Security Engineering — P3

Goal templates — Security Engineering — P3

Security · Security Engineering · P3 — Mid-Level Professional

These are canon-derived frames, not advice: every line is either verbatim JobFrame canon text or a fixed template wrapping it. ⟨target⟩ / ⟨baseline⟩ / ⟨date⟩ are placeholders for the manager to fill in. Nothing here is generated by AI — rows are omitted, never invented, when the canon lacks the underlying field.

SMART goals

One row per canon core output / responsibility this level owns.

JFM responsibility (P3)

Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review

Specific
Deliver: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
Relevant
Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
Time-bound
⟨date⟩

JFM responsibility (P3)

Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM

Specific
Deliver: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
Relevant
Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
Time-bound
⟨date⟩

JFM responsibility (P3)

Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause

Specific
Deliver: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
Relevant
Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
Time-bound
⟨date⟩

JFM responsibility (P3)

Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams

Specific
Deliver: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
Relevant
Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
Time-bound
⟨date⟩

JFM responsibility (P3)

Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams

Specific
Deliver: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
Measurable
Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
Achievable
Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
Relevant
Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
Time-bound
⟨date⟩
Copy / print as textshow ▾
1. Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review  [source: JFM responsibility (P3)]
   Specific:    Deliver: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
   Relevant:    Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
   Time-bound:  ⟨date⟩

2. Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM  [source: JFM responsibility (P3)]
   Specific:    Deliver: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
   Relevant:    Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
   Time-bound:  ⟨date⟩

3. Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause  [source: JFM responsibility (P3)]
   Specific:    Deliver: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
   Relevant:    Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
   Time-bound:  ⟨date⟩

4. Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams  [source: JFM responsibility (P3)]
   Specific:    Deliver: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
   Relevant:    Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
   Time-bound:  ⟨date⟩

5. Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams  [source: JFM responsibility (P3)]
   Specific:    Deliver: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
   Measurable:  Move the metric this drives from ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩.
   Achievable:  Scoped to this level's jfm complexity/problem-solving rubric: "Evaluates identifiable factors to investigate incidents, tune detections, and drive remediation; plans own work to milestones."
   Relevant:    Advances the Security · Security Engineering mandate for a P3 — Mid-Level Professional.
   Time-bound:  ⟨date⟩

OKRs

Objectives from this level's core outputs; key results only where a real dimension or capability backs them.

JFM responsibility (P3)

Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
  • Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P3)

Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
  • Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P3)

Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
  • Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P3)

Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
  • Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩

JFM responsibility (P3)

Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams

  • From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
  • Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾
Objective 1: Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review  [source: JFM responsibility (P3)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"
  KR2. Evidence at this level's scope bar: "Features or a sub-system end-to-end" — ⟨target⟩ by ⟨date⟩

Objective 2: Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM  [source: JFM responsibility (P3)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"
  KR2. Evidence at this level's autonomy bar: "Works independently on standard work; reviewed on the non-standard" — ⟨target⟩ by ⟨date⟩

Objective 3: Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause  [source: JFM responsibility (P3)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"
  KR2. Evidence at this level's complexity bar: "Diverse problems; adapts existing approaches" — ⟨target⟩ by ⟨date⟩

Objective 4: Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams  [source: JFM responsibility (P3)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"
  KR2. Evidence at this level's impact bar: "Project / team outcomes" — ⟨target⟩ by ⟨date⟩

Objective 5: Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams  [source: JFM responsibility (P3)]
  KR1. From ⟨baseline⟩ to ⟨target⟩ by ⟨date⟩ — tied to: "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"
  KR2. Evidence at this level's decision rights bar: "Owns implementation decisions for own scope" — ⟨target⟩ by ⟨date⟩

MBO areas

Key result areas from this level's responsibilities, each with a standard grounded in the canon leveling rubric where one exists.

AreaStandardTargetDue
Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone reviewConsistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."⟨target⟩⟨date⟩
Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEMConsistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."⟨target⟩⟨date⟩
Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root causeConsistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."⟨target⟩⟨date⟩
Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teamsConsistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."⟨target⟩⟨date⟩
Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teamsConsistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."⟨target⟩⟨date⟩
Copy / print as textshow ▾
1. Area: Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review  [source: JFM responsibility (P3) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."
   Target:   ⟨target⟩   Due: ⟨date⟩

2. Area: Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM  [source: JFM responsibility (P3) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."
   Target:   ⟨target⟩   Due: ⟨date⟩

3. Area: Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause  [source: JFM responsibility (P3) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."
   Target:   ⟨target⟩   Due: ⟨date⟩

4. Area: Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams  [source: JFM responsibility (P3) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."
   Target:   ⟨target⟩   Due: ⟨date⟩

5. Area: Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams  [source: JFM responsibility (P3) — reused, no distinct responsibility content]
   Standard: Consistent with this level's jfm knowledge-application rubric: "Applies broad security engineering knowledge across detection-as-code, pen testing, network security, and forensics to diverse problems with moderate independence."
   Target:   ⟨target⟩   Due: ⟨date⟩

Scorecard

Only perspectives with real canon backing are shown — no Financial or Customer perspective, since nothing in the canon grounds business-financial or customer measures for a role alone.

Internal process

  • "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"⟨target⟩ by ⟨date⟩
  • "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"⟨target⟩ by ⟨date⟩
  • "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"⟨target⟩ by ⟨date⟩
  • "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"⟨target⟩ by ⟨date⟩
  • "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"⟨target⟩ by ⟨date⟩

Role calibration

  • Meets the scope bar: "Features or a sub-system end-to-end"⟨target⟩ by ⟨date⟩
  • Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard"⟨target⟩ by ⟨date⟩
  • Meets the complexity bar: "Diverse problems; adapts existing approaches"⟨target⟩ by ⟨date⟩
  • Meets the impact bar: "Project / team outcomes"⟨target⟩ by ⟨date⟩
  • Meets the decision rights bar: "Owns implementation decisions for own scope"⟨target⟩ by ⟨date⟩
  • Meets the leadership bar: "Mentors juniors informally"⟨target⟩ by ⟨date⟩
Copy / print as textshow ▾
Internal process
  - "Independently owns defined areas of the security program — detection coverage, vulnerability management, or a network/cloud domain — planning day-to-day work with milestone review"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P3)]
  - "Designs and maintains version-controlled detection-as-code, evaluating identifiable factors to tune rules and reduce false positives in the SIEM"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P3)]
  - "Leads investigations for moderate-severity incidents, performing forensic analysis of logs, endpoints, and packet captures (Wireshark) to determine root cause"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P3)]
  - "Conducts penetration tests and purple-team exercises to identify exploitable weaknesses, then drives remediation with engineering teams"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P3)]
  - "Configures network security controls — firewalls, VPNs, ZTNA, segmentation, and encryption — and integrates security best practices into deployment pipelines with cross-functional teams"  →  ⟨target⟩ by ⟨date⟩   [source: JFM responsibility (P3)]

Role calibration
  - Meets the scope bar: "Features or a sub-system end-to-end"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Scope)]
  - Meets the autonomy bar: "Works independently on standard work; reviewed on the non-standard"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Autonomy)]
  - Meets the complexity bar: "Diverse problems; adapts existing approaches"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Complexity)]
  - Meets the impact bar: "Project / team outcomes"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Impact)]
  - Meets the decision rights bar: "Owns implementation decisions for own scope"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Decision rights)]
  - Meets the leadership bar: "Mentors juniors informally"  →  ⟨target⟩ by ⟨date⟩   [source: level dimension (Leadership)]