Vulnerability Management is the management of the configuration of protected systems to ensure that any vulnerabilities are understood and managed.
Vulnerability Management is an essential role in any organisation. Depending on the size of an organisation, this role could be working individually or as part of a larger vulnerability management or cyber security team.
At the junior level in Vulnerability Management responsibilities could include:
With more experience, these responsibilities may include:
Vulnerability Management protects information systems and assets by identifying and closing off vulnerabilities in devices, systems and networks.
In detail, you may:
For Vulnerability Management roles, titles include:
For more experienced Vulnerability Management roles, titles include:
A Vulnerability Management role could earn between £30,000 and £70,000. The median figure in March 2021 was £39,000.
A senior Vulnerability Management role could earn between £50,000 and £95,000. The median figure in March 2021 was £68,000.
These figures are dominated by the salaries for jobs in the large cities in the UK; salaries elsewhere may be lower.
The salary ranges are based on job vacancy advertisements published online in March 2021. Median salary figures are taken from calculations performed by www.itjobswatch.co.uk.
Each of the 16 specialisms are based on knowledge areas within CyBOK.
More information on CyBOK knowledge areas can be found here.
Here are the knowledge areas associated with Cyber Security Governance & Risk Management
Core knowledge – you will need a very good understanding of these areas
The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.
Issues related to web applications and services distributed across devices and frameworks, including the diverse programming paradigms and protection models.
Related knowledge – you will need a solid understanding of these areas
Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.
The motivations, behaviours and methods used by attackers, including malware supply chains, attack vectors, and money transfers.
Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security.
Wider knowledge – these areas will help to provide context for your work
Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.
CIISec Skills Groups* (additional Skills Groups may also be relevant to particular jobs)
E2 – Secure Operations & Service Delivery
F1 – Intrusion Detection and Analysis
*Non-Commercial - No Derivatives (BY-NC-ND) license. 2021 Copyright © The Chartered Institute of Information Security. All rights reserved. Chartered Institute of Information Security®, CIISec. Chartered Institute of Information Security®, CIISec®, AfCIIS®, ACIIS®, MCIIS®, FCIIS® and the CIISec graphic logo are trademarks owned by The Chartered Institute of Information Security and may be used only with express permission of CIISec.
Any role which carries out research, closely analyses a situation or event, and shares findings with colleagues may provide a foundation, with additional specialist training, for moving into Vulnerability Management.
Such roles include:
From a role in Vulnerability Management, you might move into another cyber security specialism, such as:
With experience, you may become a Senior Vulnerability Manager or Analyst.
Our qualifications framework is currently under development. Sign up to our newsletter here to be notified when this is published.
Entry route information can be found here.
You can also visit the National Cyber Security Centre website at the links below: