UNPKG

@sparring/tech-roles-library

Version:

Comprehensive tech roles and competencies library for 78 technical roles with 9 career levels each. Includes detailed competencies and career progression paths with complete bilingual support (EN/ES).

github.com/686f6c61/npm-tech-roles-library

686f6c61/npm-tech-roles-library

259 lines (258 loc) 8.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
{ "role": "Application Security Engineer", "category": "Security", "levels": { "ASEC-L1": { "level": "L1 - AppSec Trainee", "levelNumber": 1, "yearsRange": { "min": 0, "max": 1 }, "coreCompetencies": [ "Basic knowledge of application security", "Elementary understanding of OWASP Top 10", "Ability to execute basic security scans", "Basic knowledge of common vulnerabilities (XSS, SQL Injection)", "Ability to review code with supervision", "Understanding of basic authentication and authorization", "Documentation of security findings", "Elementary knowledge of security testing" ], "complementaryCompetencies": [ "Familiarity with basic Burp Suite", "Basic knowledge of SAST/DAST tools", "Elementary understanding of secure coding" ], "indicators": [ "Requires constant supervision", "Identifies basic vulnerabilities", "Is learning application security" ] }, "ASEC-L2": { "level": "L2 - Junior AppSec Engineer", "levelNumber": 2, "yearsRange": { "min": 1, "max": 2 }, "coreCompetencies": [ "Ability to perform code security reviews", "Implementation of basic security controls", "Practical knowledge of threat modeling", "Ability to configure WAF rules", "Understanding of basic cryptography", "Ability to execute basic penetration testing", "Knowledge of secure SDLC", "Ability to provide remediation guidance" ], "complementaryCompetencies": [ "Knowledge of security frameworks", "Ability to implement security automation", "Understanding of container security" ], "indicators": [ "Performs assessments with supervision", "Implements security fixes", "Contributes to secure coding guidelines" ] }, "ASEC-L3": { "level": "L3 - AppSec Engineer", "levelNumber": 3, "yearsRange": { "min": 2, "max": 3 }, "coreCompetencies": [ "Design of security controls in applications", "Implementation of security testing automation", "Mastery of penetration testing", "Ability to perform complete threat modeling", "Ability to perform security architecture review", "Deep knowledge of authentication protocols", "Implementation of secrets management", "Ability to provide security training" ], "complementaryCompetencies": [ "Knowledge of API security", "Ability to secure mobile applications", "Understanding of cloud security" ], "indicators": [ "Leads security assessments", "Designs secure solutions", "Mentors on security practices" ] }, "ASEC-L4": { "level": "L4 - Senior AppSec Engineer", "levelNumber": 4, "yearsRange": { "min": 3, "max": 5 }, "coreCompetencies": [ "Architecture of application security programs", "Design of security testing strategy", "Implementation of security champions program", "Mastery of advanced exploitation techniques", "Ability to design secure architecture", "Deep knowledge of zero-trust models", "Ability to manage bug bounty programs", "Leadership in security remediation" ], "complementaryCompetencies": [ "Experience in compliance (SOC2, ISO27001)", "Knowledge of DevSecOps", "Implementation of security metrics" ], "indicators": [ "Defines AppSec strategy", "Leads security initiatives", "Is a reference in application security" ] }, "ASEC-L5": { "level": "L5 - Lead AppSec Engineer", "levelNumber": 5, "yearsRange": { "min": 5, "max": 7 }, "coreCompetencies": [ "Technical leadership in application security", "Design of enterprise security programs", "Management of security teams", "Definition of security standards", "Ability to perform risk assessment", "Implementation of security automation platforms", "Mastery of vendor security assessment", "Evangelization of security culture" ], "complementaryCompetencies": [ "Experience in regulatory compliance", "Knowledge of security partnerships", "Management of security tools budget" ], "indicators": [ "Manages AppSec team", "Defines security vision", "Represents security to executives" ] }, "ASEC-L6": { "level": "L6 - Principal AppSec Architect", "levelNumber": 6, "yearsRange": { "min": 7, "max": 10 }, "coreCompetencies": [ "Direction of corporate security strategy", "Management of security programs at scale", "Definition of security architecture", "Leadership in security transformation", "Management of major security incidents", "Implementation of security governance", "Innovation in security technologies", "Management of security compliance" ], "complementaryCompetencies": [ "Experience in security M&A", "Knowledge of security investment", "Leadership in security industry" ], "indicators": [ "Directs AppSec department", "Participates in executive strategy", "Defines security investments" ] }, "ASEC-L7": { "level": "L7 - Director Application Security", "levelNumber": 7, "yearsRange": { "min": 10, "max": 12 }, "coreCompetencies": [ "Executive leadership in application security", "Design of global security strategies", "Organizational transformation via security", "Management of security at Fortune 500 scale", "Creation of security culture", "Definition of security roadmap", "Evangelization of security at board level", "Influence on security standards" ], "complementaryCompetencies": [ "Management of security budgets", "Experience in security IPO readiness", "Leadership in security consortiums" ], "indicators": [ "Reports to CISO/CTO", "Manages security organization (20+ people)", "Defines corporate security strategy" ] }, "ASEC-L8": { "level": "L8 - VP Application Security", "levelNumber": 8, "yearsRange": { "min": 12, "max": 15 }, "coreCompetencies": [ "Strategic vision of enterprise security", "Leadership in security transformation", "Creation of security competitive advantage", "Management of security ecosystems", "Disruptive innovation in security", "Definition of next-gen security paradigms", "Evangelization of zero-trust", "Influence on security policies" ], "complementaryCompetencies": [ "Experience as CISO in scale-ups", "Advisory in security startups", "Thought leadership in AppSec" ], "indicators": [ "Is part of the executive committee", "Defines security strategy", "Is a recognized leader in AppSec" ] }, "ASEC-L9": { "level": "L9 - CISO / Chief Security Officer", "levelNumber": 9, "yearsRange": { "min": 15, "max": null }, "coreCompetencies": [ "Visionary leadership in corporate security", "Transformation of security culture", "Creation of security paradigms", "Definition of security-first organizations", "Innovation in security governance", "Evangelization of security consciousness", "Architect of security ecosystems", "Influence on security regulation" ], "complementaryCompetencies": [ "Experience transforming security in Fortune 500", "Recognition as a security leader", "Influence on security standards" ], "indicators": [ "Is CISO or Chief Security Officer", "Defines the future of security", "Is a world authority in security" ] } } }