Senior Consultant - Social Engineering

As a Senior Consultant with a focus on social engineering, you will:

• Attend customer sites to deliver engagements where required (such as Physical Penetration Testing/Black Team engagements).
• Provide well‑written, concise, technical and non‑technical reports in English.
• Perform vulnerability assessments and provide findings with remediation actions.
• Support with various client pre‑engagement interactions, including scoping activities and proposal drafting.
• Manage and deliver penetration testing project activities within strict deadlines.
• Research Social Engineering trends, new attack vectors and technologies that may improve efficiencies when delivering these engagements.
• Develop and deliver in‑house training to the penetration testing team.
• Coach and mentor Graduate and Junior penetration testers.
• Act as lead tester on large or onsite penetration testing projects (including Physical Penetration Tests).
• Support the Marketing team with the development of content (including, but not limited to: Blogs, Social Media Posts, and Articles) to help raise the profile of Bulletproof's Penetration Testing and other services.
• Support the QA process to ensure high quality client reports are delivered in accordance with applicable Service Level Agreement (SLA).
• Perform any other appropriate job duties in line with the associated skill and experience of the post holder.

Skills

• Deep knowledge of Social Engineering attack vectors relating to: Phishing (email), Vishing (phone calls), Physical Social engineering (in person during a Physical Penetration Test/Black Team).
• Strong knowledge of Social Engineering and Physical Penetration attack techniques such as: Lock picking, Card cloning, Elicitation, Disguise and Social Engineering scenario creation.
• Strong skills in Open Source Intelligence gathering – specifically targeting organisations and physical locations.
• Knowledge of the additional legal boundaries that are involved for Social Engineering attacks and Physical Site Engagements.
• Proven industry experience in infrastructure and/or application penetration testing.
• Deep knowledge of various Operating Systems and network principles.
• Strong understanding of OWASP, PTES and MITRE ATT.
• Knowledge of how modern solutions are designed and deployed across different platforms.
• Ability to program or script in your preferred language.
• Relevant security qualifications (such as OSCP, CREST CRT, OSEP, CCT or relevant Social Engineering exams/training).

Nice to Have

• Deep knowledge of access card cloning techniques and involved technologies.
• Experience operating as part of or in conjunction with a Red Team.
• Strong knowledge of Wireless (WiFi) testing techniques and other Signals Intelligence.
• Good knowledge of SMShing attacks and supporting infrastructure.

Personal Attributes

• Excellent spoken and written communication skills with strong attention-to-detail and accuracy.
• A passion for security and networks.
• Analytical and problem‑solving skills with a can‑do attitude and the ability to think laterally.
• Self‑motivation with a commitment to continued development.
• Ability to work independently and as part of a team.
• Influencing and negotiation skills with the ability to build relationships at all levels.
• Willingness to learn.

Benefits

• Birthday holiday.
• Discounted Private Medical Insurance.
• Gym Membership.
• VITO days – X2 paid volunteer days.
• Enhanced Family Related Leave Pay.
• Standard Life Salary Sacrifice Pension.
• Social Events.

WorkNest is an equal opportunity employer. We celebrate diversity and are committed to fostering an inclusive environment for all employees.