Assessment track

Cybersecurity Analyst

Assess security triage, phishing response, access control, logging, incident handling, vulnerability prioritization, threat modeling, privacy-aware security, security communication and senior risk governance across junior, middle and senior levels.

Theory

10 questions

randomly selected for the chosen level

Practice

3 tasks

repo, code, report, file, or URL review

Time

25–35 min

screening first, practical after

Flow preview

1

Choose your level

Junior, Middle, or Senior. The expectations change immediately.

2

Answer rotating questions

The attempt uses a random active set from the chosen role + level pool.

3

Submit practical proof

The practical task checks work quality, not only memory.

Choose assessment level

Same profession, different bar

Pick the level that matches the role you want to prove. Candidates can retake another level later.

Junior

Available

Foundations and safe execution

Checks whether the candidate understands core concepts, avoids common mistakes, and can complete a focused practical task with clear reasoning.

Best for

Interns, juniors, career switchers, and candidates with limited commercial experience.

shown per attempt

level task

Independent delivery

Checks real-world decisions, trade-offs, debugging, prioritization, and ability to finish a task without hand-holding.

Best for

Specialists who can own a feature, audit, workflow, or test plan end to end.

shown per attempt

level task

Architecture and leadership thinking

Checks strategy, risk management, system thinking, quality standards, and ability to explain decisions to a team or employer.

Best for

Senior candidates, leads, consultants, and people expected to make high-impact decisions.

shown per attempt

level task

Topics covered

These are pulled from the active question library for this profession.

AI risk API security Abuse cases Abuse prevention Access control Access review Account recovery Alert handling Alert triage Authentication Availability Backups Board communication Bug reports Change risk Cloud security Compliance Confidentiality Control validation Crisis leadership Cross-functional work Data leakage Data lifecycle Data sensitivity Detection coverage Detection strategy Device loss Email safety Endpoint investigation Escalation Evidence Governance Identity strategy Incident communication Incident operating model Incident severity Incident triage Insider risk Integrity International operations Logging strategy Logs M&A or growth MFA Malware basics Metrics Network segmentation Passwords Patch management Permissions Phishing Phishing response Privacy by design Privacy risk Product security Program maturity Ransomware readiness Red team results Resilience Risk appetite Risk basics SIEM tuning Safe handling Secrets management Security architecture Security awareness Security backlog Security basics Security budget Security champions Security culture Security exception Security metrics Security notes Security policy Security roadmap Security strategy Senior judgment Social engineering Supply chain Tabletop exercise Third-party risk Threat model marketplace Threat modeling User trust Vendor strategy Vulnerability basics Vulnerability prioritization Zero trust

Practical verification

The practical task is selected after the theory screening and should match the chosen level.

Investigate a phishing and account-risk scenario

120 minutes · Junior · Text report

Document review

Prioritize security alerts for a hiring platform

180 minutes · Middle · Text report

Document review

Design a cybersecurity risk operating model

180 minutes · Senior · Text report

Document review