified Ethical Hacker
  • CPT: Certified Penetration Tester
  • CEPT: Certified Expert Penetration Tester
  • GPEN: GIAC Certified Penetration Tester
  • OSCP: Offensive Security Certified Professional
  • CISSP: Certified Information Systems Security Professional
  • GCIH: GIAC Certified Incident Handler
  • CVA: Certified Vulnerability Assessor
Note: Take a look at our Guide to Cyber Security Certifications for more information and advice.

School Rankings

  • Top Schools
  • Top 18 Online Cybersecurity Bachelors Degrees
  • Top 20 Online Bachelors in IT Degrees
  • Top 30 Online Certificate Programs
  • Top 17 Online Computer Forensics Programs
  • Top 25 Online Masters Degrees


Useful Resources

  • Moving From General IT Jobs Into Cyber
  • Free Online Cyber Security Courses (MOOCs)
  • A Quick Guide to Security Clearances
  • A Guide to Cyber Security Certifications
  • Government Cyber Security Careers
  • Internet Safety for College Students
  • The Big List of Cyber Security Resources
COLLEGE FINDER
Sponsored Schools

Copyright © 2013-2019 · CyberDegrees.org

  • About This Site
  • Privacy Policy
  • Advertise
  • Advertising Policy
  • Sitemap