UNPKG

@sparring/tech-roles-library

Version:

Comprehensive tech roles and competencies library for 78 technical roles with 9 career levels each. Includes detailed competencies and career progression paths with complete bilingual support (EN/ES).

github.com/686f6c61/npm-tech-roles-library

686f6c61/npm-tech-roles-library

259 lines (258 loc) 8.03 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
{ "role": "Penetration Tester", "category": "Security", "levels": { "PT-L1": { "level": "L1 - Pentest Trainee", "levelNumber": 1, "yearsRange": { "min": 0, "max": 1 }, "coreCompetencies": [ "Basic knowledge of ethical hacking", "Elementary understanding of vulnerabilities", "Ability to use basic tools", "Basic knowledge of reconnaissance", "Capability to exploit simple vulnerabilities with guidance", "Understanding of reporting", "Documentation of findings", "Elementary knowledge of remediation" ], "complementaryCompetencies": [ "Familiarity with Kali Linux", "Basic knowledge of Metasploit", "Elementary understanding of scripting" ], "indicators": [ "Requires constant supervision", "Executes basic tests", "Is learning pentesting" ] }, "PT-L2": { "level": "L2 - Junior Penetration Tester", "levelNumber": 2, "yearsRange": { "min": 1, "max": 2 }, "coreCompetencies": [ "Ability to execute complete pentests", "Implementation of advanced reconnaissance", "Practical knowledge of exploitation", "Ability for privilege escalation", "Understanding of post-exploitation", "Capability to report findings", "Knowledge of OWASP testing", "Ability for network pentesting" ], "complementaryCompetencies": [ "Knowledge of frameworks (PTES, OSSTMM)", "Ability for scripting", "Understanding of wireless security" ], "indicators": [ "Executes pentests with supervision", "Identifies critical vulnerabilities", "Writes technical reports" ] }, "PT-L3": { "level": "L3 - Penetration Tester", "levelNumber": 3, "yearsRange": { "min": 2, "max": 3 }, "coreCompetencies": [ "Design of pentesting methodologies", "Implementation of advanced exploitation", "Mastery of red team operations", "Adversary simulation capability", "Ability for custom exploit development", "Deep knowledge of evasion techniques", "Implementation of social engineering", "Executive reporting capability" ], "complementaryCompetencies": [ "Knowledge of malware analysis", "Ability for tool development", "Understanding of threat intelligence" ], "indicators": [ "Leads complex pentests", "Develops custom exploits", "Mentors junior pentesters" ] }, "PT-L4": { "level": "L4 - Senior Penetration Tester", "levelNumber": 4, "yearsRange": { "min": 3, "max": 5 }, "coreCompetencies": [ "Architecture of pentesting programs", "Design of red team strategy", "Implementation of purple teaming", "Mastery of advanced persistent threats", "Full scope pentesting capability", "Deep knowledge of CVE research", "Ability for zero-day exploitation", "Leadership in security assessments" ], "complementaryCompetencies": [ "Experience in bug bounties", "Knowledge of vulnerability research", "Implementation of automation" ], "indicators": [ "Defines pentesting strategy", "Leads red team", "Is a reference in ethical hacking" ] }, "PT-L5": { "level": "L5 - Lead Penetration Tester", "levelNumber": 5, "yearsRange": { "min": 5, "max": 7 }, "coreCompetencies": [ "Technical leadership in offensive security", "Design of red team operations", "Management of pentest teams", "Definition of testing methodologies", "Campaign planning capability", "Implementation of purple team exercises", "Mastery of threat emulation", "Evangelization of security awareness" ], "complementaryCompetencies": [ "Experience in APT simulation", "Knowledge of threat actors", "Management of tools budget" ], "indicators": [ "Manages red team", "Defines offensive security vision", "Represents pentesting to executives" ] }, "PT-L6": { "level": "L6 - Principal Offensive Security Architect", "levelNumber": 6, "yearsRange": { "min": 7, "max": 10 }, "coreCompetencies": [ "Direction of offensive security strategy", "Management of red team operations at scale", "Definition of adversary emulation programs", "Leadership in security validation", "Management of bug bounty programs", "Implementation of continuous pentesting", "Innovation in attack techniques", "Management of security research" ], "complementaryCompetencies": [ "Experience in APT attribution", "Knowledge of security R&D", "Leadership in security community" ], "indicators": [ "Directs offensive security department", "Participates in strategy", "Defines pentesting investments" ] }, "PT-L7": { "level": "L7 - Director Offensive Security", "levelNumber": 7, "yearsRange": { "min": 10, "max": 12 }, "coreCompetencies": [ "Executive leadership in offensive security", "Design of global red team strategies", "Security validation transformation", "Management at Fortune 500 scale", "Creation of adversary-focused culture", "Definition of offensive roadmap", "Evangelization at board level", "Influence in security testing" ], "complementaryCompetencies": [ "Management of offensive budgets", "Experience in security unicorns", "Leadership in hacking community" ], "indicators": [ "Reports to CISO", "Manages red team organization (15+ people)", "Defines offensive strategy" ] }, "PT-L8": { "level": "L8 - VP Offensive Security", "levelNumber": 8, "yearsRange": { "min": 12, "max": 15 }, "coreCompetencies": [ "Strategic vision of offensive security", "Leadership in security validation", "Creation of threat-informed defense", "Management of offensive ecosystems", "Innovation in attack techniques", "Definition of next-gen red teaming", "Evangelization of assume breach", "Influence in security policies" ], "complementaryCompetencies": [ "Experience in security giants", "Advisory in offensive startups", "Thought leadership in pentesting" ], "indicators": [ "Is part of executive committee", "Defines offensive strategy", "Is recognized leader" ] }, "PT-L9": { "level": "L9 - Chief Offensive Security Officer", "levelNumber": 9, "yearsRange": { "min": 15, "max": null }, "coreCompetencies": [ "Visionary leadership in offensive security", "Transformation of security testing", "Creation of red teaming paradigms", "Definition of adversary-centric security", "Innovation in exploitation", "Evangelization of continuous validation", "Architect of offensive programs", "Influence in security standards" ], "complementaryCompetencies": [ "Experience transforming security validation", "Recognition as offensive leader", "Influence in hacking culture" ], "indicators": [ "Is Chief Offensive Security Officer", "Defines future of pentesting", "Is world authority" ] } } }