Responsibilities:
Plan execute and assess a variety of social engineering tests internally employing different methods such as phishing vishing spear phishing business email compromise (BEC) whaling and pretexting.
Customize and craft realistic phishing emails vishing calls and text messages to assess the susceptibility of employees to social engineering attacks.
Perform spear phishing campaigns targeting specific individuals or departments within the organization.
Simulate business email compromise scenarios to test the organizations resilience against advanced emailbased attacks.
Execute whaling attacks focusing on highprofile individuals in the organization.
Conduct pretexting exercises to gauge the effectiveness of staff in identifying and resisting manipulation attempts.
Collaborate with the IT security team to ensure the alignment of social engineering tests with broader cybersecurity objectives.
Utilize a variety of tools and techniques for email phishing robocalls SMS texting and USB drops to evaluate the organizations vulnerability to different attack vectors.
Establish baseline metrics and benchmarks for social engineering awareness and resilience.
Analyze and document the outcomes of social engineering tests including successful and unsuccessful attempts and provide recommendations for improvement.
Develop and deliver training sessions to educate employees on social engineering risks and best practices.
Stay informed about emerging social engineering tactics tools and trends in the cybersecurity landscape.
Qualifications:
Minimum of 3 years of experience in conducting social engineering tests.
Relevant certifications in social engineering and penetration testing (e.g. SEPP Social Engineering Prevention Professional).
Indepth knowledge of social engineering tactics techniques and procedures.
Familiarity with tools used in social engineering assessments and campaigns.
Strong analytical and communication skills to convey findings and recommendations effectively.
Technology Stack:
Phishing Tools:
Utilize phishing simulation tools such as GoPhish PhishMe or equivalent.
Vishing Tools:
Employ voice phishing tools for simulated phonebased social engineering.
Spear Phishing Platforms:
Use specialized platforms for crafting and executing targeted spear phishing campaigns.
Email Compromise Tools:
Employ tools that simulate business email compromise scenarios.
Whaling Techniques:
Implement techniques for conducting whaling attacks on highprofile targets.
Pretexting Tools:
Utilize tools to create and execute pretexting scenarios for manipulation testing.
Robocall and SMS Platforms:
Use platforms for simulating robocalls and SMSbased social engineering attacks.
USB Drop Tools:
Employ tools for testing employee response to USB drops in physical spaces.
Training Platforms:
Leverage training platforms for creating and delivering social engineering awareness sessions.