Senior Consultant, Human Threats

What You'll Do

Conduct human threat engagements including social engineering, phishing, vishing, physical assessments, and human risk evaluations.
Prepare, review, and approve Human Threat reports to meet quality requirements.
Manage priorities and tasks to achieve delivery utilization targets.
Advise clients on all testing and assessment activities in a timely and professional manner.
Ensure client deliverables and services are delivered on time.
Continuous professional development in maintaining industry specific certifications and staying current on emerging human threat tactics and trends.
Establish and maintain positive collaborative relationships with clients and stakeholders.
Identify up-sell and cross-sell opportunities and escalate to sales.
Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables.
Mentor junior consultants in social engineering tradecraft, client communications, reporting, and engagement execution.
Contribute to the development and refinement of Human Threat methodologies, tooling, playbooks, and service offerings.
Contribute to thought leadership through research, blogs, whitepapers, webinars, and conference presentations on human threat, and related security topics.
Support the development of the Human Threat practice through original research, service innovation, and externally facing industry content.
Represent the Coalfire at industry events, client briefings, and conferences as a subject matter expert.
Contribute to other offensive security engagements, as needed, based on business demand, skillset alignment, and delivery priorities when not assigned to Human Threat assessments.
Perform other responsibilities as needed in support of client delivery, practice development, and team success.

What You'll Bring

5 - 8 years client-facing consulting experience
3 - 5 years experience in social engineering, red team, insider risk, physical security
Demonstrated expertise of:
Social engineering principles and techniques
Phishing, vishing, smishing, and other communication-based attack methods
Pretext development and adversary emulation against human targets
Human risk assessments and behavior-based security evaluations
Report writing and client presentation delivery
Demonstrated knowledge of:
Current threat actor tactics, techniques, and procedures involving human targets
Physical security concepts and badge/access control weaknesses
Email security controls, identity-based attacks, and user-targeted attack paths
Security awareness, culture, and behavior change principles
Ability to travel up to 25%
Strong writing skills and personal accountability
Ability to complete work to standards without direct supervision
Time management
Demonstrated ability to communicate complex security concepts through written content, client presentations, and public speaking.
Excellent communication and presentation skills.

Bonus Points

Knowledge of physical red team tactics and techniques.
Executive protection or executive-targeted social engineering scenarios.
Behavioral science, psychology, or influence-based training.
Threat intelligence related to social engineering campaigns and threat actor tradecraft.
Advanced social engineering - AI-based social engineering, phishing, pretext calling, impersonation campaigns.
Insider risk program development.
Training content development and workshop facilitation.
Hardware, badge, or access-control related social engineering experience.
Published research, blogs, whitepapers, or conference presentations related to social engineering, human threat, or offensive security.