Security Assessment and Testing

Conduct threat modelling, vulnerability assessment and penetration testing to reveal vulnerabilities or lapses in the existing systems or security mechanisms and evaluate the extent to which systems are able to protect the organisation's data and maintain functionality as intended



Competency Area

Operations and User Support


Execute vulnerability scans and conduct research on exploitation of system vulnerabilities, to identify security lapses

Perform technical coordination of vulnerability assessments and penetration testing according to test plan templates

Execute vulnerability scans on smaller systems, using basic vulnerability assessment tools and tests

Document the results of security assessments and tests, according to test plan guidelines

Identify security lapses in the system or security mechanisms, based on issues documented from vulnerability scan results

Record evidence of controls which are inadequate or not duly enforced

Conduct research on threat actors, their techniques and ways in which vulnerabilities in security systems can be exploited

Conduct authorised penetration testing of systems and to expose threats, vulnerabilities and potential attack vectors

Carry out threat modelling and secured source code review

Conduct authorised penetration testing of systems consisting of a range of penetration testing methodologies, tools and techniques

Use a suite of network monitoring and vulnerability scanning tools to assess the threats and vulnerabilities in a system

Identify vulnerability exploitations and potential attack vectors into a system

Analyse vulnerability scan results to size and assess security loopholes and threats

Evaluate if current systems can overcome emerging threats and hacking techniques

Assess current security practices and controls against expected performance parameters or guidelines

Develop a vulnerability assessment and penetration testing report, highlighting key threats and areas for improving system security

Design security testing plan, and perform advanced, authorised penetration testing and analyse cyber attacks

Design security testing plan and evaluation criteria for vulnerability assessments and penetration testing activities

Manage the implementation of vulnerability assessments and penetration testing activities, in line with the organisation-wide strategy

Implement advanced threat modelling and source code review techniques

Conduct advanced, authorised penetration testing of highly complex and secure systems

Analyse patterns in incident data to identify new and emerging trends in vulnerability exploitation and hacking techniques

Lead advanced analysis of intrusion signatures, techniques, and procedures associated with cyber attacks

Determine hacking techniques and attacks that the organisation's systems are most vulnerable to

Refine test plan templates to model after new and advanced hacking actions

Authorise and establish organisation guidelines and strategies for security testing, and determine the future-readiness

Establish organisation guidelines and methodologies for the design and conduct of vulnerability assessments and penetration testing activities

Lead security reviews, specifying the IT systems, applications, processes, people to be assessed

Develop comprehensive criteria for assessing the effectiveness of security mechanisms and controls

Develop implementation strategies for vulnerability and penetration testing activities to ensure organisation-wide consistent of information security plans

Authorise penetration testing activities on organisation's systems, in line with business priorities and security requirements

Synthesise key organisational implications from vulnerability assessment and penetration testing reports

Evaluate the future- readiness of the organisation's security posture in light of the organisation's mission and the changing technological environment