Goal templates — Security Engineering — P3
Security · Security Engineering · P3 — Mid-Level Professional
These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.
SMART goals
One row per canon core output / responsibility this level owns.
JFM responsibility (P3)
Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review
- Specific
- Deliver: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
- Relevant
- Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM
- Specific
- Deliver: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
- Relevant
- Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause
- Specific
- Deliver: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
- Relevant
- Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams
- Specific
- Deliver: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
- Relevant
- Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
JFM responsibility (P3)
Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams
- Specific
- Deliver: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
- Measurable
- Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
- Achievable
- Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
- Relevant
- Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
- Time-bound
- ⟨date⟩
Copy / print as textshow ▾hide ▴
1. Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review [source: JFM responsibility (P3)] Specific: Deliver: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones." Relevant: Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 2. Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM [source: JFM responsibility (P3)] Specific: Deliver: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones." Relevant: Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 3. Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause [source: JFM responsibility (P3)] Specific: Deliver: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones." Relevant: Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 4. Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams [source: JFM responsibility (P3)] Specific: Deliver: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones." Relevant: Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩ 5. Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams [source: JFM responsibility (P3)] Specific: Deliver: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams" Measurable: Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩. Achievable: Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones." Relevant: Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional. Time-bound: ⟨date⟩
OKRs
Objectives from this level's core outputs; key results only where a real dimension or capability backs them.
JFM responsibility (P3)
Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
- Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
- Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
- Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
- Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩
JFM responsibility (P3)
Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams
- From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
- Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Objective 1: Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review" KR2. Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩ Objective 2: Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM" KR2. Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩ Objective 3: Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause" KR2. Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩ Objective 4: Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams" KR2. Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩ Objective 5: Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams [source: JFM responsibility (P3)] KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams" KR2. Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩
MBO areas
Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.
| Area | Standard | Target | Due |
|---|---|---|---|
| Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review | Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." | ⟨target⟩ | ⟨date⟩ |
| Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM | Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." | ⟨target⟩ | ⟨date⟩ |
| Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause | Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." | ⟨target⟩ | ⟨date⟩ |
| Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams | Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." | ⟨target⟩ | ⟨date⟩ |
| Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams | Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." | ⟨target⟩ | ⟨date⟩ |
Copy / print as textshow ▾hide ▴
1. Area: Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." Target: ⟨target⟩ Due: ⟨date⟩ 2. Area: Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." Target: ⟨target⟩ Due: ⟨date⟩ 3. Area: Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." Target: ⟨target⟩ Due: ⟨date⟩ 4. Area: Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." Target: ⟨target⟩ Due: ⟨date⟩ 5. Area: Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams [source: JFM responsibility (P3) — reused, no distinct responsibility content] Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence." Target: ⟨target⟩ Due: ⟨date⟩
Scorecard
Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.
Internal process
- "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"→ ⟨target⟩ by ⟨date⟩
- "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"→ ⟨target⟩ by ⟨date⟩
- "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"→ ⟨target⟩ by ⟨date⟩
- "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"→ ⟨target⟩ by ⟨date⟩
- "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"→ ⟨target⟩ by ⟨date⟩
Role calibration
- Meets the scope bar: "Features or a sub-system end-to-end"→ ⟨target⟩ by ⟨date⟩
- Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard"→ ⟨target⟩ by ⟨date⟩
- Meets the complexity bar: "Diverse problems; adapts existing approaches"→ ⟨target⟩ by ⟨date⟩
- Meets the impact bar: "Project / team outcomes"→ ⟨target⟩ by ⟨date⟩
- Meets the decision rights bar: "Owns implementation decisions for own scope"→ ⟨target⟩ by ⟨date⟩
- Meets the leadership bar: "Mentors juniors informally"→ ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾hide ▴
Internal process - "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] - "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams" → ⟨target⟩ by ⟨date⟩ [source: JFM responsibility (P3)] Role calibration - Meets the scope bar: "Features or a sub-system end-to-end" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Scope)] - Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Autonomy)] - Meets the complexity bar: "Diverse problems; adapts existing approaches" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Complexity)] - Meets the impact bar: "Project / team outcomes" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Impact)] - Meets the decision rights bar: "Owns implementation decisions for own scope" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Decision rights)] - Meets the leadership bar: "Mentors juniors informally" → ⟨target⟩ by ⟨date⟩ [source: level dimension (Leadership)]