Hiring - Social Engineering & Physical Security Testing Lead
Posted Today by BizTech Fusion
Negotiable
Undetermined
Remote
Remote
Summary: The Social Engineering & Physical Security Testing Lead will spearhead a comprehensive social engineering campaign targeting approximately 4,300 staff members at BizTech Fusion. This role involves designing and executing various testing scenarios, including phishing and physical penetration testing, while adhering to strict protocols and documentation requirements. The position is remote, requiring US-based personnel with a focus on professionalism and security awareness. The contract duration is 12 months with potential for renewal.
Key Responsibilities:
- Design and execute phishing, vishing, and smishing campaigns targeting NNPS staff (~4,300 in scope)
- Develop pretext scenarios relevant to the K-12 education environment (IT support impersonation, district administration, vendor calls)
- Conduct on-site physical penetration testing across NNPS facility types including tailgating, badge cloning attempts, unlocked workstation access, and sensitive document exposure
- Always Follow and enforce written Rules of Engagement; immediately escalate out-of-scope contact with students
- Coordinate with NNPS contract administrator (David Saunders) for facility access logistics
- Document all social engineering campaign results: click rates, credential submission rates, call success rates, by department where possible
- Document all physical testing findings: facility-by-facility, with photographic evidence where permitted
- Produce the Social Engineering Assessment and Physical Penetration Testing deliverable reports
- Present findings to NNPS leadership with practical, prioritized security awareness and physical security recommendations
Key Skills:
- Minimum 4 years of experience conducting social engineering and physical penetration testing engagements
- Demonstrated experience running large-scale phishing campaigns (2,000+ targets) with documented results
- Experience with physical penetration testing at distributed multi-facility organizations (schools, government buildings, or comparable)
- Proficiency with phishing simulation platforms (GoPhish, Cobalt Strike phishing, or commercial equivalents)
- Strong written reporting skills - social engineering and physical findings must be documented with sufficient evidence for NNPS leadership to act
- Ability to operate professionally in a school campus environment - strict scope discipline around student exclusion is non-negotiable
- US-based; must be able to travel to Newport News, VA for on-site physical testing
Salary (Rate): £60,000 yearly
City: undetermined
Country: undetermined
Working Arrangements: remote
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Hi
Greetings from BizTech Fusion!
BizTech Fusion has authorized a full social engineering campaign targeting its ~4,300 staff (students are explicitly excluded from all social engineering and physical testing). Physical penetration testing covers all NNPS facility types schools, administrative buildings, data centers, and support facilities across 50+ locations. Written Rules of Engagement must be approved by the NNPS Executive Director of Technology before any physical testing begins. This is a sensitive engagement requiring professionalism, strict scope discipline, and clear escalation protocols.
Title: Social Engineering & Physical Security Testing Lead
Location: Remote (US Region, Eastern Time)
Duration: 12 Month Contract with possible renewal
Tax: W2, 1099
Note: US-based personnel mandatory
Job Description
Responsibilities
- Design and execute phishing, vishing, and smishing campaigns targeting NNPS staff (~4,300 in scope)
- Develop pretext scenarios relevant to the K-12 education environment (IT support impersonation, district administration, vendor calls)
- Conduct on-site physical penetration testing across NNPS facility types including tailgating, badge cloning attempts, unlocked workstation access, and sensitive document exposure
- Always Follow and enforce written Rules of Engagement; immediately escalate out-of-scope contact with students
- Coordinate with NNPS contract administrator (David Saunders) for facility access logistics
- Document all social engineering campaign results: click rates, credential submission rates, call success rates, by department where possible
- Document all physical testing findings: facility-by-facility, with photographic evidence were permitted
- Produce the Social Engineering Assessment and Physical Penetration Testing deliverable reports
- Present findings to NNPS leadership with practical, prioritized security awareness and physical security recommendations
Required Qualifications
- Minimum 4 years of experience conducting social engineering and physical penetration testing engagements
- Demonstrated experience running large-scale phishing campaigns (2,000+ targets) with documented results
- Experience with physical penetration testing at distributed multi-facility organizations (schools, government buildings, or comparable)
- Proficiency with phishing simulation platforms (GoPhish, Cobalt Strike phishing, or commercial equivalents)
- Strong written reporting skills social engineering and physical findings must be documented with sufficient evidence for NNPS leadership to act
- Ability to operate professionally in a school campus environment strict scope discipline around student exclusion is non-negotiable
- US-based; must be able to travel to Newport News, VA for on-site physical testing
Preferred Qualifications
- Experience with K-12 or public sector social engineering engagements
- Familiarity with NNPS-relevant pretexts: IT helpdesk, substitute teacher systems, parent/guardian communications
- GPEN, CEH, or physical security certifications (PSP, CPP)
- Experience developing security awareness training programs post-engagement
- Knowledge of Virginia privacy law constraints on staff data use in testing scenarios