SFIA Skills: Vulnerability research (VURE)

Develops techniques and tools to analyse and expose vulnerabilities designing new vulnerability discovery techniques.

Plans and leads the organisation’s approach for vulnerability research. Identifies new and emerging threats and vulnerabilities.

Engages with, and influences, relevant stakeholders to communicate results of research and the required response.

Maintains a strong external network. Takes a leading part in external-facing professional activities to facilitate information gathering.

Takes a leading role in the development of the security vulnerability research body of knowledge. Initiates frequent communications with peers in other organisations and in other countries, presents keynote papers at conferences, writes for high impact journals and major clients.

Adopts and adapts vulnerability assessment techniques and tools to be used by others.

Plans and manages vulnerability research activities into new threats, attack vectors, risks and potential solutions.

Assesses and documents the impacts and threats to the organisation. Creates reports and shares knowledge and insights with others.

Maintains a strong external network within own area of specialism.

Gathers information on new and emerging threats and vulnerabilities. Contributes research findings on security vulnerabilities, countermeasures, and mitigations to national and international vulnerability databases.

Specifies requirements for environment, data, resources, techniques and tools to perform vulnerability assessments.

Designs and executes complex vulnerability research activities into new threats, attack vectors, risks and potential solutions.

Reviews test results and modifies tests if necessary. Creates reports to communicate methodology, findings and conclusions.

Makes an active contribution to research communities.

Applies tools, such as disassemblers, debuggers and fuzzers, to the analysis of embedded devices and/or the reverse engineering of hardware or software.

Applies standard techniques and tools for vulnerability research into new threats, attack vectors, risks and potential solutions.

Analyses and reports on research activities and results.

Participates in research communities and uses available resources to maintain current knowledge of malware attacks and other cyber security threats.