Own and operate the end-to-end lifecycle of the Microsoft Defender Attack Simulation Training program. This role is responsible for designing realistic phishing simulations, analyzing user behavior at scale, and driving targeted remediation to measurably reduce organizational phishing risk. The position partners closely with IT, HCM, and Security Awareness teams to ensure simulations, reporting, and training are aligned to business and compliance objectives.

Core Technical Skills

• Microsoft Defender for Office 365 (Advanced/Expert)
• Hands‑on experience with Attack Simulation Training.
• Creation of custom payloads (login tease, malware attachment, link based attacks).
• Use of simulation automations and user targeting (e.g., new hires, repeat offenders).
• Understanding of email delivery mechanics to ensure realistic simulations.
• Splunk (Required)
• Ingesting and analyzing Defender/O365 data via Splunk Add‑ons.
• Writing SPL queries for simulation and real‑world phishing analysis.
• Building and maintaining operational and executive dashboards.
• HTML & CSS (Required)
• Ability to modify phishing templates and landing pages.

Professional Skills

• Strong communication and coordination skills across technical and non‑technical teams.
• Ability to manage workstreams, influence stakeholders, and drive outcomes without direct authority.
• Analytical mindset with the ability to translate data into actionable risk insights.

Preferred / Nice-to-Have Skills

• Power BI & Data Visualization
• Building interactive dashboards and risk scorecards.
• Integrating Defender data via OData or Microsoft Graph.
• Python Automation
• Scripting automation for user tagging, reporting, or data extraction.
• Security Awareness or Instructional Design
• Customizing or localizing training content beyond vendor provided materials.

Behavioral & Strategic Competencies

• Global Security Awareness:

Ability to plan simulations across time zones and cultural contexts.

• Instructional Design Mindset:

Focus on behavior change, not just simulation metrics.

• Executive Communication:

Ability to contextualize results (e.g., simulation difficulty vs. click rate) for leadership decision-making.

Phishing Simulation Program Management

• Design, execute, and continuously improve phishing simulation campaigns using Microsoft Defender Attack Simulation Training.
• Develop and maintain phishing templates aligned to current threat trends and real-world attack techniques.
• Launch enterprise-wide simulation campaigns (minimum four simulations per employee annually).
• Correlate simulation outcomes with real-world phishing reports to assess risk reduction and program effectiveness.

Data Analysis & Reporting

• Monitor and analyze phishing simulation data using Splunk; identify anomalies, ingestion issues, and trends.
• Build, maintain, and enhance Splunk dashboards for simulation performance, user behavior, and reporting metrics.
• Produce ad hoc analysis and reporting in response to business, leadership, or compliance requests.
• Own phishing susceptibility metrics and reporting in Power BI for executive and business unit visibility.

Automation & Tool Integration

• Partner with IT and development teams to support data ingestion, automation, and platform reliability.
• Leverage Python and Splunk knowledge (directly or via developers) to resolve data issues and improve automation.
• Validate simulation outcomes using Defender Advanced Hunting where needed.

Phishing Remediation & Training Enablement

• Coordinate with the HCM/Learning team on assignment, delivery, and tracking of phishing remediation training.
• Structure and maintain phishing related training content; obtain and use administrative access where appropriate.
• Collaborate with content creators to develop targeted training based on user risk levels and repeat offender trends.
• Support creation of awareness campaigns, documentation, and communications tied to simulation outcomes.

Cross Functional & Compliance Support

• Partner with security awareness, content, and business teams to deliver ad hoc or recurring campaigns.
• Support regulatory and compliance driven initiatives (e.g., CMMC) by designing targeted simulations and reporting.
• Communicate program results and risk context clearly to technical and non‑technical stakeholders.