Cybersecurity / Information Security — P2

Goal templates — Cybersecurity / Information Security — P2

Security · Cybersecurity / Information Security · P2 — Developing Professional

These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.

SMART goals

One row per canon core output / responsibility this level owns.

JFM responsibility (P2)

Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations

Specific
Deliver: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
Relevant
Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
Time-bound
⟨date⟩

JFM responsibility (P2)

Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives

Specific
Deliver: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
Relevant
Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
Time-bound
⟨date⟩

JFM responsibility (P2)

Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources

Specific
Deliver: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
Relevant
Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
Time-bound
⟨date⟩

JFM responsibility (P2)

Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction

Specific
Deliver: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
Relevant
Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
Time-bound
⟨date⟩

JFM responsibility (P2)

Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework

Specific
Deliver: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
Relevant
Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
Time-bound
⟨date⟩
Copy / print as textshow ▾
1. Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations  [source: JFM responsibility (P2)]
   Specific:    Deliver: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
   Relevant:    Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
   Time-bound:  ⟨date⟩

2. Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives  [source: JFM responsibility (P2)]
   Specific:    Deliver: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
   Relevant:    Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
   Time-bound:  ⟨date⟩

3. Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources  [source: JFM responsibility (P2)]
   Specific:    Deliver: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
   Relevant:    Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
   Time-bound:  ⟨date⟩

4. Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction  [source: JFM responsibility (P2)]
   Specific:    Deliver: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
   Relevant:    Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
   Time-bound:  ⟨date⟩

5. Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework  [source: JFM responsibility (P2)]
   Specific:    Deliver: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Exercises moderate judgment to investigate beyond triage, tune detection rules, and map behavior to MITRE ATT&CK following defined procedures."
   Relevant:    Advances the Security · Cybersecurity / Information Security mandate for a P2 — Developing Professional.
   Time-bound:  ⟨date⟩

OKRs

Objectives from this level's core outputs; key results only where a real dimension or capability backs them.

JFM responsibility (P2)

Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
  • Evidence at this level's scope bar: "Defined deliverables / small features" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P2)

Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
  • Evidence at this level's autonomy bar: "General supervision; reviewed at milestones" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P2)

Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
  • Evidence at this level's complexity bar: "Some non-routine problems; applies established patterns" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P2)

Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
  • Evidence at this level's impact bar: "Own and immediate-team deliverables" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P2)

Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
  • Evidence at this level's decision rights bar: "Routine technical choices within guidance" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾
Objective 1: Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations  [source: JFM responsibility (P2)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"
  KR2. Evidence at this level's scope bar: "Defined deliverables / small features" — ⟨target⟩ by ⟨date⟩

Objective 2: Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives  [source: JFM responsibility (P2)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"
  KR2. Evidence at this level's autonomy bar: "General supervision; reviewed at milestones" — ⟨target⟩ by ⟨date⟩

Objective 3: Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources  [source: JFM responsibility (P2)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"
  KR2. Evidence at this level's complexity bar: "Some non-routine problems; applies established patterns" — ⟨target⟩ by ⟨date⟩

Objective 4: Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction  [source: JFM responsibility (P2)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"
  KR2. Evidence at this level's impact bar: "Own and immediate-team deliverables" — ⟨target⟩ by ⟨date⟩

Objective 5: Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework  [source: JFM responsibility (P2)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"
  KR2. Evidence at this level's decision rights bar: "Routine technical choices within guidance" — ⟨target⟩ by ⟨date⟩

MBO areas

Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.

AreaStandardTargetDue
Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalationsConsistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."⟨target⟩⟨date⟩
Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positivesConsistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."⟨target⟩⟨date⟩
Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sourcesConsistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."⟨target⟩⟨date⟩
Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instructionConsistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."⟨target⟩⟨date⟩
Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK frameworkConsistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."⟨target⟩⟨date⟩
Copy / print as textshow ▾
1. Area: Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations  [source: JFM responsibility (P2) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."
   Target:   ⟨target⟩   Due: ⟨date⟩

2. Area: Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives  [source: JFM responsibility (P2) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."
   Target:   ⟨target⟩   Due: ⟨date⟩

3. Area: Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources  [source: JFM responsibility (P2) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."
   Target:   ⟨target⟩   Due: ⟨date⟩

4. Area: Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction  [source: JFM responsibility (P2) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."
   Target:   ⟨target⟩   Due: ⟨date⟩

5. Area: Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework  [source: JFM responsibility (P2) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies threat-intelligence-informed detection knowledge and SPL/dashboard skills to investigate escalations and improve detection logic in familiar contexts."
   Target:   ⟨target⟩   Due: ⟨date⟩

Scorecard

Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.

Internal process

  • "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"⟨target⟩ by ⟨date⟩
  • "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"⟨target⟩ by ⟨date⟩
  • "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"⟨target⟩ by ⟨date⟩
  • "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"⟨target⟩ by ⟨date⟩
  • "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"⟨target⟩ by ⟨date⟩

Role calibration

  • Meets the scope bar: "Defined deliverables / small features"⟨target⟩ by ⟨date⟩
  • Meets the autonomy bar: "General supervision; reviewed at milestones"⟨target⟩ by ⟨date⟩
  • Meets the complexity bar: "Some non-routine problems; applies established patterns"⟨target⟩ by ⟨date⟩
  • Meets the impact bar: "Own and immediate-team deliverables"⟨target⟩ by ⟨date⟩
  • Meets the decision rights bar: "Routine technical choices within guidance"⟨target⟩ by ⟨date⟩
  • Meets the leadership bar: "May guide interns"⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾
Internal process
  - "Reviews access logs and analyzes phishing emails, conducting genuine investigation beyond initial triage on Tier 2 escalations"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P2)]
  - "Designs and implements threat-led detection logic and rules informed by threat intelligence, then maintains and optimizes existing detection rules to reduce false positives"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P2)]
  - "Develops analytical techniques and SPL searches/dashboards to identify incidents more efficiently across data sources"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P2)]
  - "Audits security controls, supports vulnerability remediation, and assists with compliance checks under general instruction"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P2)]
  - "Mentors junior Tier 1 analysts, delegates routine alert-handling, and maps observed adversary behavior to the MITRE ATT&CK framework"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P2)]

Role calibration
  - Meets the scope bar: "Defined deliverables / small features"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Scope)]
  - Meets the autonomy bar: "General supervision; reviewed at milestones"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Autonomy)]
  - Meets the complexity bar: "Some non-routine problems; applies established patterns"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Complexity)]
  - Meets the impact bar: "Own and immediate-team deliverables"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Impact)]
  - Meets the decision rights bar: "Routine technical choices within guidance"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Decision rights)]
  - Meets the leadership bar: "May guide interns"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Leadership)]
Cybersecurity / Information Security — P2 · P2 — Developing Professional — goal templates — People Analytics Toolbox