Senior Human Security Engineer

About the RoleWe are seeking a Senior Human Security Engineer to lead the design and execution of programs that protect the organization from social engineering and human‑targeted threats. This role focuses on strengthening the human layer of security through training, behavior analytics, process design, and risk reduction strategies.This individual will partner closely with Security, HR, IT, and business units to build scalable programs that reduce susceptibility to phishing, pretexting, and other forms of manipulation.This role is a key part of our organization's shift toward “human risk management”, treating users as a critical security control rather than a vulnerability.What You'll DoSocial Engineering Defense StrategyDesign and evolve a comprehensive human security program focused on mitigating social engineering risks.Identify high‑risk user groups and develop targeted risk reduction strategies.Stay current on emerging social engineering tactics (phishing, vishing, smishing, pretexting, deepfake‑enabled attacks).Training & Awareness ProgramsDevelop and deliver engaging, role‑based security awareness training.Lead ongoing phishing simulation programs and measure behavioral improvement.Create targeted campaigns for:Executives and high‑value targetsFinance and HR personnelPrivileged usersContinuously improve training based on metrics and threat trends.Process & Control DesignDefine and implement human‑centric security controls, including:Verification procedures for sensitive requests (fund transfers, credential resets, etc.)Out‑of‑band validation workflowsStandard operating procedures for handling suspicious communicationsPartner with business teams to embed secure behaviors into daily workflows.Reduce reliance on “user vigilance alone” by introducing process‑backed safeguards.Behavioral Risk Measurement & AnalyticsDevelop metrics and dashboards to track:Phishing susceptibility ratesReport rates and time‑to‑reportRepeat‑risk users or departmentsUse data to inform leadership and drive program improvements.Integrate human risk signals into broader security monitoring (SIEM/SOAR where applicable).Support investigations of social engineering incidents.Conduct post‑incident reviews with a focus on process gaps and behavioral insights.Recommend and implement corrective actions to prevent recurrence.Cross‑Functional CollaborationWork with:Security Operations (SOC) on reporting and escalation pathwaysIdentity and Access Management teams on verification controlsCommunications/HR on policy messaging and adoptionAlign human security efforts with enterprise security strategy.What You'll Bring5–8+ years in cybersecurity, risk management, or security awareness, with a focus on human‑centered security.Experience designing and managing security awareness and training programs.Strong understanding of social engineering tactics and human attack vectors.Proven ability to translate security risks into practical, user‑friendly processes.Experience with phishing simulation platforms and training tools.Strong analytical skills with experience using metrics to drive decision‑making.What Will Set You ApartBackground in psychology, behavioral science, or human factors (highly valuable).Experience with enterprise awareness platforms.Experience integrating user risk signals into security tooling.Certifications such as CISSP, CISM, Certified Security Awareness Practitioner (CSAP), SANS Security Awareness or Human Risk Management training.Deep understanding of human behavior in security contexts.Strong communication and storytelling ability.Program design and change management expertise.Influence without authority across business units.Measurable reduction in successful social engineering incidents.Improved executive and high‑risk user resilience.BenefitsTraining and Development: Ongoing training and professional development opportunities.Medical: Fully paid healthcare, dental and vision premiums for employees and eligible dependents, and gym benefits.Financial: Generous company 401(k) contributions and employee stock ownership after one year.Work‑Life Balance: Competitive PTO and work from home opportunities after an introductory period.#J-18808-Ljbffr

About the RoleWe are seeking a Senior Human Security Engineer to lead the design and execution of programs that protect the organization from social engineering and human‑targeted threats. This role focuses on strengthening the human layer of security through training, behavior analytics, process design, and risk reduction strategies.This individual will partner closely with Security, HR, IT, and business units to build scalable programs that reduce susceptibility to phishing, pretexting, and other forms of manipulation.This role is a key part of our organization's shift toward “human risk management”, treating users as a critical security control rather than a vulnerability.What You'll DoSocial Engineering Defense StrategyDesign and evolve a comprehensive human security program focused on mitigating social engineering risks.Identify high‑risk user groups and develop targeted risk reduction strategies.Stay current on emerging social engineering tactics (phishing, vishing, smishing, pretexting, deepfake‑enabled attacks).Training & Awareness ProgramsDevelop and deliver engaging, role‑based security awareness training.Lead ongoing phishing simulation programs and measure behavioral improvement.Create targeted campaigns for:Executives and high‑value targetsFinance and HR personnelPrivileged usersContinuously improve training based on metrics and threat trends.Process & Control DesignDefine and implement human‑centric security controls, including:Verification procedures for sensitive requests (fund transfers, credential resets, etc.)Out‑of‑band validation workflowsStandard operating procedures for handling suspicious communicationsPartner with business teams to embed secure behaviors into daily workflows.Reduce reliance on “user vigilance alone” by introducing process‑backed safeguards.Behavioral Risk Measurement & AnalyticsDevelop metrics and dashboards to track:Phishing susceptibility ratesReport rates and time‑to‑reportRepeat‑risk users or departmentsUse data to inform leadership and drive program improvements.Integrate human risk signals into broader security monitoring (SIEM/SOAR where applicable).Support investigations of social engineering incidents.Conduct post‑incident reviews with a focus on process gaps and behavioral insights.Recommend and implement corrective actions to prevent recurrence.Cross‑Functional CollaborationWork with:Security Operations (SOC) on reporting and escalation pathwaysIdentity and Access Management teams on verification controlsCommunications/HR on policy messaging and adoptionAlign human security efforts with enterprise security strategy.What You'll Bring5–8+ years in cybersecurity, risk management, or security awareness, with a focus on human‑centered security.Experience designing and managing security awareness and training programs.Strong understanding of social engineering tactics and human attack vectors.Proven ability to translate security risks into practical, user‑friendly processes.Experience with phishing simulation platforms and training tools.Strong analytical skills with experience using metrics to drive decision‑making.What Will Set You ApartBackground in psychology, behavioral science, or human factors (highly valuable).Experience with enterprise awareness platforms.Experience integrating user risk signals into security tooling.Certifications such as CISSP, CISM, Certified Security Awareness Practitioner (CSAP), SANS Security Awareness or Human Risk Management training.Deep understanding of human behavior in security contexts.Strong communication and storytelling ability.Program design and change management expertise.Influence without authority across business units.Measurable reduction in successful social engineering incidents.Improved executive and high‑risk user resilience.BenefitsTraining and Development: Ongoing training and professional development opportunities.Medical: Fully paid healthcare, dental and vision premiums for employees and eligible dependents, and gym benefits.Financial: Generous company 401(k) contributions and employee stock ownership after one year.Work‑Life Balance: Competitive PTO and work from home opportunities after an introductory period.#J-18808-Ljbffr

• 

• Government Careers