Skill-Profil

Vulnerability Management

Scanning, prioritization, SLA, patch management, CVSS, remediation tracking

Security Incident Response

Rollen

wo dieser Skill vorkommt

Stufen

strukturierter Entwicklungspfad

Pflichtanforderungen

die anderen 7 optional

Domäne

Security

skills.group

Incident Response

Zuletzt aktualisiert

17.3.2026

Verwendung

Wählen Sie Ihr aktuelles Level und vergleichen Sie die Erwartungen.

Was wird auf jedem Level erwartet

Die Tabelle zeigt, wie die Tiefe von Junior bis Principal wächst.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Understands basic Vulnerability Management concepts. Follows security guidelines. Recognizes typical code vulnerabilities.
DevSecOps Engineer	Pflicht	Studies vulnerability management process: scanning, prioritization, patching. Runs Nessus/OpenVAS for basic infrastructure scanning. Understands CVSS scoring and vulnerability classification. Tracks CVEs in NVD. Creates tickets for vulnerability remediation with description and fix guidance.
Network Engineer		Knows basic vulnerability management concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.
Penetration Testing Engineer	Pflicht	Understands basic Vulnerability Management concepts. Follows security guidelines. Recognizes common vulnerabilities in code.
QA Security Engineer		Works with vulnerability management: creates and tracks vulnerability reports, understands CVSS scoring, monitors remediation status. Uses Jira/DefectDojo.
Security Analyst	Pflicht	Understands basic Vulnerability Management concepts. Follows security guidelines. Recognizes common code vulnerabilities.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Manages vulnerability lifecycle from discovery to remediation in application environments. Conducts security code reviews to validate and classify identified vulnerabilities. Uses vulnerability scanners and tracking tools to maintain accurate inventory of application security issues.
DevSecOps Engineer	Pflicht	Introduces regular vulnerability scanning for all infrastructure through Qualys/Rapid7 InsightVM. Configures remediation SLAs: Critical 24h, High 7d, Medium 30d. Integrates scan results with Jira for automated ticket creation. Builds dashboards with vulnerability trends.
Network Engineer		Confidently applies vulnerability management for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.
Penetration Testing Engineer	Pflicht	Discovers and validates vulnerabilities through penetration testing and exploitation. Assesses vulnerability severity using CVSS scoring and real-world exploitability analysis. Uses vulnerability management platforms to track findings and verify remediation effectiveness across tested systems.
QA Security Engineer		Manages vulnerability lifecycle: triage, prioritization (CVSS + context), SLA tracking, verification of fixes. Configures DefectDojo/vulnerability tracker. Generates reports.
Security Analyst	Pflicht	Triages and prioritizes vulnerabilities based on risk scoring, asset criticality, and threat context. Monitors vulnerability feeds and correlates with organizational exposure. Uses vulnerability management platforms to generate remediation reports and track SLA compliance across teams.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Designs security solutions with Vulnerability Management. Conducts threat modeling. Implements security practices in SDLC. Mentors the team.
DevSecOps Engineer	Pflicht	Designs Vulnerability Management program with risk-based prioritization. Introduces Threat Intelligence enrichment (EPSS, CISA KEV) for contextual risk assessment. Configures automated remediation for common vulnerabilities. Integrates VM with CMDB for asset-aware prioritization. Conducts Red Team assessments.
Network Engineer		Expertly applies vulnerability management for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.
Penetration Testing Engineer	Pflicht	Designs vulnerability assessment methodologies combining automated scanning with manual exploitation. Conducts threat modeling to prioritize vulnerability discovery in high-risk areas. Integrates penetration testing results into vulnerability management workflows. Mentors team on vulnerability validation techniques.
QA Security Engineer	Pflicht	Designs vulnerability management program: risk-based prioritization (EPSS, threat intelligence), automated scanning pipeline, metrics (mean time to remediate). Integrates with SIEM.
Security Analyst	Pflicht	Designs comprehensive vulnerability management programs with risk-based prioritization frameworks. Conducts threat modeling to map vulnerability exposure across organizational assets. Integrates vulnerability data into security operations for proactive risk mitigation. Mentors analysts on advanced triage and remediation tracking.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Defines organization-wide vulnerability management strategy for application security. Establishes remediation policies, SLAs, and escalation procedures for critical vulnerabilities. Coordinates cross-team vulnerability response and drives adoption of shift-left practices. Trains engineering teams on vulnerability lifecycle management.
DevSecOps Engineer	Pflicht	Defines Vulnerability Management strategy for the organization. Manages VM program with CISO and board reporting. Builds maturity metrics: coverage, SLA compliance, mean time to remediate. Coordinates vulnerability disclosure program. Integrates VM with GRC platform.
Network Engineer		Establishes vulnerability management standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.
Penetration Testing Engineer	Pflicht	Defines vulnerability discovery strategy integrating penetration testing with continuous scanning programs. Establishes severity classification policies and validation standards for reported vulnerabilities. Coordinates red team assessments feeding into vulnerability management processes. Trains pentest engineers on systematic vulnerability analysis.
QA Security Engineer	Pflicht	Defines vulnerability management standards: SLA per severity, triage process, escalation policy. Coordinates vulnerability response. Implements vulnerability metrics and reporting.
Security Analyst	Pflicht	Defines vulnerability management program strategy with risk-based metrics and executive reporting. Establishes vulnerability triage policies, remediation SLAs, and exception management processes. Coordinates organization-wide vulnerability response during zero-day events. Trains security analysts on vulnerability intelligence and prioritization.

Rolle	Pflicht	Beschreibung
Application Security Engineer	Pflicht	Defines enterprise vulnerability management architecture spanning all application platforms and cloud environments. Shapes vulnerability remediation strategy aligned with business risk appetite and regulatory requirements. Coordinates with vendors and industry bodies on vulnerability disclosure. Drives vulnerability management standards adoption.
DevSecOps Engineer	Pflicht	Architecturally designs corporate Vulnerability Management program as part of Cyber Risk Management. Defines Exposure Management strategy unifying VM, ASM, CSPM. Develops risk quantification model for vulnerabilities. Influences organizational security budget and investment.
Network Engineer		Shapes vulnerability management strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.
Penetration Testing Engineer	Pflicht	Defines enterprise offensive security strategy feeding vulnerability management across all systems and platforms. Shapes vulnerability assessment architecture combining internal red team and external testing at scale. Coordinates responsible disclosure programs with vendors and CERTs. Represents the organization in vulnerability research community.
QA Security Engineer	Pflicht	Designs organizational vulnerability management: unified vulnerability platform, risk-based prioritization, automated remediation. Defines vulnerability governance and continuous improvement.
Security Analyst	Pflicht	Defines enterprise vulnerability governance strategy with board-level risk reporting and compliance alignment. Shapes vulnerability intelligence architecture integrating internal and external threat data at scale. Coordinates with regulators and industry consortiums on vulnerability management frameworks. Drives organizational resilience through proactive vulnerability programs.

Junior 6 Anforderungen

Application Security Engineer
Pflicht

Understands basic Vulnerability Management concepts. Follows security guidelines. Recognizes typical code vulnerabilities.
DevSecOps Engineer
Pflicht

Studies vulnerability management process: scanning, prioritization, patching. Runs Nessus/OpenVAS for basic infrastructure scanning. Understands CVSS scoring and vulnerability classification. Tracks CVEs in NVD. Creates tickets for vulnerability remediation with description and fix guidance.
Network Engineer

Knows basic vulnerability management concepts for network engineering and can apply them in typical tasks. Uses standard tools and follows established team practices. Understands when and why this approach is used.

Middle 6 Anforderungen

Application Security Engineer
Pflicht

Manages vulnerability lifecycle from discovery to remediation in application environments. Conducts security code reviews to validate and classify identified vulnerabilities. Uses vulnerability scanners and tracking tools to maintain accurate inventory of application security issues.
DevSecOps Engineer
Pflicht

Introduces regular vulnerability scanning for all infrastructure through Qualys/Rapid7 InsightVM. Configures remediation SLAs: Critical 24h, High 7d, Medium 30d. Integrates scan results with Jira for automated ticket creation. Builds dashboards with vulnerability trends.
Network Engineer

Confidently applies vulnerability management for network engineering in non-standard tasks. Independently selects the optimal approach and tools. Analyzes trade-offs and proposes improvements to existing solutions.

Senior 6 Anforderungen

Application Security Engineer
Pflicht

Designs security solutions with Vulnerability Management. Conducts threat modeling. Implements security practices in SDLC. Mentors the team.
DevSecOps Engineer
Pflicht

Designs Vulnerability Management program with risk-based prioritization. Introduces Threat Intelligence enrichment (EPSS, CISA KEV) for contextual risk assessment. Configures automated remediation for common vulnerabilities. Integrates VM with CMDB for asset-aware prioritization. Conducts Red Team assessments.
Network Engineer

Expertly applies vulnerability management for network engineering to design complex systems. Optimizes existing solutions and prevents architectural mistakes. Conducts code reviews and trains colleagues on best practices.

Lead / Staff 6 Anforderungen

Application Security Engineer
Pflicht

Defines organization-wide vulnerability management strategy for application security. Establishes remediation policies, SLAs, and escalation procedures for critical vulnerabilities. Coordinates cross-team vulnerability response and drives adoption of shift-left practices. Trains engineering teams on vulnerability lifecycle management.
DevSecOps Engineer
Pflicht

Defines Vulnerability Management strategy for the organization. Manages VM program with CISO and board reporting. Builds maturity metrics: coverage, SLA compliance, mean time to remediate. Coordinates vulnerability disclosure program. Integrates VM with GRC platform.
Network Engineer

Establishes vulnerability management standards for the network engineering team and makes architectural decisions. Defines the technical roadmap incorporating this skill. Mentors senior engineers and influences practices of adjacent teams.

Principal 6 Anforderungen

Application Security Engineer
Pflicht

Defines enterprise vulnerability management architecture spanning all application platforms and cloud environments. Shapes vulnerability remediation strategy aligned with business risk appetite and regulatory requirements. Coordinates with vendors and industry bodies on vulnerability disclosure. Drives vulnerability management standards adoption.
DevSecOps Engineer
Pflicht

Architecturally designs corporate Vulnerability Management program as part of Cyber Risk Management. Defines Exposure Management strategy unifying VM, ASM, CSPM. Develops risk quantification model for vulnerabilities. Influences organizational security budget and investment.
Network Engineer

Shapes vulnerability management strategy for network engineering at the organizational level. Defines best practices and influences technology choices beyond their own team. Is a recognized expert in this area.

Penetration Testing Engineer
Pflicht

Defines enterprise offensive security strategy feeding vulnerability management across all systems and platforms. Shapes vulnerability assessment architecture combining internal red team and external testing at scale. Coordinates responsible disclosure programs with vendors and CERTs. Represents the organization in vulnerability research community.
QA Security Engineer
Pflicht

Designs organizational vulnerability management: unified vulnerability platform, risk-based prioritization, automated remediation. Defines vulnerability governance and continuous improvement.
Security Analyst
Pflicht

Defines enterprise vulnerability governance strategy with board-level risk reporting and compliance alignment. Shapes vulnerability intelligence architecture integrating internal and external threat data at scale. Coordinates with regulators and industry consortiums on vulnerability management frameworks. Drives organizational resilience through proactive vulnerability programs.

Community

👁 Beobachten ✏️ Aenderung vorschlagen

Kommentare werden geladen...