Hiring - Social Engineering & Physical Security Testing Lead

Hi

Greetings from BizTech Fusion!

BizTech Fusion has authorized a full social engineering campaign targeting its ~4,300 staff (students are explicitly excluded from all social engineering and physical testing). Physical penetration testing covers all NNPS facility types schools, administrative buildings, data centers, and support facilities across 50+ locations. Written Rules of Engagement must be approved by the NNPS Executive Director of Technology before any physical testing begins. This is a sensitive engagement requiring professionalism, strict scope discipline, and clear escalation protocols.

Title: Social Engineering & Physical Security Testing Lead

Location: Remote (US Region, Eastern Time)

Duration: 12 Month Contract with possible renewal

Tax: W2, 1099

Note: US-based personnel mandatory

Job Description

Responsibilities

- Design and execute phishing, vishing, and smishing campaigns targeting NNPS staff (~4,300 in scope)

- Develop pretext scenarios relevant to the K-12 education environment (IT support impersonation, district administration, vendor calls)

- Conduct on-site physical penetration testing across NNPS facility types including tailgating, badge cloning attempts, unlocked workstation access, and sensitive document exposure

- Always Follow and enforce written Rules of Engagement; immediately escalate out-of-scope contact with students

- Coordinate with NNPS contract administrator (David Saunders) for facility access logistics

- Document all social engineering campaign results: click rates, credential submission rates, call success rates, by department where possible

- Document all physical testing findings: facility-by-facility, with photographic evidence were permitted

- Produce the Social Engineering Assessment and Physical Penetration Testing deliverable reports

- Present findings to NNPS leadership with practical, prioritized security awareness and physical security recommendations

Required Qualifications

- Minimum 4 years of experience conducting social engineering and physical penetration testing engagements

- Demonstrated experience running large-scale phishing campaigns (2,000+ targets) with documented results

- Experience with physical penetration testing at distributed multi-facility organizations (schools, government buildings, or comparable)

- Proficiency with phishing simulation platforms (GoPhish, Cobalt Strike phishing, or commercial equivalents)

- Strong written reporting skills social engineering and physical findings must be documented with sufficient evidence for NNPS leadership to act

- Ability to operate professionally in a school campus environment strict scope discipline around student exclusion is non-negotiable

- US-based; must be able to travel to Newport News, VA for on-site physical testing

Preferred Qualifications

- Experience with K-12 or public sector social engineering engagements

- Familiarity with NNPS-relevant pretexts: IT helpdesk, substitute teacher systems, parent/guardian communications

- GPEN, CEH, or physical security certifications (PSP, CPP)

- Experience developing security awareness training programs post-engagement

- Knowledge of Virginia privacy law constraints on staff data use in testing scenarios