Associate Edge Security Engineer

Role Purpose & Context

Role Summary

The Associate Edge Security Engineer is here to support the team by executing routine security tasks and learning the ins and outs of our edge defence systems. You'll be helping to keep our online services available and secure, which directly impacts customer trust and our ability to do business. This role sits right at the intersection of network operations and cybersecurity, translating security policies into actual configurations that protect our users. When you do this well, our systems stay online, customers are happy, and we avoid costly outages. When it's not done properly, we could face downtime or even data breaches, which is a nightmare scenario. The challenge, honestly, is the sheer volume of new information you'll need to absorb and how quickly things can change in the security world. The reward, though, is seeing your work directly contribute to keeping millions of users safe and learning from some really smart people.

Reporting Structure

• Reports to: Edge Security Engineer
• Direct reports:
• Matrix relationships: Junior Edge Security Engineer, Security Operations Analyst (Edge), Network Security Support Engineer,

Key Stakeholders

Internal:

• Senior Edge Security Engineers
• Network Operations Team
• Application Development Teams
• Incident Response Team

External:

• CDN/WAF Vendor Support
• DDoS Mitigation Service Providers

Organisational Impact

Scope: This role directly supports the operational stability and security posture of our public-facing applications and services. Getting it right means our customers can always access what they need, securely. Getting it wrong could lead to service disruptions, reputational damage, and potentially significant financial losses. You're essentially helping to guard the gateway to our business, making sure it's always open for legitimate users but locked down tight against threats.

Performance Metrics

Quantitative Metrics

1. Metric: Alert Response Time
2. Desc: How quickly you acknowledge and begin investigating security alerts from our edge systems.
3. Target: Acknowledge 95% of P3/P4 alerts within 15 minutes
4. Freq: Weekly
5. Example: You get an alert about unusual traffic on the WAF. You pick it up and start looking into it within 10 minutes, logging your initial findings.
6. Metric: Configuration Accuracy
7. Desc: The percentage of routine configuration changes (e.g., WAF rule updates, cache invalidations) that are completed without errors or requiring rework.
8. Target: 98% error-free configuration changes
9. Freq: Monthly
10. Example: You're asked to update a WAF rule to block a specific IP range. You do it correctly the first time, and it works as intended without blocking legitimate traffic.
11. Metric: Documentation Contribution
12. Desc: The number of new or updated internal knowledge base articles, runbooks, or procedure documents you contribute to.
13. Target: Contribute to 2 new or updated documents per month
14. Freq: Monthly
15. Example: After troubleshooting a common WAF issue, you write a clear, step-by-step guide for other team members to follow next time.
16. Metric: SLA Adherence for Routine Tasks
17. Desc: The percentage of assigned routine tasks (e.g., report generation, basic troubleshooting tickets) completed within their agreed service level agreements.
18. Target: 90% of routine tasks completed within SLA
19. Freq: Monthly
20. Example: A request comes in to pull a weekly traffic report from the CDN. You get it done and sent out by the deadline, every week.

Qualitative Metrics

1. Metric: Proactive Learning & Curiosity
2. Desc: Your initiative in seeking out knowledge, asking questions, and understanding the 'why' behind tasks, not just the 'how'.
3. Evidence: You're asking senior engineers 'why' we use a certain WAF rule, not just 'how' to apply it. You're reading up on new threats or technologies in your own time. You're bringing questions to stand-ups that show you've thought about a problem.
4. Metric: Team Collaboration & Communication
5. Desc: How well you work with others, share information, and communicate clearly, especially when escalating issues.
6. Evidence: You provide clear, concise updates on your tasks. When you escalate an issue, you've already gathered the necessary context and data. You offer to help other team members when your plate isn't full. You're easy to work with, honestly.
7. Metric: Adherence to Security Best Practices
8. Desc: Your commitment to following established security procedures and principles, even on routine tasks.
9. Evidence: You always use the correct change management process, even for small changes. You question anything that seems 'off' or potentially insecure. You ensure all configurations are peer-reviewed before deployment. You don't cut corners.

Primary Traits

• Trait: Forensic Problem-Solver (in training)
• Manifestation: You're the kind of person who, when something breaks, doesn't just panic. Instead, you start asking 'what changed?' and 'where can I find the logs?'. You might not always find the answer yet, but you're learning to methodically trace an issue, looking at WAF logs, CDN metrics, and network traces. You're building the habit of ruling things out one by one, rather than just guessing.
• Benefit: Edge issues are rarely simple. An 'intermittent latency' report could be anything from a bad WAF rule to a misconfigured CDN cache. We need people who, even at this level, are developing the muscle to dig deep and find the real problem, not just treat the symptoms. It prevents bigger headaches down the line.
• Trait: Extreme Precision (especially under supervision)
• Manifestation: You take your time with configuration changes, double-checking every IP address, every regex pattern, and every setting before you even think about applying it. You know that a single misplaced character can cause a massive outage, so you're meticulous. You're happy to get your work peer-reviewed, knowing it's an extra layer of safety.
• Benefit: A tiny mistake in an edge security configuration can have enormous, immediate consequences—think blocking all users or exposing sensitive data. At this level, we need you to be incredibly careful and understand the gravity of even small changes. This precision builds trust and prevents catastrophic errors.
• Trait: Calm Under Pressure (learning to be)
• Manifestation: When an alert fires or an incident bridge call starts, you might feel a bit of adrenaline, but you try to stay focused. You listen carefully to instructions, you execute tasks without rushing, and you communicate clearly about what you're doing. You're learning to ignore the noise and focus on the task at hand, even when things feel chaotic.
• Benefit: The edge is the company's front line. When we're under attack or experiencing an outage, emotions can run high. We need people who can learn to keep their cool, follow the playbook, and not make rash decisions that could make a bad situation worse. It's a critical skill you'll develop here.

Supporting Traits

• Trait: Healthy Skepticism
• Desc: You don't just take things at face value. You'll ask 'How do we know this is actually malicious?' before blocking something, or 'Are we sure this is the best way to do it?' You're learning to question assumptions, which is vital in security.
• Trait: Collaborative
• Desc: You understand you're part of a bigger team. You're happy to help out, share what you've learned, and work with others to get things done. You're not a lone wolf; you recognise that security is a team sport.
• Trait: Process-Minded
• Desc: You appreciate why we have playbooks, checklists, and peer reviews. You see the value in repeatable processes that ensure quality and safety, rather than just winging it. You're keen to learn and follow the established ways of working.

Primary Motivators

1. Motivator: Learning and Skill Development
2. Daily: You'll be constantly exposed to new technologies, attack vectors, and mitigation techniques. Every day is a school day, honestly. You'll be asking questions, reading documentation, and getting hands-on experience with complex systems.
3. Motivator: Direct Impact on Security
4. Daily: Your work, even at this level, directly contributes to protecting our users and systems. You'll see the immediate results of blocking a malicious bot or fixing a configuration that could have caused an outage.
5. Motivator: Solving Technical Puzzles
6. Daily: Every alert is a mini-mystery to solve. You'll be given problems like 'why is this specific API endpoint suddenly slow for users in Europe?' and you'll get to use your investigative skills to find the answer (with guidance, of course).

Potential Demotivators

Honestly, this role isn't for you if you need constant, high-level strategic input or if you get frustrated by repetitive tasks. You'll be doing a lot of the grunt work—the initial triage, the basic configuration changes, the documentation updates. You'll often be following instructions rather than setting the direction. If you need to see every single piece of your work lead to a major architectural change or if you hate documentation, you might struggle here.

Common Frustrations

1. Being blamed for issues that aren't related to your systems (the 'blame deflector' effect), forcing you to prove your innocence.
2. Dealing with 'surprise' deployments from development teams that haven't followed the proper security review process, leading to blocked traffic.
3. The constant battle against false positives – tightening security often means you risk blocking legitimate users, which is a tricky balance.
4. Getting woken up at 3 AM for a 'massive traffic spike' that turns out to be a legitimate, but unannounced, marketing campaign.
5. Explaining basic technical concepts (like what a regex is) to non-technical people who just want their specific request unblocked.

What Role Doesn't Offer

1. Significant autonomy in decision-making or strategy setting—you'll be guided closely.
2. A quiet, predictable work environment—expect urgent requests and incident response.
3. The chance to build entirely new systems from scratch—you'll be maintaining and improving existing ones.
4. A role where you can avoid detailed documentation—it's essential for everyone.

ADHD Positives

1. The fast-paced nature of incident response and troubleshooting can be engaging and stimulating, offering varied tasks.
2. The need for quick problem-solving and immediate action during security events can align well with hyperfocus.
3. Exposure to a wide range of technologies and attack types keeps things from getting monotonous, appealing to novelty-seeking.

ADHD Challenges and Accommodations

1. The detail-oriented nature of WAF rule tuning and configuration can be challenging; using checklists and peer reviews is crucial.
2. Maintaining focus during long periods of log analysis might be difficult; breaking tasks into smaller chunks and using visual tools helps.
3. Organisational demands for documentation and process adherence can be tricky; clear templates and regular check-ins with a mentor can provide structure.

Dyslexia Positives

1. Strong spatial reasoning skills, often found in individuals with dyslexia, can be excellent for visualising network topologies and traffic flows.
2. Hands-on, practical problem-solving, rather than heavy text-based analysis, can be a natural strength.
3. The ability to see the 'big picture' and make connections between disparate pieces of information is valuable in security investigations.

Dyslexia Challenges and Accommodations

1. Reading and writing detailed documentation, incident reports, and complex WAF rules (which often use regex) can be demanding; screen readers, text-to-speech tools, and grammar checkers are helpful.
2. Distinguishing between similar-looking commands or log entries might require extra care; using colour-coding or syntax highlighting in tools can assist.
3. Proofreading your own configurations or reports is vital; always use peer review as a standard practice.

Autism Positives

1. The logical, systematic nature of security engineering, particularly in troubleshooting and rule creation, can be a great fit.
2. A preference for clear, unambiguous processes and technical facts aligns well with security best practices and incident response playbooks.
3. The ability to focus intensely on specific technical details, like log patterns or network packets, is a significant asset for forensic analysis.

Autism Challenges and Accommodations

1. Navigating ambiguous or rapidly changing requirements during incidents can be stressful; clear communication of expectations and defined roles are important.
2. Social dynamics in incident bridge calls or cross-functional meetings might be challenging; providing agendas beforehand and encouraging text-based communication where possible can help.
3. Sensory overload from multiple alerts, flashing dashboards, or noisy open-plan offices might occur; quiet focus areas or noise-cancelling headphones can be beneficial.

Key Responsibilities

Experience Levels Responsibilities

1. Level: Entry Level (0-2 years)
2. Responsibilities: Under the guidance of a senior engineer, help respond to and triage security alerts from our WAF, CDN, and DDoS mitigation platforms. This means checking logs and trying to understand what's happening.
3. Assist with routine configuration changes on edge security platforms. Think things like updating allowed IP lists or tweaking caching rules—you'll be told exactly what to do and how.
4. Monitor the health and performance of our edge security services, using pre-built dashboards. If something looks off, you'll flag it to the team.
5. Help maintain and update our internal documentation, runbooks, and playbooks. Yes, it's boring, but it's essential for everyone to know what to do.
6. Support the team during security incidents by gathering data, running pre-defined commands, and communicating status updates, usually under direct supervision.
7. Learn and apply our change management processes for all edge security configurations. No cowboy changes here, everything needs a proper paper trail.
8. Run basic queries in our SIEM (like Splunk or Elastic) to investigate alerts and pull reports, following existing templates.
9. Supervision: You'll have daily check-ins with your direct manager or a designated senior engineer. For most tasks, especially anything touching production, your work will be reviewed before it goes live. Think of it as paired work until you're confident enough to do routine tasks independently.
10. Decision: Honestly, you won't be making independent decisions that impact production systems. Any technical decision, even a small one, needs to be reviewed and approved by a senior engineer. You'll escalate anything beyond routine troubleshooting to your supervisor immediately. Your job is to learn the ropes and execute precisely.
11. Success: You're successful when you can reliably execute routine tasks with minimal errors, show a strong eagerness to learn, and contribute positively to incident response efforts by providing accurate, timely information. Basically, you're becoming a reliable pair of hands.

Decision-Making Authority

• Type: WAF Rule Changes (Production)
• Entry: No independent authority. Propose changes to a senior engineer for review and approval. Execute only after explicit sign-off and under supervision.
• Mid: Execute routine, pre-approved WAF rule changes (e.g., blocking known malicious IPs) independently within defined playbooks. Escalate anything novel or high-impact for review.
• Senior: Design and implement complex WAF rule sets for new applications or emerging threats. Approve routine changes. Consult with Lead/Staff Engineer on strategic policy shifts.
• Type: Incident Response Actions (Production)
• Entry: Follow explicit instructions from the incident commander. Gather data, run diagnostic commands, and provide status updates. Do not take mitigation actions without direct approval.
• Mid: Execute pre-defined mitigation playbooks for known incident types (e.g., declaring a DDoS mitigation). Escalate novel or high-severity incidents to senior engineers.
• Senior: Lead incident response for critical edge security events. Make real-time technical decisions on mitigation strategies. Coordinate with other teams.
• Type: Tool Selection/Evaluation
• Entry: No authority. You might be asked to research basic features of a tool, but not evaluate or recommend.
• Mid: Participate in tool evaluations, providing feedback on usability and functionality for day-to-day tasks. May recommend specific features.
• Senior: Lead the technical evaluation of new edge security tools. Make recommendations based on technical fit, cost, and team capabilities. Influence vendor selection.
• Type: Budget Allocation
• Entry: No authority. You'll be using existing tools and resources.
• Mid: No direct budget authority. May provide input on operational costs related to specific tools or services.
• Senior: Manage project budgets up to £5K. Provide input on larger departmental budget planning, especially for new initiatives or tool upgrades.

Competency Requirements

Foundation Skills (Transferable)

These are the bedrock skills you'll need to start with, the basic stuff that lets you even begin to understand what's going on. We're not expecting you to be an expert, but a solid grasp of these fundamentals is key.

• Category: Communication & Collaboration
• Skills: Clear and concise written communication (e.g., incident updates, documentation)
• Active listening and asking clarifying questions
• Working effectively within a team, sharing information
• Basic presentation skills (e.g., explaining findings to peers)
• Category: Problem Solving & Analysis
• Skills: Logical troubleshooting steps (e.g., isolating variables)
• Basic data interpretation (e.g., reading logs, simple metrics)
• Attention to detail in configurations and data entry
• Ability to follow complex instructions accurately
• Category: Adaptability & Learning
• Skills: Eagerness to learn new technologies and concepts quickly
• Openness to feedback and coaching
• Ability to adapt to changing priorities (within reason for an L1)
• Resourcefulness in finding information (e.g., using documentation, asking questions)

Functional Skills (Role-Specific Technical)

These are the more technical skills specific to edge security. You'll be learning and applying these daily, so a basic understanding is important, but we'll teach you the specifics.

Technical Competencies

• Skill: Zero Trust Network Access (ZTNA) Concepts
• Desc: Understanding the basic idea behind 'never trust, always verify' and how it differs from traditional VPNs. You don't need to architect it, but know why we're moving this way.
• Level: Basic
• Skill: DDoS Mitigation Fundamentals
• Desc: Recognising different types of DDoS attacks (volumetric, application layer) and understanding the basic principles of how we stop them, like rate limiting or traffic scrubbing.
• Level: Basic
• Skill: WAF Rule Interpretation
• Desc: Being able to read and understand existing WAF rules, and identify what they're designed to block. You'll learn to spot false positives.
• Level: Intermediate
• Skill: API Security Basics (OWASP API Top 10)
• Desc: A general awareness of common API vulnerabilities, like broken authentication or excessive data exposure, and why they're important at the edge.
• Level: Basic
• Skill: Threat Modeling (Basic)
• Desc: Understanding the concept of thinking like an attacker to identify potential weaknesses in a system, even if it's just for a small component.
• Level: Basic

Digital Tools

• Tool: WAF/CDN Platforms (e.g., Cloudflare, Akamai, Fastly, AWS WAF)
• Level: Intermediate
• Usage: You'll be using the admin portals to investigate blocked requests, monitor traffic, and apply pre-defined rule changes under supervision. Think of it as learning to navigate the dashboard.
• Tool: SASE/SSE Platforms (e.g., Zscaler, Netskope, Palo Alto Prisma Access)
• Level: Basic
• Usage: You'll be checking user policies, troubleshooting basic client connector issues, and pulling standard reports for security incidents. It's about getting familiar with the interface.
• Tool: DDoS Mitigation Services (e.g., Arbor Networks, Radware, Akamai Prolexic)
• Level: Intermediate
• Usage: During an attack, you'll monitor traffic in the scrubbing centre portal, help declare mitigations, and assist with initial incident reports, following established procedures.
• Tool: Infrastructure as Code (IaC) (e.g., Terraform, Ansible)
• Level: Intermediate
• Usage: You'll read and modify existing Terraform or Ansible code to update WAF rules or CDN settings. You'll learn to run `terraform plan` and apply changes in non-production environments.
• Tool: Observability/SIEM (e.g., Splunk, Datadog, Elastic Stack)
• Level: Intermediate
• Usage: You'll use pre-built dashboards to monitor edge health, run basic queries (SPL/KQL) to investigate alerts, and pull specific data requested by senior engineers.

Industry Knowledge

• Area: Networking Fundamentals (TCP/IP, DNS, HTTP/S)
• Desc: A solid grasp of how the internet works, how traffic flows, and the basics of common network protocols. This is foundational for understanding edge security.
• Area: Basic Cybersecurity Principles
• Desc: Understanding concepts like confidentiality, integrity, availability (CIA triad), common attack vectors, and the importance of patching and least privilege.
• Area: Cloud Computing Basics (AWS, Azure, GCP)
• Desc: Familiarity with core cloud concepts and services, especially how applications are deployed and accessed in a cloud environment, as much of our edge is cloud-based.

Regulatory Compliance Regulations

• Reg: GDPR (General Data Protection Regulation)
• Usage: Understand the basic principles of protecting personal data and how edge security controls (like WAFs blocking data exfiltration) contribute to compliance. You won't be a compliance expert, but you'll know why it matters.
• Reg: PCI DSS (Payment Card Industry Data Security Standard)
• Usage: If we handle payment data, you'll need to understand that edge security plays a role in protecting cardholder data environments, even if you're not directly implementing PCI controls.

Essential Prerequisites

• A foundational understanding of networking (TCP/IP, DNS, HTTP/S) – you should know how a website loads, for instance.
• Some exposure to a scripting language (e.g., Python, Bash) or Infrastructure as Code (e.g., Terraform) – enough to read and understand basic code.
• Experience with Linux command line – you should be comfortable navigating directories and running basic commands.
• A genuine curiosity about cybersecurity and a desire to learn how to protect systems.
• The ability to clearly communicate technical issues, even if it's just describing a problem to a senior engineer.

Career Pathway Context

These aren't just checkboxes; they're the building blocks we expect you to have before you walk through the door. If you've got these, you'll be able to hit the ground running with the specific training we'll provide. Think of it as the minimum viable skillset to start your journey in edge security. We're looking for potential, not perfection, at this stage.

Qualifications & Credentials

Emerging Foundation Skills

• Skill: Prompt Engineering for Security Operations
• Why: AI assistants are already here, helping engineers triage alerts, summarise threat intelligence, and even draft initial WAF rules. Knowing how to 'talk' to these AIs effectively will make you much more productive.
• Concepts: [{'concept_name': 'Clear and concise prompting for specific security tasks', 'description': 'Learning to ask an AI assistant the right questions to get useful security insights, rather than generic answers.'}, {'concept_name': 'Context windows and token limits', 'description': 'Understanding how much information an AI can process at once and how to provide relevant context for security queries.'}, {'concept_name': 'Output validation and hallucination detection', 'description': "Crucially, knowing how to verify that the AI's suggestions or summaries are accurate and not just making things up."}, {'concept_name': 'Using AI for log analysis and anomaly detection', 'description': 'Leveraging AI to quickly sift through vast amounts of log data to spot unusual patterns or potential threats.'}]
• Prepare: This week: Start using tools like ChatGPT or Claude to help summarise security articles or explain complex concepts.
• This month: Experiment with using AI to help draft initial queries for your SIEM (Splunk, Elastic) or interpret WAF logs.
• Month 2: Try to get an AI assistant to suggest a basic WAF rule for a known attack pattern, then critically evaluate its output.
• Month 3: Document how AI has helped you save time or understand a concept faster, and share it with your team.
• QuickWin: Use AI to draft your daily stand-up updates or summarise long email threads about security incidents. It's a low-risk way to start.

Advancing Technical Skills

• Skill: Advanced WAF Rule Engineering & Optimisation
• Why: Attackers are always evolving, and generic WAF rules aren't enough. You'll need to write highly specific, efficient rules that block threats without impacting legitimate traffic, using complex regex and conditional logic.
• Concepts: [{'concept_name': 'Regular Expressions (Regex) for WAF rules', 'description': 'Mastering regex to precisely match malicious patterns in HTTP requests.'}, {'concept_name': 'WAF policy layering and prioritisation', 'description': 'Understanding how different rule sets interact and how to order them for optimal performance and security.'}, {'concept_name': 'False positive reduction techniques', 'description': 'Methods for analysing legitimate traffic to prevent WAF rules from blocking real users.'}, {'concept_name': 'Bot management and credential stuffing mitigation', 'description': 'Implementing advanced techniques to detect and block automated attacks like credential stuffing.'}]
• Prepare: This week: Pick one complex WAF rule and try to explain every part of it to a peer.
• This month: Take an online course or tutorial specifically on advanced regex for security.
• Month 2: Propose a small optimisation to an existing WAF rule to improve its efficiency or reduce false positives.
• Month 3: Work with a senior engineer to design and implement a new WAF rule for a specific, emerging threat.
• QuickWin: Start reviewing WAF logs daily, specifically looking for patterns in blocked legitimate traffic (false positives) and trying to identify why they were blocked.
• Skill: Cloud-Native Edge Security Integration
• Why: More and more applications are deployed in the cloud, and our edge security needs to integrate seamlessly with cloud services. This means understanding cloud-native WAFs, CDNs, and API gateways, and how to automate their deployment.
• Concepts: [{'concept_name': 'Cloud-native WAFs (e.g., AWS WAF, Azure Front Door)', 'description': 'Understanding the features and deployment models of WAFs built directly into cloud platforms.'}, {'concept_name': 'API Gateway security features', 'description': 'Configuring security controls within cloud API gateways (e.g., rate limiting, authentication, authorisation).'}, {'concept_name': 'Infrastructure as Code for cloud edge services', 'description': 'Automating the deployment and management of cloud edge security using Terraform or CloudFormation.'}, {'concept_name': 'Serverless edge functions (e.g., Lambda@Edge, Cloudflare Workers)', 'description': 'Using code at the edge to implement custom security logic or modify traffic.'}]
• Prepare: This week: Pick one of our cloud-hosted applications and map out its traffic flow through our edge security stack.
• This month: Complete an online certification or course on cloud security fundamentals (e.g., AWS Certified Security – Specialty).
• Month 2: Work on a small project to deploy a simple cloud-native WAF rule using Infrastructure as Code.
• Month 3: Research how serverless edge functions could be used to enhance a specific security control for one of our applications.
• QuickWin: Familiarise yourself with the cloud provider's documentation for their WAF and CDN services. Understand the basic concepts and terminology.

Education Requirements

• Level: Minimum
• Req: A-Levels or equivalent vocational qualification (e.g., BTEC Level 3/4) in a technical subject (e.g., Computer Science, IT, Networking)
• Alts: We're pragmatic. If you've got 1-2 years of hands-on experience in a technical support, network operations, or junior security role, that counts just as much, if not more, than a piece of paper.
• Level: Preferred
• Req: A Bachelor's degree (or equivalent) in Computer Science, Cybersecurity, or a related field
• Alts: While a degree is great, we value practical skills and a demonstrable passion for security above all else. If you've built cool stuff, contributed to open source, or have a portfolio of security projects, show us.

Experience Requirements

You'll need 0-2 years of experience in a technical role. This could be anything from an IT helpdesk, network support, or even a strong internship in cybersecurity. We're looking for someone who's comfortable with technical concepts, has a basic grasp of networking, and has shown a keen interest in security. Direct experience with WAFs or CDNs is a bonus, but not essential – we'll teach you that.

Preferred Certifications

• Cert: CompTIA Security+
• Prod: CompTIA
• Usage: This certification shows you've got a solid understanding of foundational cybersecurity concepts, which is a great starting point for this role.
• Cert: Cloud Security Alliance (CSA) CCSK
• Prod: Cloud Security Alliance
• Usage: Demonstrates a basic understanding of cloud security principles, which is increasingly important for edge security engineers.
• Cert: Certified Ethical Hacker (CEH)
• Prod: EC-Council
• Usage: While not directly about defence, understanding how attackers think (ethical hacking) is incredibly valuable for building effective defences.

Recommended Activities

• Participate in online security communities or forums (e.g., Reddit's r/cybersecurity, local OWASP chapters).
• Attend webinars or virtual conferences on edge security, DDoS mitigation, or cloud security.
• Complete online courses on platforms like Coursera, Udemy, or Cybrary focused on network security or cloud fundamentals.
• Set up a small home lab to experiment with network configurations or security tools.
• Read industry blogs and threat intelligence reports to stay current with new attack techniques.

Career Progression Pathways

Entry Paths to This Role

• Path: IT Support / Helpdesk Analyst
• Time: 1-2 years
• Path: Network Operations Centre (NOC) Engineer
• Time: 0-2 years
• Path: Cybersecurity Internship / Apprenticeship
• Time: 6-12 months

Career Progression From This Role

• Pathway: Edge Security Engineer (Level 2)
• Time: 2-3 years

Long Term Vision Potential Roles

• Title: Senior Edge Security Engineer
• Time: 5-8 years
• Title: Staff Edge Security Engineer
• Time: 8-12 years
• Title: Principal Edge Security Engineer
• Time: 12-16 years

How Zavmo Delivers This Role's Development

DISCOVER Phase: Skills Gap Analysis

Zavmo maps your current competencies against all requirements in this job description through conversational assessment. We evaluate your foundation skills (communication, strategic thinking), functional skills (CRM expertise, negotiation), and readiness for career progression.

Output: Personalised skills gap heat map showing strengths and priorities, estimated time to competency, neurodiversity accommodations.

DISCUSS Phase: Personalised Learning Pathway

Based on your DISCOVER results, Zavmo creates a personalised learning plan prioritised by impact: foundation skills first, then functional skills. We adapt to your learning style, pace, and neurodiversity needs (ADHD, dyslexia, autism).

Output: Week-by-week schedule, each module linked to specific job responsibilities, checkpoints and milestones.

DELIVER Phase: Conversational Learning

Learn through conversation, not boring modules. Zavmo uses 10 conversation types (Socratic dialogue, role-play, coaching, case studies) to build competence. Practice difficult QBR presentations, negotiate tough renewals, and handle churn conversations in a safe AI environment before facing real clients.

Example: "For 'Stakeholder Mapping', Zavmo will guide you through analysing a complex enterprise account, identifying key decision-makers, and building an engagement strategy."

DEMONSTRATE Phase: Competency Assessment

Zavmo automatically builds your evidence portfolio as you learn. Every conversation, practice scenario, and application example is captured and mapped to NOS performance criteria. When ready, your portfolio supports OFQUAL qualification claims and demonstrates competence to employers.

Output: Competency matrix, evidence portfolio (downloadable), qualification readiness, career progression score.