Goal templates — Cybersecurity / Information Security — P1
Security · Cybersecurity / Information Security · P1 — Entry-Level Professional
These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.
SMART goals
One row per canon core output / responsibility this level owns.
JFM responsibility (P1)
Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts
- Specific
- Deliver: "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P1)
Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats
- Specific
- Deliver: "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P1)
Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates
- Specific
- Deliver: "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P1)
Executes incident response playbooks under direct guidance, performing prescribed containment steps
- Specific
- Deliver: "Executes incident response playbooks under direct guidance, performing prescribed containment steps"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P1)
Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force
- Specific
- Deliver: "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional.
- Time-bound
- ⟨date⟩
Copy / print as textshow ▾hide ▴
1. Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts [source: JFM responsibility (P1)] Specific: Deliver: "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional. Time-bound: ⟨date⟩ 2. Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats [source: JFM responsibility (P1)] Specific: Deliver: "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional. Time-bound: ⟨date⟩ 3. Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates [source: JFM responsibility (P1)] Specific: Deliver: "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional. Time-bound: ⟨date⟩ 4. Executes incident response playbooks under direct guidance, performing prescribed containment steps [source: JFM responsibility (P1)] Specific: Deliver: "Executes incident response playbooks under direct guidance, performing prescribed containment steps" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional. Time-bound: ⟨date⟩ 5. Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force [source: JFM responsibility (P1)] Specific: Deliver: "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Handles routine problems with standard answers; distinguishes false positives from real threats within defined criteria and escalates anything ambiguous." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P1 — Entry-Level Professional. Time-bound: ⟨date⟩
OKRs
Objectives from this level's core outputs; key results only where a real dimension or capability backs them.
JFM responsibility (P1)
Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts"
- Evidence at this level's scope bar: "Own tasks within a defined component" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P1)
Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats"
- Evidence at this level's autonomy bar: "Close supervision; work reviewed frequently" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P1)
Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates"
- Evidence at this level's complexity bar: "Routine problems with known solutions" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P1)
Executes incident response playbooks under direct guidance, performing prescribed containment steps
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Executes incident response playbooks under direct guidance, performing prescribed containment steps"
- Evidence at this level's impact bar: "Own deliverables" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P1)
Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force"
- Evidence at this level's decision rights bar: "Few independent decisions; escalates the rest" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Objective 1: Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts [source: JFM responsibility (P1)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts" KR2. Evidence at this level's scope bar: "Own tasks within a defined component" — ⟨target⟩ by ⟨date⟩ Objective 2: Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats [source: JFM responsibility (P1)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats" KR2. Evidence at this level's autonomy bar: "Close supervision; work reviewed frequently" — ⟨target⟩ by ⟨date⟩ Objective 3: Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates [source: JFM responsibility (P1)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates" KR2. Evidence at this level's complexity bar: "Routine problems with known solutions" — ⟨target⟩ by ⟨date⟩ Objective 4: Executes incident response playbooks under direct guidance, performing prescribed containment steps [source: JFM responsibility (P1)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Executes incident response playbooks under direct guidance, performing prescribed containment steps" KR2. Evidence at this level's impact bar: "Own deliverables" — ⟨target⟩ by ⟨date⟩ Objective 5: Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force [source: JFM responsibility (P1)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force" KR2. Evidence at this level's decision rights bar: "Few independent decisions; escalates the rest" — ⟨target⟩ by ⟨date⟩
MBO areas
Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.
| Area | Standard | Target | Due |
|---|---|---|---|
| Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts | Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." | ⟨target⟩ | ⟨date⟩ |
| Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats | Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." | ⟨target⟩ | ⟨date⟩ |
| Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates | Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." | ⟨target⟩ | ⟨date⟩ |
| Executes incident response playbooks under direct guidance, performing prescribed containment steps | Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." | ⟨target⟩ | ⟨date⟩ |
| Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force | Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." | ⟨target⟩ | ⟨date⟩ |
Copy / print as textshow ▾hide ▴
1. Area: Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts [source: JFM responsibility (P1) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." Target: ⟨target⟩ Due: ⟨date⟩ 2. Area: Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats [source: JFM responsibility (P1) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." Target: ⟨target⟩ Due: ⟨date⟩ 3. Area: Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates [source: JFM responsibility (P1) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." Target: ⟨target⟩ Due: ⟨date⟩ 4. Area: Executes incident response playbooks under direct guidance, performing prescribed containment steps [source: JFM responsibility (P1) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." Target: ⟨target⟩ Due: ⟨date⟩ 5. Area: Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force [source: JFM responsibility (P1) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies foundational networking, log analysis, and attack-vector knowledge to routine alert triage using standard playbooks and SIEM/EDR dashboards." Target: ⟨target⟩ Due: ⟨date⟩
Scorecard
Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.
Internal process
- "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts"→ ⟨target⟩ by ⟨date⟩
- "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats"→ ⟨target⟩ by ⟨date⟩
- "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates"→ ⟨target⟩ by ⟨date⟩
- "Executes incident response playbooks under direct guidance, performing prescribed containment steps"→ ⟨target⟩ by ⟨date⟩
- "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force"→ ⟨target⟩ by ⟨date⟩
Role calibration
- Meets the scope bar: "Own tasks within a defined component"→ ⟨target⟩ by ⟨date⟩
- Meets the autonomy bar: "Close supervision; work reviewed frequently"→ ⟨target⟩ by ⟨date⟩
- Meets the complexity bar: "Routine problems with known solutions"→ ⟨target⟩ by ⟨date⟩
- Meets the impact bar: "Own deliverables"→ ⟨target⟩ by ⟨date⟩
- Meets the decision rights bar: "Few independent decisions; escalates the rest"→ ⟨target⟩ by ⟨date⟩
- Meets the leadership bar: "None — building the craft"→ ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Internal process - "Monitors SIEM dashboards (Splunk, Microsoft Sentinel, QRadar) for suspicious activity and works the high-volume Tier 1 alert queue under close supervision of senior analysts" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P1)] - "Triages and investigates alerts, examining and correlating activity across endpoints, networks, and cloud environments to distinguish false positives from real threats" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P1)] - "Escalates confirmed threats to senior analysts and documents findings in ServiceNow/Jira tickets following standard templates" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P1)] - "Executes incident response playbooks under direct guidance, performing prescribed containment steps" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P1)] - "Builds foundational networking and log-analysis fluency (TCP/IP, DNS, common ports, EDR telemetry) to recognize common attack vectors such as phishing, malware, and brute force" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P1)] Role calibration - Meets the scope bar: "Own tasks within a defined component" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Scope)] - Meets the autonomy bar: "Close supervision; work reviewed frequently" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Autonomy)] - Meets the complexity bar: "Routine problems with known solutions" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Complexity)] - Meets the impact bar: "Own deliverables" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Impact)] - Meets the decision rights bar: "Few independent decisions; escalates the rest" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Decision rights)] - Meets the leadership bar: "None — building the craft" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Leadership)]