Goal templates — Cybersecurity / Information Security — P3
Security · Cybersecurity / Information Security · P3 — Mid-Level Professional
These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.
SMART goals
One row per canon core output / responsibility this level owns.
JFM responsibility (P3)
Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation
- Specific
- Deliver: "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry
- Specific
- Deliver: "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency
- Specific
- Deliver: "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance
- Specific
- Deliver: "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership
- Specific
- Deliver: "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review."
- Relevant
- Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
Copy / print as textshow ▾hide ▴
1. Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation [source: JFM responsibility (P3)] Specific: Deliver: "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 2. Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry [source: JFM responsibility (P3)] Specific: Deliver: "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 3. Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency [source: JFM responsibility (P3)] Specific: Deliver: "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 4. Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance [source: JFM responsibility (P3)] Specific: Deliver: "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 5. Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership [source: JFM responsibility (P3)] Specific: Deliver: "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to drive end-to-end response, root-cause analysis, and detection-engineering decisions with milestone review." Relevant: Advances the Security · Cybersecurity / Information Security mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩
OKRs
Objectives from this level's core outputs; key results only where a real dimension or capability backs them.
JFM responsibility (P3)
Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation"
- Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry"
- Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency"
- Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance"
- Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership"
- Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Objective 1: Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation" KR2. Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩ Objective 2: Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry" KR2. Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩ Objective 3: Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency" KR2. Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩ Objective 4: Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance" KR2. Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩ Objective 5: Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership" KR2. Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩
MBO areas
Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.
| Area | Standard | Target | Due |
|---|---|---|---|
| Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation | Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." | ⟨target⟩ | ⟨date⟩ |
| Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry | Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." | ⟨target⟩ | ⟨date⟩ |
| Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency | Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." | ⟨target⟩ | ⟨date⟩ |
| Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance | Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." | ⟨target⟩ | ⟨date⟩ |
| Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership | Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." | ⟨target⟩ | ⟨date⟩ |
Copy / print as textshow ▾hide ▴
1. Area: Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." Target: ⟨target⟩ Due: ⟨date⟩ 2. Area: Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." Target: ⟨target⟩ Due: ⟨date⟩ 3. Area: Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." Target: ⟨target⟩ Due: ⟨date⟩ 4. Area: Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." Target: ⟨target⟩ Due: ⟨date⟩ 5. Area: Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies diverse incident response, threat hunting, and SOAR automation expertise across endpoint, network, and cloud with day-to-day independence." Target: ⟨target⟩ Due: ⟨date⟩
Scorecard
Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.
Internal process
- "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation"→ ⟨target⟩ by ⟨date⟩
- "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry"→ ⟨target⟩ by ⟨date⟩
- "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency"→ ⟨target⟩ by ⟨date⟩
- "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance"→ ⟨target⟩ by ⟨date⟩
- "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership"→ ⟨target⟩ by ⟨date⟩
Role calibration
- Meets the scope bar: "Features or a sub-system end-to-end"→ ⟨target⟩ by ⟨date⟩
- Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard"→ ⟨target⟩ by ⟨date⟩
- Meets the complexity bar: "Diverse problems; adapts existing approaches"→ ⟨target⟩ by ⟨date⟩
- Meets the impact bar: "Project / team outcomes"→ ⟨target⟩ by ⟨date⟩
- Meets the decision rights bar: "Owns implementation decisions for own scope"→ ⟨target⟩ by ⟨date⟩
- Meets the leadership bar: "Mentors juniors informally"→ ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Internal process - "Monitors and responds to incidents end-to-end with day-to-day independence, performing root-cause analysis and driving containment and remediation" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Conducts proactive threat hunting and in-depth investigations, including initial malware analysis, across endpoint, network, and cloud telemetry" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Builds detection and SOAR automation workflows (Cortex XSOAR, Splunk SOAR, Python/PowerShell) to improve SOC efficiency" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Authors and tunes detection rules and incident response playbooks, optimizing data models, CIM mapping, and search performance" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Coordinates investigation activities with peers and communicates findings and recommended actions to SOC leadership" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] Role calibration - Meets the scope bar: "Features or a sub-system end-to-end" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Scope)] - Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Autonomy)] - Meets the complexity bar: "Diverse problems; adapts existing approaches" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Complexity)] - Meets the impact bar: "Project / team outcomes" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Impact)] - Meets the decision rights bar: "Owns implementation decisions for own scope" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Decision rights)] - Meets the leadership bar: "Mentors juniors informally" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Leadership)]