Goal templates — Cybersecurity / Information Security — P2
Security · Cybersecurity / Information Security · P2 — Developing Professional
These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.
SMART goals
One row per canon core output / responsibility this level owns.
JFM responsibility (P2)
Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations
- Specific
- Deliver: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P2)
Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives
- Specific
- Deliver: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P2)
Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources
- Specific
- Deliver: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P2)
Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction
- Specific
- Deliver: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P2)
Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework
- Specific
- Deliver: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
- Time-bound
- ⟨date⟩
Copy / print as textshow ▾hide ▴
1. Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations [source: JFM responsibility (P2)] Specific: Deliver: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional. Time-bound: ⟨date⟩ 2. Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives [source: JFM responsibility (P2)] Specific: Deliver: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional. Time-bound: ⟨date⟩ 3. Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources [source: JFM responsibility (P2)] Specific: Deliver: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional. Time-bound: ⟨date⟩ 4. Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction [source: JFM responsibility (P2)] Specific: Deliver: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional. Time-bound: ⟨date⟩ 5. Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework [source: JFM responsibility (P2)] Specific: Deliver: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional. Time-bound: ⟨date⟩
OKRs
Objectives from this level's core outputs; key results only where a real dimension or capability backs them.
JFM responsibility (P2)
Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
- Evidence at this level's scope bar: "Defined deliverables / small features" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P2)
Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
- Evidence at this level's autonomy bar: "General supervision; reviewed at milestones" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P2)
Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
- Evidence at this level's complexity bar: "Some non-routine problems; applies established patterns" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P2)
Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
- Evidence at this level's impact bar: "Own and immediate-team deliverables" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P2)
Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
- Evidence at this level's decision rights bar: "Routine technical choices within guidance" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Objective 1: Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations [source: JFM responsibility (P2)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations" KR2. Evidence at this level's scope bar: "Defined deliverables / small features" — ⟨target⟩ by ⟨date⟩ Objective 2: Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives [source: JFM responsibility (P2)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives" KR2. Evidence at this level's autonomy bar: "General supervision; reviewed at milestones" — ⟨target⟩ by ⟨date⟩ Objective 3: Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources [source: JFM responsibility (P2)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources" KR2. Evidence at this level's complexity bar: "Some non-routine problems; applies established patterns" — ⟨target⟩ by ⟨date⟩ Objective 4: Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction [source: JFM responsibility (P2)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction" KR2. Evidence at this level's impact bar: "Own and immediate-team deliverables" — ⟨target⟩ by ⟨date⟩ Objective 5: Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework [source: JFM responsibility (P2)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework" KR2. Evidence at this level's decision rights bar: "Routine technical choices within guidance" — ⟨target⟩ by ⟨date⟩
MBO areas
Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.
| Area | Standard | Target | Due |
|---|---|---|---|
| Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations | Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." | ⟨target⟩ | ⟨date⟩ |
| Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives | Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." | ⟨target⟩ | ⟨date⟩ |
| Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources | Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." | ⟨target⟩ | ⟨date⟩ |
| Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction | Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." | ⟨target⟩ | ⟨date⟩ |
| Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework | Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." | ⟨target⟩ | ⟨date⟩ |
Copy / print as textshow ▾hide ▴
1. Area: Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations [source: JFM responsibility (P2) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." Target: ⟨target⟩ Due: ⟨date⟩ 2. Area: Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives [source: JFM responsibility (P2) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." Target: ⟨target⟩ Due: ⟨date⟩ 3. Area: Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources [source: JFM responsibility (P2) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." Target: ⟨target⟩ Due: ⟨date⟩ 4. Area: Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction [source: JFM responsibility (P2) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." Target: ⟨target⟩ Due: ⟨date⟩ 5. Area: Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework [source: JFM responsibility (P2) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts." Target: ⟨target⟩ Due: ⟨date⟩
Scorecard
Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.
Internal process
- "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"→ ⟨target⟩ by ⟨date⟩
- "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"→ ⟨target⟩ by ⟨date⟩
- "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"→ ⟨target⟩ by ⟨date⟩
- "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"→ ⟨target⟩ by ⟨date⟩
- "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"→ ⟨target⟩ by ⟨date⟩
Role calibration
- Meets the scope bar: "Defined deliverables / small features"→ ⟨target⟩ by ⟨date⟩
- Meets the autonomy bar: "General supervision; reviewed at milestones"→ ⟨target⟩ by ⟨date⟩
- Meets the complexity bar: "Some non-routine problems; applies established patterns"→ ⟨target⟩ by ⟨date⟩
- Meets the impact bar: "Own and immediate-team deliverables"→ ⟨target⟩ by ⟨date⟩
- Meets the decision rights bar: "Routine technical choices within guidance"→ ⟨target⟩ by ⟨date⟩
- Meets the leadership bar: "May guide interns"→ ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Internal process - "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P2)] - "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P2)] - "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P2)] - "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P2)] - "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P2)] Role calibration - Meets the scope bar: "Defined deliverables / small features" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Scope)] - Meets the autonomy bar: "General supervision; reviewed at milestones" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Autonomy)] - Meets the complexity bar: "Some non-routine problems; applies established patterns" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Complexity)] - Meets the impact bar: "Own and immediate-team deliverables" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Impact)] - Meets the decision rights bar: "Routine technical choices within guidance" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Decision rights)] - Meets the leadership bar: "May guide interns" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Leadership)]