Goal templates — Incident Response — P4
Security · Incident Response · P4 — Senior Professional
These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.
SMART goals
One row per canon core output / responsibility this level owns.
JFM responsibility (P4)
Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems.
- Specific
- Deliver: "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems."
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain."
- Relevant
- Advances the Security · Incident Response mandate for a P4 — Senior Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P4)
Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment.
- Specific
- Deliver: "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment."
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain."
- Relevant
- Advances the Security · Incident Response mandate for a P4 — Senior Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P4)
Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response.
- Specific
- Deliver: "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response."
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain."
- Relevant
- Advances the Security · Incident Response mandate for a P4 — Senior Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P4)
Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns.
- Specific
- Deliver: "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns."
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain."
- Relevant
- Advances the Security · Incident Response mandate for a P4 — Senior Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P4)
Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption.
- Specific
- Deliver: "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption."
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain."
- Relevant
- Advances the Security · Incident Response mandate for a P4 — Senior Professional.
- Time-bound
- ⟨date⟩
Copy / print as textshow ▾hide ▴
1. Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems. [source: JFM responsibility (P4)] Specific: Deliver: "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems." Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain." Relevant: Advances the Security · Incident Response mandate for a P4 — Senior Professional. Time-bound: ⟨date⟩ 2. Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment. [source: JFM responsibility (P4)] Specific: Deliver: "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment." Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain." Relevant: Advances the Security · Incident Response mandate for a P4 — Senior Professional. Time-bound: ⟨date⟩ 3. Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response. [source: JFM responsibility (P4)] Specific: Deliver: "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response." Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain." Relevant: Advances the Security · Incident Response mandate for a P4 — Senior Professional. Time-bound: ⟨date⟩ 4. Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns. [source: JFM responsibility (P4)] Specific: Deliver: "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns." Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain." Relevant: Advances the Security · Incident Response mandate for a P4 — Senior Professional. Time-bound: ⟨date⟩ 5. Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption. [source: JFM responsibility (P4)] Specific: Deliver: "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption." Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Performs in-depth analysis of complex variables — reconstructing attack paths, persistence, and data exposure across affected assets where outcomes are uncertain." Relevant: Advances the Security · Incident Response mandate for a P4 — Senior Professional. Time-bound: ⟨date⟩
OKRs
Objectives from this level's core outputs; key results only where a real dimension or capability backs them.
JFM responsibility (P4)
Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems.
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems."
- Evidence at this level's scope bar: "A system or set of related features" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P4)
Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment.
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment."
- Evidence at this level's autonomy bar: "Self-directed; reviewed at critical decision points" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P4)
Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response.
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response."
- Evidence at this level's complexity bar: "Complex, ambiguous problems; devises new approaches" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P4)
Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns.
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns."
- Evidence at this level's impact bar: "Multi-team / function outcomes" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P4)
Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption.
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption."
- Evidence at this level's decision rights bar: "Owns technical decisions for a system; influences adjacent design" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Objective 1: Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems. [source: JFM responsibility (P4)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems." KR2. Evidence at this level's scope bar: "A system or set of related features" — ⟨target⟩ by ⟨date⟩ Objective 2: Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment. [source: JFM responsibility (P4)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment." KR2. Evidence at this level's autonomy bar: "Self-directed; reviewed at critical decision points" — ⟨target⟩ by ⟨date⟩ Objective 3: Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response. [source: JFM responsibility (P4)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response." KR2. Evidence at this level's complexity bar: "Complex, ambiguous problems; devises new approaches" — ⟨target⟩ by ⟨date⟩ Objective 4: Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns. [source: JFM responsibility (P4)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns." KR2. Evidence at this level's impact bar: "Multi-team / function outcomes" — ⟨target⟩ by ⟨date⟩ Objective 5: Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption. [source: JFM responsibility (P4)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption." KR2. Evidence at this level's decision rights bar: "Owns technical decisions for a system; influences adjacent design" — ⟨target⟩ by ⟨date⟩
MBO areas
Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.
| Area | Standard | Target | Due |
|---|---|---|---|
| Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems. | Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." | ⟨target⟩ | ⟨date⟩ |
| Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment. | Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." | ⟨target⟩ | ⟨date⟩ |
| Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response. | Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." | ⟨target⟩ | ⟨date⟩ |
| Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns. | Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." | ⟨target⟩ | ⟨date⟩ |
| Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption. | Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." | ⟨target⟩ | ⟨date⟩ |
Copy / print as textshow ▾hide ▴
1. Area: Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems. [source: JFM responsibility (P4) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." Target: ⟨target⟩ Due: ⟨date⟩ 2. Area: Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment. [source: JFM responsibility (P4) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." Target: ⟨target⟩ Due: ⟨date⟩ 3. Area: Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response. [source: JFM responsibility (P4) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." Target: ⟨target⟩ Due: ⟨date⟩ 4. Area: Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns. [source: JFM responsibility (P4) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." Target: ⟨target⟩ Due: ⟨date⟩ 5. Area: Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption. [source: JFM responsibility (P4) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies in-depth forensics, malware analysis, and EDR telemetry expertise to complex, multi-signal investigations; selects investigation methods and forensic approaches." Target: ⟨target⟩ Due: ⟨date⟩
Scorecard
Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.
Internal process
- "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems."→ ⟨target⟩ by ⟨date⟩
- "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment."→ ⟨target⟩ by ⟨date⟩
- "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response."→ ⟨target⟩ by ⟨date⟩
- "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns."→ ⟨target⟩ by ⟨date⟩
- "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption."→ ⟨target⟩ by ⟨date⟩
Role calibration
- Meets the scope bar: "A system or set of related features"→ ⟨target⟩ by ⟨date⟩
- Meets the autonomy bar: "Self-directed; reviewed at critical decision points"→ ⟨target⟩ by ⟨date⟩
- Meets the complexity bar: "Complex, ambiguous problems; devises new approaches"→ ⟨target⟩ by ⟨date⟩
- Meets the impact bar: "Multi-team / function outcomes"→ ⟨target⟩ by ⟨date⟩
- Meets the decision rights bar: "Owns technical decisions for a system; influences adjacent design"→ ⟨target⟩ by ⟨date⟩
- Meets the leadership bar: "Technical lead for focused efforts; mentors several"→ ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Internal process - "Leads technical incident investigations on complex events — directing triage, forensics, containment, and eradication across affected systems." → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P4)] - "Writes technical investigation reports covering attack path, affected assets, persistence mechanisms, and data-exposure assessment." → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P4)] - "Provides incident command support and cross-team coordination, directing multiple internal and external subject matter experts during active response." → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P4)] - "Leads post-incident reviews with root-cause analysis and prioritized corrective action items, and authors new runbooks for repeat incident patterns." → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P4)] - "Drives measurable improvements to detection and response, and produces executive summaries for leadership consumption." → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P4)] Role calibration - Meets the scope bar: "A system or set of related features" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Scope)] - Meets the autonomy bar: "Self-directed; reviewed at critical decision points" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Autonomy)] - Meets the complexity bar: "Complex, ambiguous problems; devises new approaches" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Complexity)] - Meets the impact bar: "Multi-team / function outcomes" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Impact)] - Meets the decision rights bar: "Owns technical decisions for a system; influences adjacent design" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Decision rights)] - Meets the leadership bar: "Technical lead for focused efforts; mentors several" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Leadership)]