Cyberspace EffectsDCWF 121

Exploitation Analyst

Identifies access and collection gaps and applies authorized analytic techniques to penetrate targeted networks in support of cyber operations.

Also seen as: Cyber Exploitation Analyst

Baseline certifications for this role

These certifications are accepted foundational options for the Exploitation Analyst work role in our seed mapping. Open a cert for full detail, or jump straight to exam-ready practice.

PT0-003CompTIA
CompTIA PenTest+
Details Practice
CEHEC-Council
EC-Council CEH
Details Practice
CS0-003CompTIA
CompTIA CySA+
Details Practice
CAS-005CompTIA
CompTIA SecurityX (formerly CASP+)
Details Practice

Proficiency levels — what changes

Moving Basic to Advanced shifts from running known exploitation tooling and assisting access development to independently engineering novel access vectors and leading collection-gap analysis against hardened targets.

Basic

Demonstrates foundational knowledge of the work role's tasks. Entry-level qualification options apply.

Intermediate

Contributes to and applies the work role's tasks with growing independence.

Advanced

Develops, reviews, and approves the work role's tasks. A cascading rule applies: an option that qualifies at a higher proficiency level also qualifies at the lower levels.

Exploitation Analyst & DoD 8140 — FAQ

What certification do I need for DCWF Exploitation Analyst 121?

CompTIA PenTest+ is the cleanly-mapped baseline for work role 121, with CEH, CySA+, and SecurityX (CASP+) as additional accepted options across the proficiency band. Final accepted certs should be confirmed against the cyber.mil Foundational Qualification Matrix v2.1.

Is Exploitation Analyst an offensive cyber role?

Yes. It sits in the Cyberspace Effects element and focuses on penetrating targeted networks to satisfy access and collection requirements, which is why offensive certifications like PenTest+ and CEH apply.