Source Level: IC2 Developing This role is Grade 6

I work with stakeholders, peers and my manager to deliver robust risk analyses, designs, or solutions to security problems identified by me or my team.

Scope
Area of ownership and level of autonomy / ambiguity 		Collaborative Reach
Organizational reach and extent of influence 		Competencies
Competencies developed to deliver results
  • I own identifying, testing, mitigating, and/or responding to security issues/incidents within the scope for my team and projects.
  • I effectively participate in the core processes of my team (planning, incident response, consultations, agile ceremonies, etc), including recommending and implementing improvements.
  • I work on small and defined security problems where the security solution might not be defined. I own the implementation.
  • I work primarily within the scope of my team I collaborate with peers and seek high level guidance from my manager/TL. I review small tools, processes, and software components.
  • I am increasingly mastering my craft and learning when to hone and apply some of a broad array of talents utilized by security engineers to solve a security problem.
  • I accomplish tasks. I can define requirements.
  • I may participate in mentorship activities.

🌟 Results

Responsibility Key Behaviors
Results
  • I work with my manager to prioritize work and direct my focus so my work advances team and organizational goals.
  • I prioritize the right things and don’t overcomplicate my work. When necessary, I propose appropriate scope adjustments.
  • I effectively participate in the core processes of my team, including recommending and implementing process improvements.
Ownership
  • I follow through on my commitments and take responsibility for my work.
  • I proactively identify and advocate for opportunities to improve the current state of projects and processes.
  • I learn from failures and document how to avoid them.
  • I think a step or two ahead in my work, solve the right problems before they become bigger problems, and problem-solve with my manager when I’m stuck.
Decision Making
  • I Identify and gather input from others and consider Roivant’s business needs to make informed and timely decisions.

↔️ Direction

Responsibility Key behaviors
Agility
  • I’m open to change and enthusiastic about new initiatives
  • I work with my manager to navigate complex and ambiguous situations.
Innovation
  • I ask questions and contribute to new ideas/approaches
  • I experiment with new approaches and document what I learned.

🌱 Talent

Responsibility Key Behaviors
Personal growth
  • I proactively ask for feedback from those I work with and identify ways to act upon it
  • I have self-awareness about my strengths and areas for development
  • I drive discussions with my manager about aspirational goals and seek out opportunities to learn and grow
Hiring
  • I contribute to interviewing and assessing candidates to help us build a diverse and talented team.
  • I am able to represent my team’s initiatives and goals to candidates in a compelling way
Talent Development
  • I model integrity and a high standard of excellence for my work.
  • I help the more junior members of my team.
  • I offer honest feedback that is ASK, and delivered with empathy to help others learn and grow.

🌈 Values

Responsibility Key Behaviors
Collaboration
  • I effectively collaborate to get work done.
  • I work with my manager to manage conflict with empathy and cooperation in mind.
Diversity & Inclusion
  • I contribute to a positive sense of community on the team (e.g. engage in team lunches, team offsites, and other group activities, help with new-hire on-boarding).
  • I listen to different perspectives and I remove biases from my words and actions
  • I demonstrate Roivant IT Values on a regular basis
Transparency
  • I write and speak clearly
  • I listen to understand others and ask clarifying questions
  • I document information on my projects which can be shared with my manager, team and organization.

🛠️ Craft

I am an synchronous and asynchronous contributor. I create and execute security controls, defenses, and countermeasures to detect and mitigate internal and/or external attacks, seeking guidance from my team and lead. My solutions help mitigate attempts to infiltrate company systems (e.g., services, products, components, email, data, commerce, among others) to protect sensitive data and trust. I help mitigate attacks that could potentially compromise large systems, company trust, or sensitive data. I deliver consistently high-quality work.

Responsibility Key Behaviors
Security Execution
  • My work demonstrates basic competence as a security practitioner - I apply basic principles such as least privilege and defense in depth appropriately to a set of problems within my team and projects.
  • I assess the security of systems through code reviews, penetration tests, intuitive reasoning (with or without the application of a security framework), or manual testing (using ethical hacking tools or custom-written tools where they don’t yet exist.
  • If applicable to my role, I develop, test, review, debug, and/or deploy code to enforce security requirements, detect badness to meet security objectives.
  • I deploy, manage, monitor, and/or provide sustainable operational support for technology that my team relies on to enforce security requirements, detect badness to meet security objectives.
  • I understand the designs and technology choices within my focus area and make technically-sound adjustments based on feedback, changes in the environment, and/or evolving threats.
  • I help resolve security issues, respond to incidents, and eliminate or mitigate vulnerabilities as they arise.
  • I provide clearly articulated and reasoned security guidance in areas I know well, both inside and outside of the security team.
Technology Fluency
  • I am familiar with relevant external and Roivant-specific technologies within my domain, and am working to develop a deeper understanding.
  • I seek to learn the business context and technologies behind my team’s security services.
Threat Fluency
  • I understand attackers and their tools, techniques, and goals. I am able to learn from historical examples.
  • I understand how defenses address and mitigate common vulnerabilities made use of by malicious code, and how attackers bypass or negate common defensive techniques.
  • I have an understanding of strengths and weaknesses of the tools at my disposal to diffuse the impact and disrupt or detect attackers taking advantage of potential systems’ vulnerabilities.