The Cybersecurity Support Instructor is the onsite technical lead for the Cybersecurity track. You translate core concepts into applied security workflows, maintain pacing and standards in live labs, supervise TAs, and ensure learners can execute responsibly across offensive, defensive, and detection-aware work. You are responsible for program stability and output quality on the ground.
One Applied Lab and one Integration Task each week, built around live implementation and guided debugging.
4
Readiness pillars
Technical Readiness, Timeliness & Professional Rhythm, Engagement, and Integrity & Explainability.
Daily
TA supervision
You manage daily calibration, support prioritization, and grading consistency across the track.
24h
Escalation window
Integrity issues, repeated readiness failures, or attendance risks escalate to the Lead Instructor within 24 hours.
Instructional system
Where you sit
The instructional model operates across three layers. Final academic judgment rests with the Lead Instructor, but this role holds clear authority over applied cybersecurity delivery, readiness enforcement, grading calibration, and TA supervision.
Lead Instructor
Owns curriculum architecture, conceptual depth, guest-speaker integration, and final academic judgment
Support Instructor ← you
Owns applied cybersecurity execution, lab delivery, grading oversight, TA management, and learner readiness enforcement
Teaching Assistants
Provide daily debugging support, first-pass grading, and early risk detection during work blocks
Lead Instructor holds
Final academic judgment
Curriculum architecture decisions
Academic integrity rulings
Reference solution approval, with your input
You hold authority over
Lab execution quality
Grading calibration and consistency
Learner readiness enforcement
TA supervision and workload delegation
Responsibilities
What you'll do
You own the execution layer of the Cybersecurity track: applied delivery, grading oversight, TA supervision, readiness monitoring, learner coaching, capstone support, and forward-looking curriculum review.
Applied delivery
Security labs in live execution
Deliver two applied sessions per week for the Cybersecurity track: the Applied Lab and the Integration Task
Translate concepts into hands-on work across reconnaissance, web security, detection-aware offensive workflows, defensive analysis, and analyst reasoning
Guide learners through structured implementation using realistic tools, artifacts, and reporting expectations
Model debugging live and reinforce reproducibility, documentation quality, and professional lab discipline
Manage pacing so stronger learners are challenged while slower learners receive support without lowering standards
Grading oversight
Consistency & technical defensibility
Review and approve reference solutions and ensure alignment between assignments and learning outcomes
Audit TA rubric application and provide second-level review where needed
Maintain expected turnaround: about 48 hours for drills and labs, about 72 hours for items requiring instructor review
Cybersecurity grading must reward disciplined reasoning, not just tool output. If a learner runs something successfully but cannot explain what happened, why it matters, or where the boundaries are, the work is incomplete.
TA supervision
Daily calibration
Run daily touchpoints with TAs, in person or async
Monitor grading backlog, support coverage, and rubric alignment
Coach TAs on standards, tone, prioritization, and when to escalate
Step in where needed without removing TA ownership of their responsibilities
Ensure highest-need learners and blocked learners are always prioritized ahead of advanced learners
Readiness monitoring
Prevent silent failure
Monitor readiness across four pillars: Technical Readiness, Timeliness & Professional Rhythm, Engagement, and Integrity & Explainability
Initiate early interventions for learners who are blocked, drifting, operating unsafely, or showing weak analyst reasoning
Escalate to the Lead Instructor within 24 hours when integrity issues arise, multiple readiness failures appear, or attendance thresholds are approached
You are accountable for catching weak execution before it compounds.
Capstone oversight
Applied project support
Guide teams through scoping, architecture, technical feasibility, and security-oriented design decisions
Review whether solutions demonstrate coherent threat reasoning, defensible implementation choices, and clear articulation of trade-offs
Verify each capstone repository runs cleanly on a fresh machine and includes clear setup steps and documentation
Provide structured feedback before final evaluation and help teams prepare for technical presentation
Beginning each Sunday, dedicate 60–90 minutes per day to reviewing materials due the following Sunday
Open the module two weeks ahead and begin testing labs, checking instruction clarity, assignment flow, and difficulty
Flag blocking issues immediately rather than waiting for the deadline
Submit feedback one full week before delivery begins so implementation issues are caught early
60–90 min/dayGitHub Classroom1 week ahead
Debugging standard
How you run office hours
Structured debugging blocks run weekly. The goal is not to solve problems for learners, but to teach them how to reason through security workflows with discipline, clarity, and safe operating habits.
Your debugging standard
Teach, don't fix
Teach learners to interpret errors, outputs, findings, and false positives before suggesting fixes
Reinforce disciplined note-taking, reproducible setup, logging, and structured troubleshooting
Ask guiding questions rather than jumping directly to the answer
Help learners distinguish between running a tool and understanding what the result means
Surface systemic technical issues to the Lead Instructor immediately. Do not silently absorb recurring blockers or unsafe patterns.
Team coordination
Reporting cadence
Daily or frequent syncs with TAs
Weekly syncs with the Lead Instructor
Clear communication with the Program/Project Manager on scheduling and logistics
Surface immediately:
Learner performance data
Grading backlog
Technical blockers
Cohort morale concerns
Weekly rhythm
What your week looks like
Core onsite hours are Monday–Thursday, approximately 10:00–17:00 Amman time. Curriculum review and demo preparation continue outside those hours as needed.
Day
Core focus
Key actions
Every day
Monitor & supervise
Check dashboard, identify learners of concern, supervise TA support, and log notes for the Lead Instructor
Sunday
Curriculum review
Review materials due one week ahead; open the module two weeks ahead to begin testing and feedback
Monday
Applied Lab delivery
Deliver the Applied Lab, hand off to TAs, supervise targeted support, and confirm assignment attempts are on record
Tuesday
Lab completion + Stretch
Supervise highest-need support first, then lead Stretch once eligible learners are ready
Wednesday
Integration Task delivery
Deliver the Integration Task, hand off to TAs, supervise support, and confirm attempts are on record
Thursday
Integration completion + Stretch + Sync prep
Supervise highest-need support first, lead Stretch when eligible, and prepare module feedback for the Lead Instructor sync
What excellence looks like: Live sessions run cleanly and on pace. TAs are calibrated. Learners are not just using tools — they are explaining results, documenting decisions, and developing credible analyst habits. Curriculum issues are caught before delivery. The cohort moves forward together.
Qualifications
What you bring
This role requires instructional credibility, technical breadth across the program’s shared foundation, and real applied depth in cybersecurity. You do not need to be the only expert in the room for every subdomain, but you must be strong enough to guide labs, supervise TAs, enforce standards, and support a cybersecurity track built around hands-on technical execution.
Required
Core qualifications
Instructional, facilitation, or technical coaching experience in a hands-on training environment
Strong working knowledge of shared foundation topics including operating systems, networking basics, command-line fluency, virtualized lab environments, and disciplined workflow habits
Credible applied cybersecurity knowledge across at least several of the following: reconnaissance, web application security, vulnerability analysis, attack-path reasoning, detection-aware offensive workflows, defensive analysis, logging, and reporting
Ability to guide structured labs, debugging blocks, and live technical work sessions with clarity, pacing, and calm under pressure
Experience supervising teaching assistants, junior instructional staff, or technical support personnel
Strong experience in hybrid or multi-layer instructional environments where operational consistency matters
Comfort reinforcing reproducibility, documentation quality, evidence-based reasoning, and professional learner behavior
Familiarity with the program’s credential framing, including Security+, CySA+, and CASP+
Familiarity with frameworks and concepts such as MITRE ATT&CK, adversary behavior mapping, and detection-informed analysis
Comfort with tools or adjacent equivalents such as Nmap, Metasploit, BloodHound, Burp-style web testing workflows, Sysmon, and ELK/Wazuh
Ability to distinguish between safe instructional lab execution and careless or shallow tool use
Strong instinct for teaching not just what a result is, but why it matters, what it implies, and where the limits are
Professional judgment around responsible execution, clear scope boundaries, and learner safety in hands-on security work
Visible operational calm — the cohort depends on your ability to keep standards high when learners are blocked or unevenly paced
Reliability and visible presence are essential. This role is part instructional leader, part quality-control layer, and part operational stabilizer for the Cybersecurity track.