Herd Security is an agentic AI creative platform built for continuous security training and simulation. Founded in 2025, Herd helps organizations move beyond once-a-year compliance checkboxes, replacing static programs with dynamic curricula that evolve alongside emerging threats without adding operational overhead. Security and GRC teams use the platform as a creative partner to translate practitioner expertise into compelling content and deploy it across the channels employees frequently use, including Slack, Teams, and LMS. When a new threat surfaces, the platform enables organizations to shift from IT tickets or vendor requests to iterative microlessons delivered the same day. This puts the people behind security back at the center, empowering practitioner expertise, making awareness more habitual, and using every interaction to fuel a feedback loop that strengthens the human layer of defense.
Position Overview
We are looking for a Security Content Contractor to help expand and sharpen our training library. Herd's platform is agentic and generative, but it's only as good as the practitioner expertise and source material it learns from. Your work will directly shape what employees at our customers' organizations see, learn, and practice every week. You will translate real-world security knowledge—phishing patterns, social engineering tradecraft, insider threat scenarios, compliance frameworks, emerging threats—into microlessons, simulations, and assessments that are accurate, engaging, and short enough for people to actually finish. This is a role for a security practitioner who can write, or a writer who has spent enough time inside security to think like a practitioner.
This is a contract role with flexible hours. We're open to steady part-time engagements as well as project-based bursts tied to specific content initiatives (e.g., a quarterly release, a new compliance module, a rapid-response lesson on an emerging threat).
What You'll Work On
You will produce original security training content across a range of formats: short-form microlessons designed for Slack and Teams delivery, phishing and smishing simulation scenarios, scenario-based assessments, compliance-aligned modules (SOC 2, HIPAA, PCI, ISO 27001, NIST, etc.), and rapid-response content tied to breaking threats. You'll work closely with the Herd team to understand what the AI content engine can generate on its own versus where human expertise is the differentiator—your job is to focus on the latter. You will also help us build the underlying content frameworks and templates that the platform uses to generate at scale, meaning your best work will be reused and adapted far beyond the lessons you write directly.
Responsibilities
Write original microlessons, scenarios, quizzes, and simulation content across core security awareness topics
Research and develop content on emerging threats (novel phishing patterns, AI-enabled social engineering, new attack vectors) on fast turnarounds
Adapt content for different audiences—engineering teams, finance teams, executives, frontline employees—so the same underlying concept lands differently for different roles
Collaborate with the Herd team to develop content frameworks, templates, and source material that feed the agentic generation engine
Map content to compliance frameworks where relevant, ensuring customers can use Herd to satisfy training requirements auditors actually check
Review AI-generated content for accuracy, tone, and pedagogical quality, and provide feedback that improves future generation
Stay current with the threat landscape and flag topics the library should cover before customers start asking
Required Qualifications
3+ years of experience in security awareness, security operations, GRC, or a closely related practitioner role—you've either built training programs, responded to the incidents the training is about, or both
Demonstrated writing ability: clear, concise, and engaging. Security content is often dry; yours isn't
Deep familiarity with the core security awareness curriculum: phishing, social engineering, credential hygiene, data handling, insider threat, physical security, incident reporting
Ability to translate technical concepts into language that non-technical employees actually understand and remember
Self-directed working style—you can take a brief, research the topic, and return polished content without heavy supervision
Comfort working iteratively with AI tools, including using them to accelerate research, drafting, and variation generation
Preferred Qualifications
Background in instructional design, adult learning, or curriculum development
Experience writing for microlearning formats (Duolingo-style, mobile-first, chat-native)
Familiarity with compliance frameworks (SOC 2, HIPAA, PCI DSS, ISO 27001, NIST CSF, GDPR)
Prior work creating phishing simulation content or running phishing programs
Security certifications (CISSP, Security+, CISM, or equivalent practitioner credentials)
Experience producing content in multiple formats: video scripts, interactive scenarios, written lessons, assessment questions
Familiarity with how LLMs are used in content generation pipelines, including prompt design and evaluation
Engagement Details
Salary: $60,000–$120,000 OTE
Contract rate commensurate with experience and output; open to hourly or per-deliverable structures
Flexible hours; project scopes and timelines agreed on per engagement
Remote work with occasional syncs during US working hours
Potential to expand into a larger or full-time role as the content function grows
Byline or attribution negotiable depending on engagement scope
Logistics
Location: Remote — US Mandatory, California Preferred
Type: Contract (ongoing, project-based engagement with flexible hours)