NSXNational Skills ExchangeSign in
Back to Framework

Information Security Engineers

SOC 15-1299.05Job Zone 4 · Considerable Preparationv.26.05

Context coveredThis framework covers information security engineering practice across enterprise on-premise and cloud environments, spanning vulnerability assessment, penetration testing, incident response, security architecture, and organizational governance from entry-level execution through executive leadership.

Sources:O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.SkillsCrosswalkSkillsCrosswalk — O*NET enrichment + adjacency index. Opens in new tab.
Emerging
Entry / Apprentice
  1. Vulnerability assessment toolsoperate under direct supervision to scan enterprise networks and document identified weaknesses in structured reports.
  2. Security breach indicatorsrecognize and escalate potential intrusion signals while monitoring network dashboards in a supervised SOC environment.
  3. Penetration testing methodologiesassist senior engineers in executing scripted tests against defined system targets within an authorized lab or staging environment.
  4. Firewall and encryption softwareinstall preconfigured security tools on workstations and servers following established procedures and change-control protocols.
  5. Security policies and standardsstudy and apply organizational information security guidelines when completing assigned tasks under engineer oversight.
  6. Incident response playbooksfollow documented recovery steps to support breach containment activities under the direction of a lead security engineer.
  7. Security control performance indicatorscollect and log metrics from monitoring platforms to assist in periodic quality assessments of existing controls.
  8. Technical security documentationread and interpret vendor advisories, CVE reports, and configuration guides to inform assigned remediation tasks.
  9. Operating system security configurationsapply baseline hardening checklists to Windows and Linux systems within a supervised enterprise IT environment.
  10. Risk management softwareenter vulnerability scan results and asset data into designated platforms to support team-level risk tracking workflows.
Developing
Mid-level / Established
  1. Network vulnerability scansplan and execute recurring assessments using tools such as Nessus or Qualys, interpreting results to prioritize remediation across a mid-size enterprise.
  2. Security breach investigationsconduct structured analyses of detected incidents, correlating log data and forensic artifacts to identify attack vectors and scope of damage.
  3. Penetration test engagementsperform end-to-end tests against web applications and internal network segments with limited oversight, documenting findings in professional reports.
  4. Firewall rule sets and encryption configurationsdevelop and deploy updated policies for perimeter and cloud-based security controls in alignment with organizational risk posture.
  5. Security awareness training sessionsdeliver structured instruction to staff on information security standards and acceptable-use policies across departmental teams.
  6. Incident response strategiesdraft and refine response and recovery procedures for common breach scenarios, coordinating containment actions with IT operations teams.
  7. Security control quality assessmentsevaluate control effectiveness using defined performance indicators and recommend improvements based on gap analysis findings.
  8. Switch and router security configurationsharden network device configurations and review access-control lists to reduce attack surface in production environments.
  9. Database query toolsinterrogate security event databases to extract threat intelligence and produce trend reports for management review.
  10. Cloud-based security management platformsconfigure and maintain monitoring policies for hybrid cloud environments, adapting settings as workloads evolve.
Proficient
Senior / Expert IC
  1. Enterprise penetration testing programsindependently design and lead comprehensive red-team exercises across complex multi-cloud and on-premise infrastructures, producing executive and technical findings.
  2. Security monitoring architectureautonomously evaluate and tune SIEM rules, IDS signatures, and alert thresholds to ensure accurate detection across high-volume enterprise networks.
  3. Advanced breach investigationslead forensic examination of sophisticated security incidents, reconstructing attack timelines, quantifying damage, and coordinating evidence preservation for legal proceedings.
  4. Security software developmentarchitect and implement custom security tooling, scripts, and automation pipelines that integrate with existing DevSecOps workflows to enforce continuous compliance.
  5. Response and recovery frameworksdesign organization-wide incident response plans covering containment, eradication, and business-continuity restoration for diverse threat scenarios.
  6. Security control effectiveness analysisapply systems evaluation techniques to assess end-to-end control performance, identifying systemic gaps and driving targeted remediation roadmaps.
  7. Information security policy authorshipdraft comprehensive security standards, baselines, and procedures that align technical controls with regulatory requirements such as NIST, ISO 27001, or SOC 2.
  8. Telecommunications and network security designengineer secure network segmentation, VPN architectures, and zero-trust access controls for geographically distributed organizations.
  9. Expert system and risk management platformsconfigure and leverage risk-scoring tools to model threat scenarios, producing quantitative risk assessments that guide investment decisions.
  10. Cross-functional security consultationadvise product, DevOps, and legal teams on security trade-offs during system design reviews, integrating security requirements into project lifecycles from inception.
Advanced
Lead / Principal / Executive
  1. Organizational security strategydefine and champion a multi-year information security roadmap that aligns enterprise risk appetite, regulatory obligations, and emerging threat landscapes at the executive level.
  2. Security engineering capability developmentestablish centers of excellence for penetration testing, threat intelligence, and incident response, setting technical standards that elevate team competency organization-wide.
  3. Enterprise risk governance frameworksdesign and institutionalize risk management programs that integrate vulnerability data, business impact analysis, and board-level reporting into cohesive governance structures.
  4. Security culture and training programsarchitect enterprise-wide security awareness and professional development curricula, measuring behavioral change through performance indicators and maturity assessments.
  5. Incident response leadershipcommand organizational response to major security incidents, coordinating across legal, communications, operations, and executive leadership to minimize impact and meet disclosure obligations.
  6. Security vendor and technology strategyevaluate, select, and oversee deployment of enterprise security platforms and managed services, negotiating contracts and holding partners accountable to SLA and performance benchmarks.
  7. Regulatory and compliance leadershiprepresent the organization before auditors, regulators, and industry bodies, shaping internal control frameworks to satisfy evolving compliance mandates across multiple jurisdictions.
  8. Secure architecture governanceestablish architectural review boards and security-by-design principles that ensure all new systems and cloud migrations meet organizational security standards before production deployment.
  9. Threat intelligence program directionlead intelligence-sharing relationships with ISACs, government agencies, and peer organizations, translating strategic threat data into actionable defensive priorities for engineering teams.
  10. Security investment and resource allocationbuild and defend security budget proposals at the C-suite and board level, demonstrating ROI through quantitative risk reduction metrics and benchmark comparisons.

AI-at-Work Competency Framework

Sources:Anthropic Economic IndexAnthropic Economic Index — release_2026_03_24. Opens in new tab.Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.
Subscriber feature

Authoritative source data identified for 998 occupations

How a worker at each mastery level uses, directs, and evaluates AI tools in this occupation. Each statement cites its evidence inline; click a citation chip to verify the source.

Emerging
  1. AI-assisted threat alert triage — uses an AI assistant to summarize and categorize incoming security alerts, then manually verifies each finding against known indicators of compromise before escalating.
  2. Vulnerability scan interpretation — feeds raw scanner output into an AI tool to generate plain-language summaries of identified weaknesses, while cross-checking results against vendor advisories by hand Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
Developing
  1. Security policy drafting — directs an AI assistant to produce first-draft information security policies and procedures, then critically reviews and revises the output against organizational standards and regulatory requirements Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  2. Penetration test reporting — delegates the structuring and initial write-up of penetration test findings to an AI tool, retaining authorship of risk ratings and remediation recommendations Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  3. Staff training material generation — uses an AI assistant to generate scenario-based security awareness content, then audits the material for accuracy and alignment with current threat intelligence before delivery.
Proficient
  1. Network log analysis — orchestrates AI-powered SIEM integrations to detect anomalous patterns across high-volume log streams, interpreting AI-flagged events through domain expertise to distinguish true positives from false positives Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  2. Security control assessment — leverages AI tools to benchmark control performance indicators against industry frameworks at scale, then synthesizes the outputs into executive-level risk assessments that require human judgment on organizational context Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  3. Threat intelligence synthesis — directs an AI assistant to aggregate and correlate multi-source threat feeds, then applies critical thinking to evaluate adversary TTPs and recommend defensive countermeasures WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  4. Incident response playbook refinement — uses an AI tool to draft updated runbooks based on post-incident findings, then reviews every decision branch for operational soundness before publishing.
Advanced
  1. AI autonomy governance in SOC pipelines — designs the rules of engagement for AI-driven detection and response automation, setting explicit human-in-the-loop thresholds for autonomous blocking actions versus analyst-escalated decisions Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab. WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
  2. Cross-functional AI security architecture — leads the evaluation and selection of AI-augmented security tooling across the enterprise, assessing automation feasibility of each security domain and mapping gaps where human expertise remains irreplaceable Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab..
  3. Adversarial AI threat modeling — applies deep understanding of large language model capabilities and failure modes to anticipate AI-enabled attack vectors, then engineers detection controls and security standards that account for AI-specific risks WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab..
Evidence pack
SAFI positioning
Top skill: Reading Comprehension
Score: 45.5 / 100
Quadrant: Q2_ai_augmented
precision: exact
WEF cluster
Artificial Intelligence
artificial_intelligence
Sources:Jadhav & Danve, 2026Skill Automation Feasibility Index — Jadhav & Danve, 2026 (arXiv:2604.06906). Opens in new tab.WEF Skills TaxonomyWEF Skills Taxonomy 2021 — Building a Common Language for Skills at Work. Opens in new tab.

Pathsmith Durable Skills Framework

Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Subscriber feature

Ten durable-skill domains mapped to four proficiency/role levels for each occupation. Each statement is aligned to the Pathsmith taxonomy, derived from trusted grounding data and mapped to occupation-specific O*NET tasks and skills.

1Communication10 statements
Emerging
  1. Vulnerability summary drafts — produces basic written summaries of scan findings using standardized templates for technical team review Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security terminology usage — applies correct technical vocabulary when describing common threats and controls in team discussions O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Incident report writing — documents security breach investigations with structured narratives that convey scope, cause, and impact to technical stakeholders Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Policy explanation — communicates information security standards and best practices to staff during training sessions using clear, accessible language O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Cross-functional briefing — presents vulnerability assessment results to non-technical audiences by translating technical findings into business-risk terms Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Executive risk communication — delivers concise oral and written briefings on network security posture and remediation priorities to senior leadership Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security advisory authoring — writes detailed technical advisories covering threat indicators, affected systems, and mitigation steps for distribution across the organization O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Active listening in incident triage — elicits precise technical details from system owners during breach investigations through structured questioning and reflective listening Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Enterprise security narrative — crafts organization-wide security communications strategies that align technical findings with strategic risk appetite for board-level audiences Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Cross-industry disclosure writing — authors coordinated vulnerability disclosure documents and public advisories that balance transparency, legal constraints, and stakeholder impact O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
2Leadership9 statements
Emerging
  1. Security task ownership — takes responsibility for completing assigned vulnerability scans and tool configurations without requiring step-by-step supervision Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Peer knowledge sharing — contributes security tool tips and threat awareness updates to team discussions and internal wikis Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Security training facilitation — leads staff sessions on information security standards, policies, and best practices, setting clear expectations for compliance O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Incident response coordination — guides junior analysts through defined response and recovery procedures during active security events Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Security program ownership — drives the deployment and maintenance of enterprise security controls including firewalls and encryption systems, holding teams accountable to quality indicators O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Cross-team monitoring leadership — oversees the coordination of network and system monitoring operations, establishing shift responsibilities and escalation protocols O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Remediation initiative leadership — sponsors vulnerability remediation sprints, aligning IT and business unit owners to agreed timelines and risk reduction targets Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Security culture development — shapes organizational security culture by mentoring engineers, sponsoring capability-building programs, and modeling accountability in all security decisions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Strategic security roadmap leadership — leads the design and execution of multi-year security architecture strategies, influencing budget prioritization and executive risk tolerance Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
3Metacognition8 statements
Emerging
  1. Skill gap identification — recognizes personal knowledge limits in specific security domains such as cryptography or network forensics and seeks targeted learning resources Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Tool learning reflection — evaluates own proficiency with vulnerability scanning tools after each use and identifies specific areas for improvement Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Threat modeling self-assessment — reviews own analytical process after completing threat assessments to identify reasoning gaps or missed attack vectors Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Learning strategy adaptation — adjusts study approaches for new security certifications or frameworks based on past performance patterns and retention analysis Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Investigation process monitoring — tracks own decision-making during breach investigations, pausing to verify assumptions before concluding on root cause or attacker attribution Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Cognitive bias awareness — identifies and corrects confirmation bias in penetration test planning by deliberately seeking disconfirming evidence about assumed secure systems Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Analytical framework refinement — continuously evaluates and revises personal security analysis frameworks based on post-incident reviews, emerging threat intelligence, and peer critique Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Team metacognition coaching — facilitates structured after-action reviews that help security team members identify collective reasoning errors and improve group decision quality Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
4Critical Thinking9 statements
Emerging
  1. Vulnerability classification — applies established severity frameworks such as CVSS to categorize scan findings by risk level before escalating for review O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Log anomaly identification — distinguishes between routine network events and potential indicators of compromise using baseline comparison techniques O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Security control evaluation — assesses the effectiveness of existing controls against current threat landscapes using defined performance indicators and gap analysis O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Attack surface analysis — maps system entry points and evaluates the plausibility of exploitation paths based on asset exposure and known vulnerability combinations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Penetration test reasoning — designs and executes penetration test scenarios by logically chaining vulnerabilities to demonstrate realistic attacker impact on target systems O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Breach causality determination — conducts systematic root cause analysis of security breaches by evaluating evidence chains, ruling out alternative explanations, and identifying control failures Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Security investment prioritization — evaluates competing remediation options against risk reduction value, implementation cost, and operational impact to recommend defensible allocation decisions Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Threat intelligence synthesis — integrates multi-source threat intelligence with internal telemetry to reason about emerging attack campaigns before indicators are widely published Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Systems security evaluation — critiques enterprise security architecture at the system level, identifying interdependency risks and cascading failure modes invisible to component-level analysis O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
5Collaboration9 statements
Emerging
  1. Security team participation — contributes findings from assigned scans to shared tracking systems and attends team standups with prepared status updates Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Cross-functional information sharing — provides relevant vulnerability context to IT operations and application teams when jointly troubleshooting security alerts Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Incident response teamwork — coordinates roles and information flow with network engineers, system administrators, and legal teams during active incident response operations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Vendor security collaboration — works with third-party software vendors to clarify vulnerability details, validate patches, and confirm remediation effectiveness O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Red-blue team integration — collaborates across offensive and defensive security functions to design realistic threat simulations and translate findings into defensive improvements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security governance participation — contributes technical expertise to cross-functional security committees, reconciling differing risk perspectives between business units and security operations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Monitoring coordination — establishes shared monitoring responsibilities and escalation agreements with SOC analysts, network teams, and cloud operations across organizational boundaries O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Industry threat collaboration — builds and maintains working relationships with peer organizations, ISACs, and government agencies to share threat intelligence and coordinate sector-wide defenses Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Enterprise security coalition building — aligns security, legal, HR, and executive stakeholders around unified incident response and disclosure protocols through sustained collaborative leadership Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
6Character9 statements
Emerging
  1. Data handling integrity — manages access to sensitive system credentials and vulnerability data strictly within authorized boundaries and reports accidental exposure immediately Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Ethical tool use — applies penetration testing and scanning tools only within defined scope agreements and documented authorizations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Transparent incident reporting — documents and discloses security incidents accurately, including unflattering findings about previously approved controls, without minimizing organizational exposure Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Accountability in remediation — follows through on assigned vulnerability remediation commitments and proactively communicates delays rather than allowing untracked risk to persist Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Professional ethics in adversarial testing — upholds strict rules of engagement during penetration tests, halting activities and escalating when findings risk unintended harm to production systems Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Conflict-of-interest management — identifies and discloses potential conflicts when assessing security controls for systems personally implemented, ensuring independent review Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Confidential information stewardship — maintains strict confidentiality of breach investigation findings, vulnerability details, and organizational risk posture in all internal and external communications Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Security ethics leadership — establishes team norms and enforceable conduct standards for ethical security research, responsible disclosure, and lawful use of offensive security capabilities Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Organizational accountability modeling — demonstrates consistent personal accountability in high-stakes breach scenarios, owning security control failures transparently and driving systemic improvement without deflection Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
7Creativity9 statements
Emerging
  1. Novel attack path exploration — proposes unconventional access routes during vulnerability scanning exercises that fall outside standard automated tool detection patterns Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security control adaptation — suggests minor modifications to existing firewall rule sets or encryption configurations to address newly identified edge-case exposure scenarios O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Custom detection logic design — develops original SIEM correlation rules and alert logic to surface threat patterns not covered by vendor-provided detection content Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Social engineering scenario design — constructs realistic phishing and pretexting scenarios for security awareness exercises that reflect current attacker tradecraft O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Adversarial simulation innovation — designs penetration test campaigns using novel exploit chains and living-off-the-land techniques that challenge mature defensive controls Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security tool customization — engineers bespoke scripts and automation that extend commercial vulnerability assessment platforms to address organization-specific threat surfaces O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Incident response playbook invention — creates new response playbooks for emerging threat categories where no established industry guidance exists, drawing on first principles Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Zero-day research methodology — applies original security research methods to discover previously undocumented vulnerability classes in enterprise software and telecommunications infrastructure Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Security architecture reimagination — conceives and champions transformational security architecture designs that preemptively neutralize anticipated threat categories five or more years ahead of mainstream adoption Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
8Growth Mindset9 statements
Emerging
  1. Certification pursuit — enrolls in and completes foundational security certifications such as Security+ or CEH to build structured foundational knowledge outside daily task requirements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Failure analysis participation — engages openly in post-incident reviews, identifying personal knowledge gaps exposed during breach investigations without defensiveness Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Emerging threat learning — proactively studies newly published CVEs, threat actor TTPs, and industry breach reports to continuously update personal threat knowledge ahead of organizational briefings Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Feedback integration — incorporates critique from penetration test peer reviews and red team debriefs to refine personal methodology and close identified technique gaps Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Applying
  1. Advanced skill development — pursues mastery-level certifications and hands-on lab environments such as OSCP or GREM to deepen offensive and defensive security capabilities beyond role requirements Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Cross-domain knowledge building — deliberately acquires expertise in adjacent domains such as cloud architecture or industrial control systems to broaden the security engineering perspective Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  3. Setback reframing in incident response — treats failed containment attempts during breach response as diagnostic data, pivoting strategy rapidly rather than repeating ineffective approaches Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Learning ecosystem cultivation — sponsors internal capture-the-flag competitions, research labs, and peer learning communities that accelerate skill development across the entire security engineering function Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Field contribution — publishes original security research, contributes to open-source security tools, or presents at industry conferences to advance collective knowledge beyond organizational boundaries Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
9Mindfulness9 statements
Emerging
  1. Alert fatigue awareness — recognizes personal signs of monitoring desensitization during high-volume security alert periods and applies deliberate attention-restoration techniques before continuing triage Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Pre-task intentionality — reviews scope and authorization documents deliberately before initiating vulnerability scans to prevent inadvertent out-of-scope system access Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Developing
  1. Stress regulation during incidents — applies structured breathing or cognitive grounding techniques to maintain analytical clarity during high-pressure breach response operations Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Attention management in monitoring — uses deliberate focus scheduling to sustain effective network monitoring quality across extended shifts without performance degradation Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. High-stakes decision intentionality — pauses before executing irreversible remediation actions during live incident response to verify assumptions and confirm authorization, preventing containment-induced outages Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Team emotional climate awareness — monitors group stress levels during sustained security incidents and intervenes with structured breaks or role rotation to preserve team cognitive performance Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Reactive pattern interruption — identifies and disrupts habitual response patterns such as immediately blaming external actors before completing internal forensic evidence review Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Exceeding
  1. Crisis composure modeling — demonstrates sustained emotional regulation and clear judgment during prolonged enterprise-level breach events, providing a stabilizing influence for the entire security team Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Organizational mindfulness integration — embeds mindfulness-informed practices into security operations workflows, including structured pre-mortem reviews and attention-aware on-call rotation design Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
10Fortitude9 statements
Emerging
  1. Persistence in scan troubleshooting — continues working through failed vulnerability scan configurations and tool errors independently before escalating, building problem-solving tolerance Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Uncertainty tolerance in threat analysis — proceeds with structured analysis when log data is incomplete or ambiguous rather than waiting for perfect information before acting Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
Developing
  1. Sustained incident engagement — maintains analytical effectiveness and professional composure across extended breach investigation timelines spanning multiple days or weeks Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Resistance to pressure for premature closure — maintains investigative rigor under organizational pressure to declare incidents resolved before forensic evidence fully supports that conclusion Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Applying
  1. Advanced persistent threat endurance — sustains months-long defensive operations against sophisticated nation-state or criminal threat actors without losing analytical discipline or strategic focus Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
  2. Courageous risk communication — delivers unwelcome security findings and honest risk assessments to senior leadership or clients even when conclusions are organizationally inconvenient Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  3. Post-breach recovery leadership — maintains forward momentum and team morale through the difficult remediation and hardening phases following a major security compromise Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Exceeding
  1. Systemic adversity navigation — leads the security function through prolonged organizational crises such as regulatory investigations or coordinated multi-vector attack campaigns, sustaining strategic coherence under extreme pressure Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.
  2. Resilience culture building — institutionalizes organizational resilience by designing incident response programs, runbooks, and team structures that maintain security operations effectiveness through staff turnover, zero-day crises, and resource constraints Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab. O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Sources:Pathsmith Durable SkillsPathsmith Durable Skills Framework — America Succeeds + CompTIA. Opens in new tab.O*NET v30.2O*NET Resource Center — Occupational Information Network, v30.2 (Sept 2025). Opens in new tab.
Show O*NET source anchors56 anchors · skillscrosswalk.com

O*NET enrichment · skillscrosswalk.com

Suggest an O*NET correction

Source anchors that ground each statement

Related titles
AI Security Specialist (Artificial Intelligence Security Specialist) · Application Security Administrator (Application Security Admin) · Application Security Engineer · Automotive Security Engineer · BISO (Business Information Security Officer) · Cloud Engineer · Cloud Security Architect · Cloud Security Engineer · Communications Security Manager (COMSEC Manager) · Cyber Defense Incident Responder · Cyber Defense Infrastructure Support Specialist · Cybersecurity Architect
RAPIDS apprenticeships
O*NET skills
Reading ComprehensionCritical ThinkingActive ListeningMonitoringWritingSpeakingSystems EvaluationQuality Control AnalysisSystems AnalysisActive LearningComplex Problem SolvingJudgment and Decision MakingInstructingProgrammingOperations MonitoringSocial PerceptivenessCoordination
Knowledge domains
Computers and ElectronicsEngineering and TechnologyEnglish LanguageTelecommunicationsCustomer and Personal Service
Abilities
Oral ComprehensionOral ExpressionWritten ComprehensionSpeech RecognitionInformation OrderingDeductive ReasoningInductive ReasoningProblem SensitivityNear VisionWritten Expression
Work styles
Attention to DetailIntegrityCautiousnessDependabilityIntellectual CuriosityInnovation
Technology
Internet directory services softwareCloud-based management softwareData base user interface and query softwareExpert system softwareOperating system softwareRisk management data and analysis softwareProject management softwareContent workflow softwareSwitch or router softwareDevelopment environment software
Tasks · seed anchors for statements
  1. Identify security system weaknesses, using penetration tests.
  2. Coordinate monitoring of networks or systems for security breaches or intrusions.
  3. Assess the quality of security controls, using performance indicators.
  4. Train staff on, and oversee the use of, information security standards, policies, and best practices.
  5. Scan networks, using vulnerability assessment tools to identify vulnerabilities.
  6. Develop response and recovery strategies for security breaches.
  7. Conduct investigations of information security breaches to identify vulnerabilities and evaluate the damage.
  8. Develop or install software, such as firewalls and data encryption programs, to protect sensitive information.
CIP education codes
11.010111.030111.040111.070111.100526.110326.110430.080130.160130.300130.310140.051243.040351.2706

Sources: O*NET v30.2 (CC BY 4.0), SkillsCrosswalk.com, LER.me, Anthropic Economic Index, SAFI (Jadhav & Danve, 2026), WEF Skills Taxonomy 2021, Pathsmith Durable Skills Framework. © 2026 EBSCOed.