Senior Consultant, Human Threats

About Coalfire Coalfire is on a mission to make the world a safer place by solving our clients’ hardest cybersecurity challenges. We work at the cutting edge of technology to advise, assess, automate, and ultimately help companies navigate the ever-changing cybersecurity landscape. We are headquartered in Chicago, Illinois with offices across the U.S. and U.K., and we support clients around the world. But that’s not who we are – that’s just what we do.   We are thought leaders, consultants, and cybersecurity experts, but above all else, we are a team of passionate problem-solvers who are hungry to learn, grow, and make a difference. Why You’ll Want to Join Us At Coalfire, you’ll find the support you need to thrive personally and professionally. In many cases, we provide a flexible work model that empowers you to choose when and where you’ll work most effectively – whether you’re at home or an office. Regardless of location, you’ll experience a company that prioritizes connection and wellbeing and be part of a team where people care about each other and our communities. You’ll have opportunities to join employee resource groups, participate in in-person and virtual events, and more. And you’ll enjoy competitive perks and benefits to support you and your family, like paid parental leave, flexible time off, certification and training reimbursement, digital mental health and wellbeing support membership, and comprehensive insurance options. At Coalfire, equal opportunity and pay equity is integral to the way we do business. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Coalfire is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation to participate in the job application or interview process, contact our Human Resources team at HumanResourcesMB@coalfire.com. country: US all locations: [United States] commitment: Regular Full Time department: DivisionHex / Penetration Testing location: United States team: Offensive Security - Threat What You'll Do: Conduct human threat engagements including social engineering, phishing, vishing, physical assessments, and human risk evaluations. Prepare, review, and approve Human Threat reports to meet quality requirements. Manage priorities and tasks to achieve delivery utilization targets. Advise clients on all testing and assessment activities in a timely and professional manner. Ensure client deliverables and services are delivered on time. Continuous professional development in maintaining industry specific certifications and staying current on emerging human threat tactics and trends. Establish and maintain positive collaborative relationships with clients and stakeholders. Identify up-sell and cross-sell opportunities and escalate to sales. Collaborate with project managers, quality management, sales, and other delivery team members to drive customer satisfaction and meet project deliverables. Mentor junior consultants in social engineering tradecraft, client communications, reporting, and engagement execution. Contribute to the development and refinement of Human Threat methodologies, tooling, playbooks, and service offerings. Contribute to thought leadership through research, blogs, whitepapers, webinars, and conference presentations on human threat, and related security topics. Support the development of the Human Threat practice through original research, service innovation, and externally facing industry content. Represent the Coalfire at industry events, client briefings, and conferences as a subject matter expert. Contribute to other offensive security engagements, as needed, based on business demand, skillset alignment, and delivery priorities when not assigned to Human Threat assessments. Perform other responsibilities as needed in support of client delivery, practice development, and team success. What You'll Bring: 5 - 8 years client-facing consulting experience 3 - 5 years experience in social engineering, red team, insider risk, physical security Demonstrated expertise of: Social engineering principles and techniques Phishing, vishing, smishing, and other communication-based attack methods Pretext development and adversary emulation against human targets Human risk assessments and behavior-based security evaluations Report writing and client presentation delivery Demonstrated knowledge of: Current threat actor tactics, techniques, and procedures involving human targets Physical security concepts and badge/access control weaknesses Email security controls, identity-based attacks, and user-targeted attack paths Security awareness, culture, and behavior change principles Ability to travel up to 25% Strong writing skills and personal accountability Ability to complete work to standards without direct supervision Time management Demonstrated ability to communicate complex security concepts through written content, client presentations, and public speaking. Excellent communication and presentation skills. Bonus Points: Knowledge of physical red team tactics and techniques. Executive protection or executive-targeted social engineering scenarios. Behavioral science, psychology, or influence-based training. Threat intelligence related to social engineering campaigns and threat actor tradecraft. Advanced social engineering - AI-based social engineering, phishing, pretext calling, impersonation campaigns. Insider risk program development. Training content development and workshop facilitation. Hardware, badge, or access-control related social engineering experience. Published research, blogs, whitepapers, or conference presentations related to social engineering, human threat, or offensive security.