Private beta. Access is limited to invited testers until public launch.
QueryRange

Operator Career

Capability Roadmap

Progression at QueryRange is measured by what you can prove: signal isolation, rule quality, investigation judgment, and portfolio-grade outputs.

Phase 1

Signal Isolation

Can filter noise, shape evidence, and explain why a result is relevant.

Deliverables

  • triage-ready query output
  • short analyst note with confidence and next action
  • first replay-validated lab clear

Why Employers Care

This is the minimum bar for a junior analyst: convert noisy data into an actionable finding without over-alerting.

Phase 2

Behavior-Based Detection

Can encode attacker behavior as a detection with thresholds, false-positive notes, and validation evidence.

Deliverables

  • detection pack draft
  • replay metrics from noisy datasets
  • rule tuning rationale with known benign lookalikes

Why Employers Care

This proves you can do more than write syntax. You can design a rule that survives production conditions.

Phase 3

Investigation And Handoff

Can investigate an incident, assemble evidence, and communicate the outcome like a working analyst.

Deliverables

  • incident summary
  • pinned evidence set
  • handoff note with mitigation recommendation

Why Employers Care

Hiring teams care about judgment and communication under uncertainty, not just whether you solved a puzzle.

Phase 4

Portfolio-Grade Operator

Can connect learning, lab validation, investigation, and signed credentials into a credible work sample.

Deliverables

  • capstone summary
  • signed credential artifact
  • public proof page suitable for recruiter review

Why Employers Care

This is the differentiation layer. It gives you evidence of analyst readiness instead of only completion history.

Recommended Path

Do not optimize for feature hopping. Finish one theory checkpoint, one replay-tested lab, one investigation, and one exportable artifact.

Open AcademyRun LabsInvestigateBuild Capstone