Senior Human Security Engineer

About The Position

Requirements

• 5–8+ years in cybersecurity, risk management, or security awareness, with focus on human-centered security.
• Experience designing and managing security awareness and training programs.
• Strong understanding of social engineering tactics and human attack vectors.
• Proven ability to translate security risks into practical, user-friendly processes.
• Experience with phishing simulation platforms and training tools.
• Strong analytical skills with experience using metrics to drive decision-making.

Nice To Haves

• Background in psychology, behavioral science, or human factors (highly valuable).
• Experience with enterprise awareness platforms.
• Experience integrating user risk signals into security tooling.
• Certifications such as: CISSP, CISM, Certified Security Awareness Practitioner (CSAP), SANS Security Awareness or Human Risk Management training.
• Deep understanding of human behavior in security contexts.
• Strong communication and storytelling ability.
• Program design and change management expertise.
• Data-driven decision making.
• Influence without authority across business units.

Responsibilities

• Design and evolve a comprehensive human security program focused on mitigating social engineering risks.
• Identify high-risk user groups and develop targeted risk reduction strategies.
• Stay current on emerging social engineering tactics (phishing, vishing, smishing, pretexting, deepfake-enabled attacks).
• Develop and deliver engaging, role-based security awareness training.
• Lead ongoing phishing simulation programs and measure behavioral improvement.
• Create targeted campaigns for: Executives and high-value targets, Finance and HR personnel, Privileged users.
• Continuously improve training based on metrics and threat trends.
• Define and implement human-centric security controls, including: Verification procedures for sensitive requests (fund transfers, credential resets, etc.), Out-of-band validation workflows, Standard operating procedures for handling suspicious communications.
• Partner with business teams to embed secure behaviors into daily workflows.
• Reduce reliance on “user vigilance alone” by introducing process-backed safeguards.
• Develop metrics and dashboards to track: Phishing susceptibility rates, Report rates and time-to-report, Repeat-risk users or departments.
• Use data to inform leadership and drive program improvements.
• Integrate human risk signals into broader security monitoring (SIEM/SOAR where applicable).
• Support investigations of social engineering incidents.
• Conduct post-incident reviews with a focus on process gaps and behavioral insights.
• Recommend and implement corrective actions to prevent recurrence.
• Work with: Security Operations (SOC) on reporting and escalation pathways, Identity and Access Management teams on verification controls, Communications/HR on policy messaging and adoption.
• Align human security efforts with enterprise security strategy.

Benefits

• Reduction in phishing susceptibility and repeat offenders
• Increased reporting rates and faster reporting times
• Adoption of secure business processes (e.g., verification workflows)
• Measurable reduction in successful social engineering incidents
• Improved executive and high-risk user resilience