NSXNational Skills ExchangeSign in
Back to Framework

Information Security Analysts

SOC 15-1212.00Job Zone 4 · Considerable Preparation

Plan, implement, upgrade, or monitor security measures for the protection of computer networks and information. Assess system vulnerabilities for security risks and propose and implement risk mitigation strategies. May ensure appropriate security controls are in place that will safeguard digital files and vital electronic infrastructure. May respond to computer security breaches and viruses.

Context coveredEnterprise security operations, application security, GRC, threat intel, incident response, and security engineering across financial services, healthcare, tech, and government.

Sources:O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.SkillsCrosswalkSkillsCrosswalk — O*NET enrichment + adjacency index. Opens in new tab.
Emerging
Entry / Apprentice
  1. SIEM alert triage (Splunk, Sentinel, Chronicle)investigate per runbook under a senior analyst's review.
  2. Phishing analysis and email-threat investigationswork the queue on a tier-1 rotation.
  3. Vulnerability-scan output (Nessus, Qualys, Wiz)interpret and prioritize routine findings.
  4. Standard runbooks for common alertsexecute correctly and document outcomes.
  5. Tickets and case-tracking in the ITSM platformlog accurately for downstream investigation.
  6. Endpoint-detection tools (CrowdStrike, SentinelOne)interpret detections on a standard threat profile.
  7. Common attack frameworks (MITRE ATT&CK)recognize techniques in alerts at the tactic level.
  8. Authentication and identity basics (SSO, MFA, SAML, OIDC)explain and apply correctly.
  9. Network-traffic analysis basics (firewall logs, DNS, NetFlow)read and pattern-match on routine sessions.
  10. Compliance frameworks (SOC 2, ISO 27001 high-level)recognize control families in audit prep.
Developing
Mid-level / Established
  1. Multi-source alert investigationscorrelate across SIEM, EDR, identity, and network with reduced oversight.
  2. Routine incident responseexecute tier-2 containment and eradication on familiar threat types.
  3. Vulnerability prioritizationassess CVSS, exploitability, and asset context to drive patching decisions.
  4. Threat-intel ingestion and operationalizationturn IOCs and TTPs into detection rules.
  5. Cloud-security configuration (AWS, Azure, GCP IAM and network controls)review and remediate in routine cases.
  6. Detection engineering (basic SIEM queries, custom rules)write and tune for the SOC's standard threats.
  7. Junior analysts on alert triagecoach during their first 90 days.
  8. On-call shifts in the SOC rotationhandle independently with senior backstop.
  9. Compliance audit evidence collectionproduce for SOC 2 / ISO 27001 cycles without manager involvement.
  10. Tabletop exercisesparticipate substantively in SOC and broader-IR drills.
Proficient
Senior / Expert IC
  1. Complex incident responselead investigation, containment, eradication, and recovery on owned incidents.
  2. Adversary-simulation findings (red-team, pentest)translate into detection and prevention improvements.
  3. Security-tool selection and deploymentown a category (EDR, SIEM, CSPM) end-to-end.
  4. Risk assessments and threat models for new systemsproduce credibly with engineering teams.
  5. Detection engineering at scaledesign and tune across a comprehensive rule set.
  6. On-call leadershipmanage the SOC rotation, training, and escalation across a quarter.
  7. Mentorship across the analyst teamprovide on technique, tools, and career development.
  8. Cross-functional partnerships (engineering, legal, privacy)collaborate substantively on security initiatives.
  9. Compliance and audit findingsrepresent the security team in audit closure discussions.
  10. Security-awareness program contributionsdesign content and measure effectiveness.
Advanced
Lead / Principal / Executive
  1. Security strategy and roadmapset, communicate, and execute across the organization.
  2. Major incident responselead through containment, executive comms, and regulator notification on a real breach.
  3. Security architecture at organization scaledesign, evolve, and defend across the enterprise.
  4. Security-team hiring, leveling, and developmentshape across the org over multi-year horizons.
  5. Vendor and tooling strategyset the framework and trade-offs at scale.
  6. Board and executive reporting on security posturerepresent credibly across regulatory and stakeholder contexts.
  7. Industry presence (BSides, BlackHat, ISACs)engage at expert level across a specialty.
  8. Threat-intelligence programown at organization or sector level.
  9. Crisis leadership (regulator inquiry, public breach, ransomware)lead the organization through with composure.
  10. Security culture and practicesshape through standards, rituals, and partnerships across the enterprise.

AI-at-Work Competency Framework

Sources:Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab.Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.
Subscriber feature

Authoritative source data identified for 998 occupations

How a worker at each mastery level uses, directs, and evaluates AI tools in this occupation. Each statement cites its evidence inline; click a citation chip to verify the source.

Emerging
  1. AI-assisted threat report scanning — uses an LLM to summarize current vulnerability advisories and virus bulletins, then manually cross-checks flagged items against the organization's active systems before acting Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab..
  2. Basic log triage support — feeds raw security event logs into an AI tool to surface anomalies, while relying on supervisor guidance to validate and prioritize the output Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
Developing
  1. Risk assessment drafting — delegates the initial structuring of risk assessment documentation to an AI assistant, then reviews and corrects the output against firsthand system knowledge and audit findings Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  2. Security policy gap analysis — directs an AI tool to compare existing security files against updated compliance frameworks, accepting flagged discrepancies only after independent verification Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab..
  3. Incident response planning support — uses an AI assistant to generate draft response plan sections for data protection and emergency processing scenarios, then revises each section to reflect site-specific constraints Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Proficient
  1. Threat intelligence synthesis — routes multiple vendor threat feeds and CVE reports through an LLM to produce a consolidated briefing, then applies critical judgment to prioritize remediation actions for the environment Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  2. Penetration test report generation — delegates the narrative write-up of test findings to an AI assistant, retaining authorship of risk ratings and recommended countermeasures Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab..
  3. Access control change validation — uses AI tooling to cross-reference proposed individual access-status modifications against role-based policy rules, catching errors before committing changes to security files WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  4. Encryption and firewall configuration review — prompts an AI assistant to audit current firewall rule sets and data-in-transit encryption configurations for misalignments with policy, then adjudicates each finding through hands-on system inspection Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Advanced
  1. Autonomous threat-hunt orchestration — designs multi-step AI agent workflows that continuously monitor for indicators of compromise across endpoints and networks, setting decision boundaries at which the agent escalates to human review versus acting autonomously Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  2. Security architecture evaluation — directs AI-driven analysis of proposed system designs to model attack surfaces and residual risk, synthesizing outputs into executive-level recommendations that integrate business context the model cannot access Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  3. AI capability governance for the SOC — establishes team-wide standards for which security tasks are routed to AI delegation versus human-led analysis, informed by measured autonomy limits and augmentation outcomes across the analyst group Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab. Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Evidence pack
AEI usage
Task observations: 55
Augment share: 68.4%
Time saved: 53.3%
AI autonomy: 0.36
SAFI positioning
Top skill: Reading Comprehension
Score: 45.5 / 100
Quadrant: Q2_ai_augmented
precision: exact
WEF cluster
Artificial Intelligence
artificial_intelligence
Sources:Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.

Pathsmith Durable Skills Framework

Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Subscriber feature

Ten durable-skill domains mapped to four proficiency/role levels for each occupation. Each statement is aligned to the Pathsmith taxonomy, derived from trusted grounding data and mapped to occupation-specific O*NET tasks and skills.

1Communication10 statements
Emerging
  1. Security incident briefing — drafts initial incident summaries using standardized templates to inform technical teams of breach scope and impact Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. User violation discussion — explains basic security policy requirements to non-technical staff after detected access violations using clear, jargon-free language O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Risk assessment reporting — translates technical vulnerability findings into written summaries accessible to both IT staff and business stakeholders Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security policy documentation — authors procedures and emergency data processing protocols with precise technical language appropriate to the intended audience O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Threat briefing communication — presents current virus and malware threat landscape to department leads using structured verbal summaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Cross-functional security conferral — leads structured discussions with end users and department heads to clarify data access needs, security violations, and remediation steps O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Executive incident reporting — distills complex intrusion or data exposure events into concise executive-level written reports that support informed decision-making Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Technical documentation authorship — produces comprehensive firewall configuration logs, encryption protocol records, and access control change documentation with audit-ready precision O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Enterprise security communication strategy — designs and champions organization-wide communication frameworks that ensure security awareness messaging reaches all employee levels with consistent accuracy Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Regulatory testimony and audit response — leads formal communications with external auditors, regulators, and legal teams, representing the organization's security posture with authority and clarity Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
2Leadership9 statements
Emerging
  1. Incident response initiative — takes ownership of assigned security monitoring tasks without requiring supervisory direction, escalating anomalies proactively Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Policy adherence modeling — demonstrates correct security procedures to peers during routine operations, reinforcing organizational standards through personal example Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Violation follow-through — leads follow-up conversations with policy violators, ensuring corrective understanding is achieved and non-recurrence is documented O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security project coordination — coordinates small-scale security configuration changes across team members, tracking progress and resolving blockers Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Incident response leadership — directs cross-functional response teams during active security events, assigning roles, sequencing tasks, and maintaining operational clarity under pressure Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security awareness program ownership — takes accountability for designing and delivering user training initiatives that reduce human-factor vulnerabilities across the organization O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Junior analyst development — mentors entry-level analysts in risk assessment methodologies, monitoring tool usage, and professional reporting standards Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Security strategy governance — leads the development and executive sponsorship of multi-year information security roadmaps aligned to organizational risk tolerance and regulatory requirements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Organizational security culture leadership — drives behavioral change at scale by embedding security-first thinking into hiring, onboarding, and performance frameworks across the enterprise Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
3Metacognition8 statements
Emerging
  1. Skill gap identification — recognizes personal knowledge boundaries in areas such as encryption protocols or network forensics and identifies learning resources to address gaps Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Monitoring habit reflection — evaluates the effectiveness of personal alert-review routines and adjusts frequency or scope based on incident outcomes Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Analytical process auditing — reviews own risk assessment methodology after each cycle to identify reasoning errors or overlooked threat vectors Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Tool proficiency self-assessment — benchmarks personal competency with security platforms such as SIEM systems against team standards and builds targeted improvement plans Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Post-incident cognitive debrief — conducts structured self-review after each significant security event to distinguish effective analytical decisions from reactive or incomplete judgments Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Learning strategy calibration — adjusts professional development approach based on emerging threat landscapes, deliberately selecting certifications or training that address identified cognitive blind spots Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Team metacognitive coaching — facilitates after-action reviews that build collective self-awareness across the security team, embedding reflective practice into standard incident closure procedures Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Organizational knowledge mapping — identifies systemic analytical gaps across the security function and designs structured knowledge-transfer programs to address them Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
4Critical Thinking9 statements
Emerging
  1. Threat report evaluation — reads and assesses current virus and malware advisories to determine relevance to the organization's specific technology stack O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Access violation analysis — examines logs of security procedure violations to distinguish human error from intentional misuse Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Vulnerability prioritization — applies risk scoring frameworks to evaluate competing security findings and sequence remediation based on likelihood and potential impact Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security control logic review — scrutinizes existing firewall rules and access control lists to identify logical gaps or contradictions that expose the environment to risk O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Risk assessment execution — conducts systematic data processing system tests that evaluate both functional performance and the integrity of layered security controls, synthesizing findings into actionable recommendations O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Assumption challenging in threat modeling — interrogates inherited security assumptions during architecture reviews, identifying where previous risk decisions no longer reflect current threat conditions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Incident causality determination — traces security events through multiple data sources to distinguish root causes from symptoms, preventing recurrence rather than merely resolving surface indicators Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Enterprise threat intelligence synthesis — integrates external intelligence feeds, internal telemetry, and industry benchmarks into coherent threat narratives that drive strategic security investment decisions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security architecture critique — evaluates proposed system designs against adversarial thinking frameworks, identifying exploitable logical flaws before deployment Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
5Collaboration9 statements
Emerging
  1. IT team coordination — shares relevant threat alerts and system anomalies with network and systems colleagues in a timely and structured manner Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Cross-department data access conferral — participates in user meetings to understand access requirements, contributing security perspective without dominating business-led discussions O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Incident response team participation — fulfills assigned role within a coordinated incident response team, maintaining clear handoffs and shared situational awareness throughout an event Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Vendor collaboration — works with external security vendors or managed service providers to configure tools, resolve issues, and align service delivery with internal security standards O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Security working group facilitation — leads regular cross-functional security review sessions with IT, legal, compliance, and operations teams, integrating diverse perspectives into unified risk decisions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Development team security integration — collaborates with software developers to embed secure coding practices and vulnerability testing into the software development lifecycle O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Emergency planning co-development — partners with business continuity and IT operations teams to develop and validate data processing emergency response plans O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Enterprise security coalition building — establishes and sustains collaborative relationships across business units, external partners, and industry peers to create a coordinated security ecosystem that extends beyond organizational boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Regulatory collaboration leadership — serves as primary liaison between security, legal, and external regulatory bodies, aligning cross-institutional stakeholders around shared compliance and risk standards Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
6Character8 statements
Emerging
  1. Data confidentiality adherence — handles sensitive user data, access credentials, and security findings with strict discretion, following established confidentiality protocols at all times Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Policy compliance modeling — complies fully with organizational security policies and reports personal errors or access mistakes transparently rather than concealing them Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Violation accountability — addresses security procedure violations directly and constructively with individuals involved, prioritizing organizational integrity over interpersonal comfort O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Documentation honesty — records security test results, system modification logs, and incident details with complete accuracy, including findings that reflect unfavorably on current security posture Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Ethical access management — exercises authority over user access rights with impartiality, granting or revoking permissions based solely on verified need and policy, without favoritism or coercion Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Professional accountability under pressure — accepts responsibility for security recommendations and decisions during incident aftermath, including those that proved insufficient, and leads corrective action without deflecting blame Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Security ethics leadership — establishes and champions ethical standards for data handling, surveillance practices, and privacy protection that meet or exceed regulatory requirements and reflect organizational values Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Whistleblower and escalation integrity — creates conditions where team members feel safe reporting security concerns or policy violations without fear of retaliation, modeling and enforcing ethical escalation norms Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
7Creativity8 statements
Emerging
  1. Threat scenario imagining — generates alternative attack pathway hypotheses during routine monitoring reviews, expanding the scope of surveillance beyond standard alert rules Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Security communication design — develops clearer or more engaging formats for communicating security policies to non-technical users, improving comprehension and compliance Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Custom detection rule development — designs novel SIEM correlation rules or monitoring scripts that identify threat patterns not addressed by vendor-supplied defaults Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security safeguard ideation — proposes alternative technical and procedural controls when standard solutions are insufficient for a specific risk context O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Adversarial simulation design — constructs creative penetration testing and red team scenarios that probe organizational defenses from unconventional attack angles, revealing non-obvious vulnerabilities Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security architecture innovation — designs layered defense configurations that combine standard tools in novel sequences to address emerging threat vectors not covered by existing frameworks Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Zero-day response improvisation — develops original containment and mitigation strategies in real time when novel threats exceed the scope of existing playbooks, preventing escalation through adaptive invention Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Security program reinvention — rearchitects the organization's security operations model by introducing innovative detection, response, or governance approaches that measurably improve resilience and efficiency Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
8Growth Mindset8 statements
Emerging
  1. Threat landscape learning — regularly reviews security advisories, CVE databases, and industry publications to build foundational awareness of evolving attack techniques Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Feedback incorporation — applies constructive feedback from senior analysts on risk assessments and incident documentation to improve the quality of subsequent work Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Certification pursuit — actively pursues relevant professional certifications such as Security+, CEH, or CISSP as structured pathways to deepen technical and strategic security competency Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Post-incident learning — extracts specific technical and procedural lessons from each security event and integrates them into updated personal practice and team playbooks Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Adversarial mindset development — deliberately studies attacker tactics, techniques, and procedures through platforms such as MITRE ATT&CK to continuously challenge and expand defensive assumptions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Failure normalization in testing — treats failed security controls and missed detections during testing as primary learning inputs rather than performance failures, driving systematic improvement Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Team learning culture creation — institutionalizes continuous learning within the security team through structured threat intelligence sharing sessions, blameless post-mortems, and skill development planning Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Cross-industry knowledge transfer — engages with external security communities, contributes research or presentations, and imports cutting-edge practices back into the organization to sustain competitive security capability Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
9Mindfulness8 statements
Emerging
  1. Alert fatigue recognition — notices personal signs of monitoring fatigue during high-volume alert periods and applies structured break strategies to maintain detection accuracy Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Deliberate documentation practice — approaches security log and policy documentation with focused attention, minimizing transcription errors that could compromise audit integrity Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. High-pressure emotional regulation — maintains composed, methodical analysis during active security incidents, preventing urgency from degrading the quality of threat assessment and response decisions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Intentional communication calibration — consciously adjusts tone and technical depth when conferring with users about violations or access issues, reading audience cues and adapting in real time Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Sustained monitoring presence — maintains consistent attentional quality across extended system monitoring shifts, applying structured attention management techniques to preserve vigilance and reduce missed indicators Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Incident response composure — anchors team behavior during chaotic security events by modeling calm, deliberate decision-making that prevents panic-driven errors from amplifying incident impact Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Organizational stress resilience architecture — designs incident response processes and analyst workflows that structurally reduce cognitive overload and emotional exhaustion, sustaining team performance across high-tempo threat periods Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Mindful leadership under ambiguity — navigates organizationally ambiguous security decisions, such as those involving privacy trade-offs or incomplete threat data, with deliberate intentionality and transparent reasoning Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
10Fortitude8 statements
Emerging
  1. Persistent threat monitoring — maintains consistent security monitoring routines during quiet periods when threat signals are low, resisting complacency in the absence of active incidents Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Setback recovery in testing — continues refining security test approaches after initial penetration tests or vulnerability assessments produce inconclusive or frustrating results Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Sustained incident engagement — persists through extended incident response operations, including overnight or weekend events, maintaining analytical quality and professional commitment until resolution is achieved Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Regulatory pressure navigation — continues executing security responsibilities accurately and thoroughly during high-scrutiny periods such as audits or regulatory investigations without allowing external pressure to compromise judgment Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Breach response endurance — leads or sustains effective security response through multi-day breach containment efforts, managing personal and team resilience while maintaining strategic focus on full remediation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Unpopular security enforcement — enforces access restrictions, system lockdowns, or policy requirements that generate organizational resistance, maintaining professional resolve when security needs conflict with business convenience Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Crisis leadership under sustained adversity — guides the security organization through prolonged threat campaigns, regulatory sanctions, or major breach recovery cycles with unwavering strategic clarity and team-stabilizing resolve Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Courageous risk escalation — escalates critical security findings to executive leadership or regulators even when doing so creates organizational discomfort, demonstrating professional courage that protects the enterprise from greater harm Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Show O*NET source anchors57 anchors · skillscrosswalk.com

O*NET enrichment · skillscrosswalk.com

Suggest an O*NET correction

Source anchors that ground each statement

Related titles
Cybersecurity Technician · AI Security Specialist (Artificial Intelligence Security Specialist) · All-Source Analyst · Application Security Analyst · Applications Security Analyst · Automatic Data Processing Systems Security Specialist (ADP Systems Security) · Blue Team Member · Certified Information Systems Security Professional (CISSP) · Cloud Security Architect · Cloud Security Engineer · Computer Security Coordinator · Computer Security Information Specialist
RAPIDS apprenticeships
0220 · Cybersecurity Technician
O*NET skills
Reading ComprehensionCritical ThinkingActive ListeningComplex Problem SolvingSpeakingWritingSystems AnalysisMonitoringJudgment and Decision MakingActive LearningTime ManagementSystems EvaluationQuality Control AnalysisCoordinationOperations Monitoring
Knowledge domains
Computers and ElectronicsEnglish LanguageAdministration and ManagementTelecommunicationsEngineering and TechnologyCustomer and Personal ServicePublic Safety and SecurityEducation and Training
Abilities
Deductive ReasoningProblem SensitivityWritten ComprehensionInductive ReasoningOral ComprehensionInformation OrderingWritten ExpressionNear VisionOral ExpressionCategory Flexibility
Work styles
Attention to DetailIntegrityCautiousnessDependabilityIntellectual CuriosityInnovation
Technology
Word processing softwareAccess softwareNetwork monitoring softwareInternet directory services softwareDevelopment environment softwareObject or component oriented development softwareWeb platform development softwareData base management system softwareData base user interface and query softwareStorage networking software
Tasks · seed anchors for statements
  1. Develop plans to safeguard computer files against accidental or unauthorized modification, destruction, or disclosure and to meet emergency data processing needs.
  2. Monitor current reports of computer viruses to determine when to update virus protection systems.
  3. Encrypt data transmissions and erect firewalls to conceal confidential information as it is being transmitted and to keep out tainted digital transfers.
  4. Perform risk assessments and execute tests of data processing system to ensure functioning of data processing activities and security measures.
  5. Modify computer security files to incorporate new software, correct errors, or change individual access status.
  6. Review violations of computer security procedures and discuss procedures with violators to ensure violations are not repeated.
  7. Document computer security and emergency measures policies, procedures, and tests.
  8. Confer with users to discuss issues such as computer data access needs, security violations, and programming changes.
CIP education codes
11.010311.070111.090111.100111.100211.100311.100543.040351.0723

Sources: O*NET v30.2 (CC BY 4.0), SkillsCrosswalk.com, LER.me, Anthropic Economic Index, SAFI (Jadhav & Danve, 2026), WEF Skills Taxonomy 2021, Pathsmith Durable Skills Framework. © 2026 EBSCOed.